PLEASE HELP! THIS PROBLEM HAS BEEN GOING ON FOR A MONTH!

Hi, I have a major problem! I seem to have gotten very badly infected, and nothing I do seems to help! I have a friend who is very good at this, and even doing what he has said so far hasn't helped. I have windows XP, emachines T3418. any other spec info you need just let me know.

Ok here's what has happened:

1. keyboard started acting weird.
2. computer started freezing
3. IE keeps popping up (even now, and I don't have IE anymore)
4. could not open spybot or advanced care.
5. Now I can only run in safe mode.
6. Doesn't recognize some of my drives
7. Cannot hear sound!

Ok, so now I have run a scan with AVG this is what it says:

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.268, engine 8.0.285
Virus Database: Version 270.12.2/2072 2009-04-21

\\?\globalroot\systemroot\system32\UACxotndlto.dll Virus identified Win32/Cryptor
C:\WINDOWS\system32\svchost.exe (428) Virus identified Win32/Cryptor
\\?\globalroot\systemroot\system32\UACxotndlto.dll Virus identified Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\svchost.exe (536) Virus identified Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UACxotndlto.dll Virus identified Win32/Cryptor Object was moved to Virus Vault.
C:\WINDOWS\system32\svchost.exe (576) Virus identified Win32/Cryptor Object was moved to Virus Vault.
\\?\globalroot\systemroot\system32\UACxotndlto.dll Virus identified Win32/Cryptor Object was moved to Virus Vault.
C:\Program Files\Internet Explorer\iexplore.exe (896) Virus identified Win32/Cryptor Object was moved to Virus Vault.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Administrator\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Administrator\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Application Data\Mozilla\Firefox\Profiles\aeum9j4x.default\Cache(2)\1A0CAD09d01 Virus identified Win32/Cryptor.dropper Object was moved to Virus Vault.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\ovfsthxuwriqhpmpo.tmp Trojan horse Dropper.Generic.ALMG Object was moved to Virus Vault.
C:\pagefile.sys Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\pss\ChkDisk.dllStartup Trojan horse BackDoor.Generic11.HAM Object was moved to Virus Vault.
C:\WINDOWS\system32\autochk.dll Trojan horse BackDoor.Generic11.HAM Object was moved to Virus Vault.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\systemprofile\protect.dll Trojan horse BackDoor.Generic11.HAM Object was moved to Virus Vault.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll Trojan horse BackDoor.Generic11.HAM Object was moved to Virus Vault.
C:\WINDOWS\system32\fulewoge.exe Trojan horse BHO.IKM Object was moved to Virus Vault.
C:\WINDOWS\system32\galaduja.dll_old Trojan horse Generic13.HQS Object was moved to Virus Vault.
C:\WINDOWS\system32\jozoyona.dll_old Trojan horse Generic13.GVU Object was moved to Virus Vault.
C:\WINDOWS\system32\ligutafo.dll_old Trojan horse Generic13.EIA Object was moved to Virus Vault.
C:\WINDOWS\system32\nopayopa.dll.tmp Trojan horse SHeur2.ABJI Object was moved to Virus Vault.
C:\WINDOWS\system32\oembios.exe Locked file. Not tested.
C:\WINDOWS\system32\piyuzuju.dll.tmp Trojan horse SHeur2.ABJI Object was moved to Virus Vault.
C:\WINDOWS\system32\poinstall.exe Adware Generic3.KQH Object was moved to Virus Vault.
C:\WINDOWS\system32\rubelupe.dll Trojan horse Generic13.AAZN Object was moved to Virus Vault.
C:\WINDOWS\system32\sysproc64\sysproc32.sys Locked file. Not tested.
C:\WINDOWS\system32\sysproc64\sysproc86.sys Locked file. Not tested.
C:\WINDOWS\system32\tomewope.exe Trojan horse Vundo.GF Object was moved to Virus Vault.
C:\WINDOWS\system32\zomiduvi.dll.tmp Trojan horse SHeur2.ABJI Object was moved to Virus Vault.
C:\WINDOWS\Temp\160.tmp Trojan horse SHeur2.AABJ Object was moved to Virus Vault.
C:\WINDOWS\Temp\msb.dll Trojan horse BackDoor.Generic11.HAM Object was moved to Virus Vault.

------------------------------------------------------------
Objects scanned : 197930
Found infections : 25
Found PUPs : 1
Healed infections : 23
Healed PUPs : 1
Warnings : 0
------------------------------------------------------------


then I restarted my PC, still only allowed to enter Safe Mode I have done a registry clean with SpywareBlaster, MV RegClean 5.9, and CCleaner. All went smoothly except for CCleaner which will not finish its "run cleaner'' it get's to 98% and then stays there, never finishing. Sooo, after doing that restarted my pc...and still only safe mode. Also have a Hijack Report that I did before the AVG scan, so if you need that let me know.

Now before it got this bad I tried to get some help at another forum, that was about a month ago, and have not received any responses...so I beg PLEASE HELP!!!

The AVG report shows all the viruses/trojans that I have. They were saved to the vault even though I told it to '' clean automatically''

if you need any other info. let me know!!!:confused::(:o

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under [b]General and Startup" tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button..
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

4. Download, install, and run HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

(Above layout courtesy of Broni)

hi!! ok, first....THANK YOU FOR SUCH A QUICK RESPONSE!!!! :)

ok, now on to business....starting with the first download...no matter how I try to get to that link, it will not open. Says unknown error?!?!?! ah, lie. I did download it from cnet.com but it will not let me open it, once it's downloaded and I try to run it from there it says "SUPRAnitSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience. Tried changing the name like you said, and now it says that '' the system administrator has set policies to prevent this installation.'' NO I HAVEN'T!!! hehe, soooo....what do I do??

thanks you rock!! :)

Continue on to the next items on the list until you get something that will run. If still no go then try the installs and scans in safe mode.

ok, The only one I was able to download and actually use was the Hijackthis, and that only after changing it's name. I am only able to run in Safe Mode. I cannot get out of safe mode, I have tried.
So here is the report, I did not fix anything just ran the report and saved it:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:11 AM, on 4/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Safari\Safari.exe
C:\DOCUME~1\RAMIRE~1.BIA\LOCALS~1\Temp\Saf30C.tmp\setupxv.exe
C:\DOCUME~1\RAMIRE~1.BIA\LOCALS~1\Temp\7zS30F.tmp\MSIStart.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\DOCUME~1\RAMIRE~1.BIA\LOCALS~1\Temp\Temporary Directory 1 for gmerEN.zip\gmer.exe
C:\DOCUME~1\RAMIRE~1.BIA\LOCALS~1\Temp\Temporary Directory 2 for gmerEN.zip\gmer.exe
C:\DOCUME~1\RAMIRE~1.BIA\LOCALS~1\Temp\Temporary Directory 3 for gmerEN.zip\gmer.exe
C:\DOCUME~1\RAMIRE~1.BIA\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: ********* <removed by="" moderator="" -="" dangerous="" site=""></removed>removed by mod - dangerous site
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\nunupofa.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\mawihisa.dll",a
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-567987002-3058614968-1683713116-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yaponema.dll c:\windows\system32\mawihisa.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mawihisa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mawihisa.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 8429 bytes
Thanks again for your help, hope to hear from you soon!!!

I'm assuming you tried to do a System Restore already and it didn't help matters any. With what you appear to have I doubt it would, but it can't hurt to try if you already haven't done so.

Otherwise, run HJT again, and check the boxes next to the following items:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: www. 150freesms.de
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\nunupofa.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\mawihisa.dll",a
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mawihisa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mawihisa.dll


With your browser window(s) closed, click fix checked. Don't reboot yet.

Navigate to Start | All Programs | Accessories | System Tools | System Restore; on the left side of the System Restore window, click System Restore Settings. In the resulting window, check the box marked Turn Off System Restore on all drives. OK your way out, then reboot. You should be able to rename SuperAntiSypyware and MalwareBytes programs now. If not, repeat the above but try renaming the apps before rebooting.

Make sure you downloaded (saved) the above program installers to your desktop for installation. Trying to install directly from the internet (selecting "run" instead of "save") unpacks the install files in temp folders and they get deleted on reboot. It's too easy to get a corrupted install that way. Once you've installed the program, you need to rename the pertinent .exe files - for example, rename HijackThis from hjt.exe to heyyou.exe. Renaming the folder does nothing. I'm sure you already know this but I'm mentioning it anyhow for the benefit of our lurking viewers.:)

yes i've been trying to do a system restore for a while now, it won't let, that was one of my first signs that something was wrong.

ok, so I redid the scan, but I didn't have these:
O1 - Hosts: www. 150freesms.de
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\nunupofa.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\mawihisa.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mawihisa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mawihisa.dll


but in place of those I found these:
01-Hosts:.0.1 17-plus.com
04-HKLM\..\Run:[2c03aae3] rundll32.exe"C:\WINDOWS\system32\yiyigini.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\firedobo.dll",a
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll

I'm guessing their the same files you wanted me to delete, but I want to make 100% sure before I do it! thanks!!!!

Then you didn't follow the directions I gave you. You did have those entries in your post above (#5) so you must be doing something other than, or in addition to what you were asked to do. Otherwise they'd still be there for removal. If I'm mistaken, I apologize - but I've been through this dozens of times.

Let's start over. Please run a new HJT scan and post its log back here. If you can run the Malwarebytes and SuperAntiSpyware programs, that will be great too. Post all of the logs that you can, and also make sure the SystemRestore is turned off on all drives.:)

hi, maybe I didn't, all i did was open hijack and run a scan again. should I have run the scan w/ save the log instead of just a scan? well I kept it open, and I will send you that one I did, and then do another one again right now, and send that one also...here's the one i did
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:49 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: .0.1 17-plus.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\yiyigini.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\firedobo.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-567987002-3058614968-1683713116-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yaponema.dll c:\windows\system32\firedobo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 8004 bytes




Now, I am going to run another one right this minute and send u the log on that one....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:43 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: .0.1 17-plus.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\yiyigini.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\firedobo.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-567987002-3058614968-1683713116-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yaponema.dll c:\windows\system32\firedobo.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 8004 bytes


the other superspyware and malwarebytes I still cannot open. And I didn't get as far as going into the system restore and turning it off, I was waiting to hear about those files before I deleted them. Really, I appreciate everything!!! thanks!

ladytinkerbell
I apologize for butting in, but when dealing with an infection, it's very important to:
1. Follow all instructions to the "dot".
2. Don't take ANY other steps, than prescribed ones.

that's ok, all advice gladly accepted, but I did follow the instructions....just like I did again. I reread them. He said to do a scan, that's what I did. What changed, I have no clue, my pc's been off since the day before he sent that message. So, If I did something wrong, it was not because I tried to do anything differently. As a matter of fact when I saw the difference I wrote back instead of finishing what it said to do until I got further instructions. So now i'm waiting! :) I can use a pc pretty good, know my way around kinda good...but when it gets into the details of how these things work i'm a lost soul.....*sigh*

Ok, I did follow your directions, and yes you are right the ones you told me to delete were on that report I posted, and the changes I showed you did exist, and now, today I ran another report, and the same files have changed names again. Soo, it's not anything that I am doing. I have not done anything different to my pc. and have not tried to do anything until you updated me.

now the end of the file's name is widinole.dll everything in front of it is the same. So, should I then assume that these are the same files??? and if they keep changing names will I beable to get rid of them???

Simply wait for lgbpop.
He'll help you out.

At this point, you should be able to at least run Malwarebytes and SAS in safe mode if you deleted those entries and disabled System Restore. Doing the latter is important. If you don't do so, the malware re-establishes itself upon the next boot.

Run HJT and delete the following:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: .0.1 17-plus.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\Run: [2c03aae3] rundll32.exe "C:\WINDOWS\system32\yiyigini.dll",b
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\firedobo.dll",a
O20 - AppInit_DLLs: C:\WINDOWS\system32\yaponema.dll c:\windows\system32\firedobo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\firedobo.dll

With your browser(s) closed, click fix checked. (If the names seem to change, look for the gobbledegook names - that's their pattern.) Then disable System Restore on all drives as explained earlier. Then, reboot and see if you can run those renamed MB and SAS programs.

To be honest, if this doesn't get you going you may need to do a Windows reinstall. I used to recommend Combofix but it fell out of favor and I'm not sure it's effective anymore - and I'm rusty myself.:o But, let's see how you do.

ok, it seems, what I thought was obvious wasn't so. I have tried to change the .exe file names, but am unsuccessful, or at least I'm pretty sure I am. Where do I go to change it? I thought it would be in properties, but it seems i'm not so lucky for it to be soo easy. I tried to change it when It was installing, still no go. the orig. file is still the same name. Sooo, hehe, my intelligence is seeming more and more limited! sorry!

The program folders should be in Program Files. Open each folder, find the appropriate .exe file and right-click on it; then select Rename and type in the new "alias" name. Don't forget - the .exe file extension MUST be part of the new file name for the program to run, and any desktop shortcuts with the original name will no longer work. Don't worry about the shortcuts, at any rate - it's not as if you'll be using these programs forever.

ok, for malwarebytes I was able to do it, but for SuperAntiSpyware it won't even let me install it, to change it's .exe file name. so here are the results from malwarebytes:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/30/2009 8:13:05 PM
mbam-log-2009-04-30 (20-13-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102531
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 7
Folders Infected: 2
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bajoduza.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yupofukane (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2f30997f (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: sckcls.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bajoduza.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hetuvigu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugivuteh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jelayube.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebuyalej.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mayosare.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erasoyam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mohasobi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibosahom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuvatatu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utatavun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pinapuwe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewupanip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wibotelo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oletobiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiboduzu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bajoduza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\sckcls.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U7IXOTQF\vsm_free_setup[1].exe (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS30F.tmp\MSIStart.exe (Trojan.SpywareStop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS30F.tmp\MalwareRemovalBot\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS345.tmp\MSIStart.exe (Trojan.SpywareStop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS345.tmp\MalwareRemovalBot\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS346.tmp\MSIStart.exe (Trojan.SpywareStop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS346.tmp\MalwareRemovalBot\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\~nsu.tmp\Au_.exe (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090430-181846-580.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jegohami.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaponema.dll.vir (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yivivaso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zunekehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\VirusRemover2009.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2009.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\widinole.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyufivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kozotifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

I will now re boot my pc, like the instructions say, and well just let me know what else I need to do, Oh by the way again THANK YOU SOOOO MUCH!!! YOU GUYS ROCK!! :)

Capital. Now we're getting somewhere. On reboot, run an HJT scan and post the new log.

Ok, here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:30 PM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: ypot.org
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\bajoduza.dll",a
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\mickeymouse\mickeymouse.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-567987002-3058614968-1683713116-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yaponema.dll c:\windows\system32\bajoduza.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajoduza.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajoduza.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7835 bytes

Still got the Vundo infection. I thought we were getting somewhere, but no big problem. Broni tells me the latest version of Combofix is effective and safe so please follow the following instructions exactly. When you run HJT for the followup scan log, try running in normal mode if possible. PRINT OUT THE FOLLOWING INSTRUCTIONS IF POSSIBLE FOR REFERENCE PURPOSES.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

[COLOR="Blue"]Ok, first I had to do this in safe mode, because that's all my computer let's me get into. So, I did what you told me, and I have to let you know, that my computer is now running NORMALLY!!! combofix restarted my pc and when it turned back on it was functioning on normal. so anyway, I let it do everything it needed to do, here is it's report and the HJT report below it.

HJT report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:38 AM, on 5/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dale chic] C:\DOCUME~1\RAMIRE~1.BIA\APPLIC~1\TYPEFU~1\Compaim.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7477 bytes

ok, that's everything, and again OMG!!! YOU ROCK!!! :) thank you sooo much! EVERYONE I KNOW, IS GOING TO KNOW ABOUT U GUYS...I hope that's ok????

combofix report:

ComboFix 09-05-03.1 - Ramirez 05/04/2009 3:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.115 [GMT -4:00]
Running from: c:\docume~1\RAMIRE~1.BIA\LOCALS~1\Temp\Saf1BF.tmp\ComboFix.exe

Other Deletions

C:\test.txt
c:\windows\abeweweciqusolet.dll
c:\windows\abifetel.dll
c:\windows\adojizuq.dll
c:\windows\adovevukoviker.dll
c:\windows\adurifaduf.dll
c:\windows\aduxoxuxuvijuki.dll
c:\windows\afarizazowemulu.dll
c:\windows\afasojoloni.dll
c:\windows\agoxatabiv.dll
c:\windows\agozuqahivafec.dll
c:\windows\ahekeyibewereco.dll
c:\windows\ahexugesavad.dll
c:\windows\ahomifor.dll
c:\windows\ajolamut.dll
c:\windows\akadufodiziresox.dll
c:\windows\akewesif.dll
c:\windows\akotepopeg.dll
c:\windows\alalukigatek.dll
c:\windows\alanakohodop.dll
c:\windows\alatoyaqogunewuc.dll
c:\windows\aleqijiw.dll
c:\windows\alumiyapa.dll
c:\windows\amokidupa.dll
c:\windows\anodurex.dll
c:\windows\apenesumidini.dll
c:\windows\aporifad.dll
c:\windows\apujifoh.dll
c:\windows\aqikovuviyaki.dll
c:\windows\aradawevevukovik.dll
c:\windows\asacilucip.dll
c:\windows\aseqiqurihik.dll
c:\windows\asovilox.dll
c:\windows\asuhobiqobac.dll
c:\windows\asurosul.dll
c:\windows\atufuqosejefi.dll
c:\windows\avakonej.dll
c:\windows\avesefubemob.dll
c:\windows\avusohahoz.dll
c:\windows\ayawisura.dll
c:\windows\ayotidedug.dll
c:\windows\azazayujupiliyo.dll
c:\windows\bdmsr1.dll
c:\windows\ebotoxicedoj.dll
c:\windows\ebucodaqoxoqirac.dll
c:\windows\edalahetilarej.dll
c:\windows\edepixoxiw.dll
c:\windows\edesutiyayiyohu.dll
c:\windows\efademad.dll
c:\windows\efahifur.dll
c:\windows\efinegifopani.dll
c:\windows\egifigor.dll
c:\windows\ehicitaq.dll
c:\windows\ehivazoveraxifok.dll
c:\windows\ehorutew.dll
c:\windows\ejupabus.dll
c:\windows\ejusovun.dll
c:\windows\ekajubet.dll
c:\windows\emirucatofo.dll
c:\windows\enaxumugeya.dll
c:\windows\eniyasezaxi.dll
c:\windows\enuqucadot.dll
c:\windows\epirubohoja.dll
c:\windows\eqihehuc.dll
c:\windows\equxoxux.dll
c:\windows\erozicifaquza.dll
c:\windows\esidacos.dll
c:\windows\etajiwan.dll
c:\windows\etatowuwuq.dll
c:\windows\evabehav.dll
c:\windows\evoxejoweraxiju.dll
c:\windows\ewijobak.dll
c:\windows\exahumevixipa.dll
c:\windows\eyevuladiwoxewof.dll
c:\windows\eyijowera.dll
c:\windows\ezixukow.dll
c:\windows\ezubalep.dll
c:\windows\ezusuramujoyexa.dll
c:\windows\fglbd40.dll
c:\windows\hecoda.dll
c:\windows\ibirivikikikodu.dll
c:\windows\icidejem.dll
c:\windows\ifawuyaz.dll
c:\windows\igajafec.dll
c:\windows\igatumoyes.dll
c:\windows\ihajetec.dll
c:\windows\ihojocet.dll
c:\windows\ikutegef.dll
c:\windows\ilenanojo.dll
c:\windows\ilinixigotane.dll
c:\windows\ilogohew.dll
c:\windows\ilokuhupotovunik.dll
c:\windows\ilowutilesolasiw.dll
c:\windows\inaubdcl.dll
c:\windows\inifafaw.dll
c:\windows\inucewekifenifi.dll
c:\windows\inuxapiv.dll
c:\windows\ipavilox.dll
c:\windows\ipigurinaz.dll
c:\windows\ipofaxac.dll
c:\windows\iqetalajoqibu.dll
c:\windows\iquwanom.dll
c:\windows\iselezibahaqeve.dll
c:\windows\isepiconihu.dll
c:\windows\isumuqobo.dll
c:\windows\itagohewat.dll
c:\windows\ivemutok.dll
c:\windows\iwemiwok.dll
c:\windows\iwutegef.dll
c:\windows\ixagepuwido.dll
c:\windows\ixifonutulivihan.dll
c:\windows\ixozolocemuva.dll
c:\windows\iyenoqiqurih.dll
c:\windows\iyetatuxofu.dll
c:\windows\izakaxodem.dll
c:\windows\izedecod.dll
c:\windows\jerifo.dll
c:\windows\kbjgrofr.dll
c:\windows\kcpsun.dll
c:\windows\lspaunvc.dll
c:\windows\mgcsnibd.dll
c:\windows\mintoct.dll
c:\windows\msbdur.dll
c:\windows\MSenrol.dll
c:\windows\mspapr.dll
c:\windows\msypcden.dll
c:\windows\ngrckb.dll
c:\windows\ocepopepacu.dll
c:\windows\ocikunod.dll
c:\windows\ocuticab.dll
c:\windows\ofadiyubaderoteg.dll
c:\windows\ofocipis.dll
c:\windows\ohalopoci.dll
c:\windows\ohibohoj.dll
c:\windows\ohimuguxav.dll
c:\windows\ohokejubetovapuz.dll
c:\windows\ojeteted.dll
c:\windows\ojumomigo.dll
c:\windows\okayovup.dll
c:\windows\okebabuyu.dll
c:\windows\okisiboqu.dll
c:\windows\okugonaje.dll
c:\windows\olaroyuy.dll
c:\windows\omuquyiwifapoyo.dll
c:\windows\omuwuxiq.dll
c:\windows\onugegopepubit.dll
c:\windows\onusukinasule.dll
c:\windows\oponihuqajacuqe.dll
c:\windows\oqaguxaboko.dll
c:\windows\oqibuxerugug.dll
c:\windows\oqurugugavopiwam.dll
c:\windows\orekosub.dll
c:\windows\orewawan.dll
c:\windows\osezupijaferocoh.dll
c:\windows\osoyesog.dll
c:\windows\otepukalegeteko.dll
c:\windows\otilosup.dll
c:\windows\otoreheg.dll
c:\windows\otuzurowovoxad.dll
c:\windows\ovetoxicedoj.dll
c:\windows\oxonuqavefogutu.dll
c:\windows\oyajacuqepiconi.dll
c:\windows\oyusohomat.dll
c:\windows\ozesavad.dll
c:\windows\plsacf.dll
c:\windows\pndx32.dll
c:\windows\psklt32.dll
c:\windows\scaxfxp.dll
c:\windows\sevip60.dll
c:\windows\swieso.dll
c:\windows\system32\afopunun.ini
c:\windows\system32\agibesiw.ini
c:\windows\system32\anigawob.ini
c:\windows\system32\dabezoda.dll
c:\windows\system32\delekuwu.dll
c:\windows\system32\drivers\UACklyrucfa.sys
c:\windows\system32\ekilosiw.ini
c:\windows\system32\fajitigo.dll
c:\windows\system32\firedobo.dll
c:\windows\system32\inigiyiy.ini
c:\windows\system32\kofusipo.dll
c:\windows\system32\lahesumo.dll
c:\windows\system32\mawihisa.dll
c:\windows\system32\pimehori.dll
c:\windows\system32\sukeweri.dll
c:\windows\system32\UACalneatev.log
c:\windows\system32\UACcqtvfpyk.dat
c:\windows\system32\UACemrdxbxm.dll
c:\windows\system32\UACompemjyi.dll
c:\windows\system32\UACviqbkhic.dll
c:\windows\system32\UACvjrmkrsa.dll
c:\windows\system32\UACwimyjmqs.log
c:\windows\system32\UACxjyslsfl.log
c:\windows\system32\UACxotndlto.dll
c:\windows\tolrapht.dll
c:\windows\ubabiperewe.dll
c:\windows\ubebiquy.dll
c:\windows\udokakej.dll
c:\windows\ufazekudegem.dll
c:\windows\ufiyudikug.dll
c:\windows\ufuwufil.dll
c:\windows\ugebapuyuq.dll
c:\windows\ugivumej.dll
c:\windows\uhukanujuqodih.dll
c:\windows\ujekoposit.dll
c:\windows\ukebekepem.dll
c:\windows\ulenanojo.dll
c:\windows\umadeduvaka.dll
c:\windows\upalalocupuwow.dll
c:\windows\upaludejemila.dll
c:\windows\upefuhel.dll
c:\windows\upeyixus.dll
c:\windows\upovunebur.dll
c:\windows\uqalulineteriw.dll
c:\windows\uqobalep.dll
c:\windows\uqotigih.dll
c:\windows\urahokofa.dll
c:\windows\urikibofaxacu.dll
c:\windows\urohihehatehi.dll
c:\windows\uroyaqogunew.dll
c:\windows\usaboxagijobake.dll
c:\windows\usiqoboxebodamu.dll
c:\windows\usozacanuver.dll
c:\windows\usulojihumevixi.dll
c:\windows\utakelik.dll
c:\windows\utekekib.dll
c:\windows\utoyucegaqab.dll
c:\windows\utukuyep.dll
c:\windows\uwevohera.dll
c:\windows\uwiroziliz.dll
c:\windows\uwutenim.dll
c:\windows\uxaxanetix.dll
c:\windows\uxowokojegig.dll
c:\windows\uyimowem.dll
c:\windows\uzafezipah.dll
c:\windows\uzazorij.dll
c:\windows\uzoxopaken.dll
c:\windows\uzuvikiki.dll
c:\windows\vipitra.dll
c:\windows\wde3DAD.dll
c:\windows\wdptvs.dll
c:\windows\wetiet25.dll
c:\windows\wiasas.dll
c:\windows\Wintmsn.dll
c:\windows\WMSVXY.dll
c:\windows\wudhprs.dll


Drivers/Services
Service_UACd.sys
Legacy_MYWEBSEARCHSERVICE


Files Created from 2009-04-04 to 2009-05-04

2009-05-04 07:44 . 2009-05-04 07:44 -------- d-----w c:\windows\LastGood
2009-04-30 23:43 . 2009-04-30 23:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Malwarebytes
2009-04-30 22:49 . 2009-04-30 22:53 -------- d-----w c:\program files\mickeymouse
2009-04-27 09:56 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 09:56 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 09:56 . 2009-04-27 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-30 22:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:47 . 2009-04-27 09:47 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\program files\bfgclient
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\CCleaner
2009-04-26 02:45 . 2009-04-26 02:45 -------- d-----w c:\program files\Marcos Velasco Security
2009-04-26 02:43 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-26 02:43 . 2009-04-26 02:43 -------- d-----w c:\program files\SpywareBlaster
2009-04-24 03:51 . 2009-04-26 02:19 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-24 03:21 . 2009-04-26 02:19 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-24 03:16 . 2009-04-26 02:20 -------- d-----w c:\program files\Registry_Cleaner_Pro
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-22 03:31 . 2009-04-22 05:25 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-22 03:27 . 2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 03:27 . 2009-05-04 07:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 03:27 . 2009-05-04 07:47 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 03:27 . 2009-05-04 07:50 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 03:27 . 2009-04-22 03:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVGTOOLBAR
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\program files\AVG
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-22 02:25 . 2009-04-22 02:25 39424 ----a-w c:\documents and settings\Ramirez.BIANCA\FHexEptvkdJ.exe
2009-04-20 11:20 . 2009-04-20 11:20 48128 ----a-w c:\documents and settings\Ramirez.BIANCA\UAcZsZ.exe
2009-04-12 07:13 . 2009-04-12 07:14 -------- dc----w C:\Arquivos de programas
2009-04-10 18:41 . 2009-04-10 18:41 -------- d-----w c:\documents and settings\All Users\Application Data\Mapi Meta Book Bits
2009-04-10 18:41 . 2009-04-10 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-10 18:41 . 2009-04-10 18:41 -------- d-----w c:\program files\type funk camp
2009-04-10 18:41 . 2009-04-10 18:42 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\type funk camp
2009-04-10 18:40 . 2009-04-22 03:57 -------- d-----w c:\program files\Circle Developemnt
2009-04-10 18:40 . 2009-04-10 18:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\program files\QuickTime
2009-04-08 14:32 . 2009-04-08 14:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-05 18:19 . 2009-02-06 22:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-05 16:16 . 2009-04-05 16:16 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-05 01:41 . 2009-04-05 01:41 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\CyberLink
2009-04-05 00:19 . 2009-04-05 00:19 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-05 00:17 . 2009-04-05 00:17 -------- d-----w c:\program files\CyberLink


Find3M Report

2009-05-04 11:00 . 2009-04-10 18:42 282 ---ha-w c:\windows\Tasks\B12423BB9D6BDA47.job
2009-05-04 07:41 . 2004-08-26 18:08 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-30 23:00 . 2009-01-30 23:00 51712 --sha-w c:\windows\system32\sofapohe.exe
2009-04-30 11:01 . 2009-01-30 11:01 52224 --sha-w c:\windows\system32\kosuyapu.exe
2009-04-28 23:00 . 2009-01-28 23:00 51200 --sha-w c:\windows\system32\wuwasomo.exe
2009-04-27 04:00 . 2009-01-27 04:00 51200 --sha-w c:\windows\system32\nugevozi.exe
2009-04-27 01:58 . 2009-01-22 01:42 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-26 16:00 . 2009-01-26 16:00 51712 --sha-w c:\windows\system32\virodufe.exe
2009-04-26 02:58 . 2009-01-26 02:58 50688 --sha-w c:\windows\system32\runiwapa.exe
2009-04-26 02:21 . 2009-01-26 01:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 02:20 . 2009-03-26 01:10 -------- d-----w c:\program files\Ruckus Buck's Dangerous Mines
2009-04-25 03:03 . 2009-01-25 03:03 52224 --sha-w c:\windows\system32\foleleza.exe
2009-04-24 15:03 . 2009-01-24 15:03 51712 --sha-w c:\windows\system32\fulefoze.exe
2009-04-24 03:03 . 2009-01-24 03:03 51200 --sha-w c:\windows\system32\kamisiho.exe
2009-04-22 14:19 . 2009-01-22 14:19 52224 --sha-w c:\windows\system32\tuluferu.exe
2009-04-20 04:33 . 2009-03-26 01:05 420 ----a-w c:\windows\Tasks\ParetoLogic Update Version2.job
2009-04-19 22:00 . 2009-03-26 01:05 446 ----a-w c:\windows\Tasks\ParetoLogic Registration.job
2009-04-15 14:32 . 2009-01-22 00:27 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-08 14:52 . 2009-01-22 00:28 -------- d-----w c:\program files\Safari
2009-04-05 18:19 . 2009-01-22 10:17 -------- d-----w c:\program files\Windows Live
2009-04-05 00:17 . 2009-01-22 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 19:12 . 2009-04-03 19:12 -------- d-----w c:\program files\Venice Mystery
2009-04-03 01:24 . 2009-01-23 00:26 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-03 00:48 . 2009-04-03 00:48 -------- d-----w c:\program files\SilverCreekCommonFiles
2009-04-03 00:32 . 2009-01-23 00:26 -------- d-----w c:\program files\World of Warcraft
2009-04-02 23:24 . 2009-04-02 22:54 -------- d-----w c:\program files\SweetIM
2009-04-02 23:13 . 2009-04-02 23:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\shARES
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\Conduit
2009-04-02 22:55 . 2009-02-28 21:18 -------- d-----w c:\program files\Mozilla Firefox(2)
2009-04-02 22:55 . 2009-03-17 14:39 -------- d-----w c:\program files\Mozilla Firefox(3)
2009-04-02 22:54 . 2009-03-21 02:11 -------- d-----w c:\program files\DivX
2009-04-02 22:54 . 2009-03-30 21:35 -------- d-----w c:\program files\Chocolatier 2 - Secret Ingredients
2009-04-02 22:52 . 2009-04-02 22:15 -------- d-----w c:\program files\PremierOpinion(2)
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll


Reg Loading Points

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"dale chic"="c:\docume~1\RAMIRE~1.BIA\APPLIC~1\TYPEFU~1\Compaim.exe" [2009-04-10 589824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-22 1932568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.lnk]
backup=c:\windows\pss\ChkDisk.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2c03aae3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Applicationedc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
"WmiApSrv"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"spupdsvc"=2 (0x2)
"Spooler"=2 (0x2)
"SNMPTRAP"=3 (0x3)
"SNMP"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"seclogon"=2 (0x2)
"SeaPort"=2 (0x2)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LVCOMSer"=2 (0x2)
"fsssvc"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"cisvc"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 nfcepcb;nfcepcb; [x]
R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-01-07 26144]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-04 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-04 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-22 298264]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 WUSB300NSvc;WUSB300NSvc; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - AudioSrv
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LVPrcSrv
*Deregistered* - LVSrvLauncher
*Deregistered* - Netman
*Deregistered* - NVSvc
*Deregistered* - RpcSs
*Deregistered* - Schedule
*Deregistered* - SharedAccess
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB300NSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-04 c:\windows\Tasks\B12423BB9D6BDA47.job
- c:\docume~1\ramire~1.bia\applic~1\typefu~1\Size balm okay.exe [2009-04-10 18:41]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZNman000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Ramirez.BIANCA\Application Data\Mozilla\Firefox\Profiles\nswmlzaa.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 07:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3812)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys\WUSB300N\WLService.exe
c:\program files\AVG\AVG8\avgrsx.exe.old
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe

Completion time: 2009-05-04 7:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 11:36

Pre-Run: 129,845,981,184 bytes free
Post-Run: 129,305,616,384 bytes free

I don't understand. If your computer was clean, it wouldn't prevent you from running HJT in normal mode instead of safe mode. Also, when saved to your desktop and installed from there, Combofix doesn't run from a temp file. I think you clicked Open instead of Save when given the option. Not good - if your settings are such that temp files are deleted upon reboot, your backup files may be gone.

Please run both programs again. Run Combofix first - AFTER SAVING THE INSTALLER TO YOUR DESKTOP, double-click on it to install it. Do not run HJT until after Combofix has finished. When you run HJT, please be operating in normal mode. Post both logs here when done, the Combofix log first.

ok, here is half of the combofix fix report:

ComboFix 09-05-05.03 - Ramirez 05/05/2009 18:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.80 [GMT -4:00]
Running from: c:\documents and settings\Ramirez.BIANCA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\system32\sofapohe.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 07:02 . 2004-08-04 19:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-30 23:43 . 2009-04-30 23:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Malwarebytes
2009-04-30 22:49 . 2009-04-30 22:53 -------- d-----w c:\program files\mickeymouse
2009-04-27 09:56 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 09:56 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 09:56 . 2009-04-27 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-30 22:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:47 . 2009-04-27 09:47 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\program files\bfgclient
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\CCleaner
2009-04-26 02:45 . 2009-04-26 02:45 -------- d-----w c:\program files\Marcos Velasco Security
2009-04-26 02:43 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-26 02:43 . 2009-04-26 02:43 -------- d-----w c:\program files\SpywareBlaster
2009-04-24 03:51 . 2009-04-26 02:19 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-24 03:21 . 2009-04-26 02:19 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-24 03:16 . 2009-04-26 02:20 -------- d-----w c:\program files\Registry_Cleaner_Pro
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-22 03:31 . 2009-05-05 16:31 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-22 03:27 . 2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 03:27 . 2009-05-04 07:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 03:27 . 2009-05-04 07:47 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 03:27 . 2009-05-05 21:48 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 03:27 . 2009-04-22 03:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVGTOOLBAR
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\program files\AVG
2009-04-22 03:27 . 2009-05-05 22:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-12 07:13 . 2009-04-12 07:14 -------- dc----w C:\Arquivos de programas
2009-04-10 18:41 . 2009-05-05 22:45 -------- d-----w c:\documents and settings\All Users\Application Data\Mapi Meta Book Bits
2009-04-10 18:41 . 2009-04-10 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-10 18:41 . 2009-04-10 18:41 -------- d-----w c:\program files\type funk camp
2009-04-10 18:41 . 2009-05-05 16:08 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\type funk camp
2009-04-10 18:40 . 2009-04-22 03:57 -------- d-----w c:\program files\Circle Developemnt
2009-04-10 18:40 . 2009-04-10 18:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\program files\QuickTime
2009-04-08 14:32 . 2009-04-08 14:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 01:58 . 2009-01-22 01:42 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-26 02:21 . 2009-01-26 01:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 02:20 . 2009-03-26 01:10 -------- d-----w c:\program files\Ruckus Buck's Dangerous Mines
2009-04-08 14:52 . 2009-01-22 00:28 -------- d-----w c:\program files\Safari
2009-04-05 18:19 . 2009-01-22 10:17 -------- d-----w c:\program files\Windows Live
2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-05 00:17 . 2009-01-22 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 00:17 . 2009-04-05 00:17 -------- d-----w c:\program files\CyberLink
2009-04-03 19:12 . 2009-04-03 19:12 -------- d-----w c:\program files\Venice Mystery
2009-04-03 01:24 . 2009-01-23 00:26 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-03 00:48 . 2009-04-03 00:48 -------- d-----w c:\program files\SilverCreekCommonFiles
2009-04-03 00:32 . 2009-01-23 00:26 -------- d-----w c:\program files\World of Warcraft
2009-04-02 23:24 . 2009-04-02 22:54 -------- d-----w c:\program files\SweetIM
2009-04-02 23:13 . 2009-04-02 23:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\shARES
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\Conduit
2009-04-02 22:55 . 2009-02-28 21:18 -------- d-----w c:\program files\Mozilla Firefox(2)
2009-04-02 22:55 . 2009-03-17 14:39 -------- d-----w c:\program files\Mozilla Firefox(3)
2009-04-02 22:54 . 2009-03-21 02:11 -------- d-----w c:\program files\DivX
2009-04-02 22:54 . 2009-03-30 21:35 -------- d-----w c:\program files\Chocolatier 2 - Secret Ingredients
2009-04-02 22:52 . 2009-04-02 22:15 -------- d-----w c:\program files\PremierOpinion(2)
2009-03-06 14:44 . 2009-01-22 01:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2009-04-02 23:16 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2009-01-22 01:01 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2009-01-22 01:01 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2009-01-22 01:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2009-01-22 01:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2009-01-22 00:57 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2009-01-22 01:01 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 22:08 . 2009-04-05 18:19 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 17:24 . 2009-01-22 01:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2009-01-22 01:01 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2009-01-22 01:01 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2009-01-22 01:04 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
.

[COLOR="Blue"]ok, now here is more of the combofix report:/COLOR]

((((((((((((((((((((((((((((( SnapShot@2009-05-04_11.32.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-05 22:50 . 2009-05-05 22:50 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
+ 2009-05-05 22:46 . 2009-05-05 22:46 16384 c:\windows\Temp\Perflib_Perfdata_348.dat
+ 2009-05-05 22:51 . 2009-05-05 22:51 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
- 2009-01-22 01:01 . 2004-08-04 19:00 55808 c:\windows\system32\secur32.dll
+ 2009-01-22 01:01 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 39424 c:\windows\system32\pngfilt.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
- 2004-08-26 16:12 . 2009-05-04 07:46 61410 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2009-05-05 22:46 61410 c:\windows\system32\perfc009.dat
+ 2009-01-22 01:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2009-01-22 01:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
- 2009-01-22 01:00 . 2004-08-04 19:00 58880 c:\windows\system32\msdtclog.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 16384 c:\windows\system32\jsproxy.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 96256 c:\windows\system32\inseng.dll
- 2004-08-26 10:54 . 2009-01-23 09:01 93480 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-26 10:54 . 2009-05-05 07:10 93480 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-22 00:59 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 55808 c:\windows\system32\extmgr.dll
+ 2009-01-22 01:01 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2009-01-22 01:01 . 2004-08-04 19:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2009-01-22 01:01 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2009-01-22 01:01 . 2008-10-16 10:37 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2009-01-22 01:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2009-01-22 01:00 . 2004-08-04 19:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
- 2009-04-02 23:16 . 2004-08-04 19:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-04-02 23:16 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-01-22 00:59 . 2008-10-15 09:45 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-01-22 00:59 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2009-01-22 00:59 . 2008-10-16 10:37 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-16 10:21 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
+ 2006-10-16 10:21 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
- 2009-01-22 01:01 . 2004-08-04 19:00 351232 c:\windows\system32\winhttp.dll
+ 2009-01-22 01:01 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2009-01-22 01:01 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-01-22 01:01 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-01-22 00:59 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 474112 c:\windows\system32\shlwapi.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2009-01-22 01:01 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2009-01-22 01:01 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2004-08-26 16:12 . 2009-05-05 22:46 397448 c:\windows\system32\perfh009.dat
- 2004-08-26 16:12 . 2009-05-04 07:46 397448 c:\windows\system32\perfh009.dat
- 2009-01-22 01:00 . 2008-10-16 10:37 532480 c:\windows\system32\mstime.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 146432 c:\windows\system32\msrating.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 449024 c:\windows\system32\mshtmled.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2009-01-22 00:59 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 251392 c:\windows\system32\iepeers.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 205312 c:\windows\system32\dxtrans.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 357888 c:\windows\system32\dxtmsft.dll
+ 2009-01-22 01:01 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2009-01-22 01:01 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-01-22 01:01 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 659456 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-22 01:01 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2009-01-22 01:01 . 2004-08-04 19:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-22 01:01 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2009-01-22 01:01 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-01-22 01:01 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-01-22 01:01 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2009-01-22 01:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2009-01-22 01:00 . 2004-08-04 19:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-26 16:12 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 532480 c:\windows\system32\dllcache\mstime.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-01-22 01:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-01-22 00:59 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-22 00:59 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2009-01-22 00:57 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2009-01-22 00:57 . 2004-08-04 19:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 151040 c:\windows\system32\cdfview.dll
+ 2009-01-22 01:01 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2009-01-22 01:01 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
+ 2009-01-22 01:01 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2009-01-22 01:01 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2009-01-22 01:01 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
+ 2009-01-22 01:01 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2009-01-22 01:01 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
- 2009-01-22 01:01 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2009-01-22 01:01 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
- 2009-01-22 01:01 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-22 01:01 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-23 07:00 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-01-23 06:59 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-23 06:59 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-23 06:59 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-23 06:59 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-23 07:00 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-23 07:00 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-22 01:00 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1054208 c:\windows\system32\dllcache\danim.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1054208 c:\windows\system32\danim.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1023488 c:\windows\system32\browseui.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-22 01:01 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2009-01-22 01:01 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-13 882176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-01-11 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.lnk]
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/21/2009 11:27 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/21/2009 11:27 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/21/2009 11:27 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/21/2009 11:27 PM 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/5/2009 2:19 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [1/22/2009 2:39 AM 53307]
S0 nfcepcb;nfcepcb;c:\windows\system32\drivers\qpaz.sys --> c:\windows\system32\drivers\qpaz.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

ok, and the last of the combofix report:
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-dale chic - c:\docume~1\RAMIRE~1.BIA\APPLIC~1\TYPEFU~1\Compaim.exe
HKLM-Run-yupofukane - c:\windows\system32\fiboduzu.dll
HKLM-Run-CPM2f30997f - c:\windows\system32\meyufivi.dll
HKLM-Run-BOOK BITS GRID FORD - c:\documents and settings\All Users\Application Data\Mapi Meta Book Bits\poll trust.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZNman000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Ramirez.BIANCA\Application Data\Mozilla\Firefox\Profiles\nswmlzaa.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7872)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\snmp.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-05-05 18:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-05 22:57
ComboFix2.txt 2009-05-04 11:36

Pre-Run: 128,984,944,640 bytes free
Post-Run: 128,983,281,664 bytes free

373 --- E O F --- 2009-05-05 07:03

and here is the HJT report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:29 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 8670 bytes

Good work - your computer's looking better now. You have a couple of folders I'm curious about, though. To be more precise, I'm curious about what created them. Please go to Control Panel | Folder Options and, under the View tab:

• Check the radio button next to Show hidden files and folders
• Uncheck Hide protected operating system files (recommended)

Click Apply and OK your way out.

Next, go to the two locations below and let me know the properties of these two folders:

1. C:\Program Files\type funk camp
2. C:\Documents and Settings\Ramirez.BIANCA\Application Data\type funk camp

Anything you can find, like the company that created them, when, file size, etc. will help. If there are a lot of files in the folders, let me know that as well. Depending on what you find out, we may remove them as well.

Other thing you can do for now is go to Control Panel | Add/Remove Programs and uninstall all those registry cleaners I saw listed (Eusing Free Registry Cleaner, Free Window Registry Repair, Registry Cleaner Pro, etc.). That will unclutter your machine a bit.

Ok, first, the answer to your curiosity.....
In the properties for the first one it says....
GENERAL TAB

TYPE: File Folder
LOCATION: C:\Program Files
SIZE: 0 bytes
SIZE ON DISK: 0 bytes
CONTAINS: 0 Files. 0 Folders
CREATED: Friday, April 10, 2009, 2:41:21 PM

Other than that, couldn't get any other info, but for sure, I didn't create that file (not on purpose) so not sure where it came from. Do you need me to scan it???

OK, on to the second one....
well as it so happens I can't find that one???? I went through my computer, to docs and settings to Ramirez.BIANCA and the only files in here are:
COOKIES
DESKTOP
FAVORITES
MY DOCUMENTS
START MENU
TRACING
USERDATA
WINDOWS
NTUSER

so I went to search and searched first the whole file address you gave me, and came up with nothing, and then did a search with only "type funk camp"and still got nothing...what does that mean?????

ok, and I have uninstalled all of those reg. cleaners. Now all I have left are Mayware bytes and Hijack this and AVG.....are there any others I should have??

I ALSO JUST WANTED TO SAY, THANK YOU SOOOOO MUCH! HEHE, I KNOW I SAY IT LIKE A MILLION TIMES, BUT REALLY I AM BEYOND GRATEFUL!!!

so, now what? lol:D

In order to see C:\Documents and Settings\Ramirez.BIANCA\Application Data you have to follow the two steps I mentioned for showing hidden files. Please go back and make sure you unhide all hidden folders, then try the second one again.

While you're at it, upload the following folder to Jotti's VirusScan and post the results here:

c:\windows\system32\drivers\qpaz.sys

OK, oops, I thought I had checked it, but hadn't...so this file says:

GENERAL TAB

TYPE: File Folder
LOCATION: C:\Documents and Settings\Ramirez.BIANCA\Applicati
SIZE: 1.03 KB (1,06 bytes)
SIZE ON DISK: 4.00 KB (4,096 bytes)
CONTAINS: 1 Files, 0 Folders
CREATED: Friday, April 10, 2009, 2:41:20 PM

the file it contains says:

GENERAL TAB

TYPE: System File
DESCRIPTION: 0
LOCATION: C:\Documents and Settings\Ramirez.BIANCA\App
SIZE: 1.03KB (1,060 bytes)
SIZE ON DISK: 4.00 KB (4,096 bytes)
CREATED: Friday, April 10, 2009, 2:42:01 PM
MODIFIED: Friday, April 10, 2009, 2:42:01 PM
ACCESSED: Today, May 07, 2009, 9:56:01 PM


ok I went to the site u told me this is the scan on the file above:

Service load:
0% 100%
File: 0
Status:
OK
MD5: 0f0e211e0dde666093e915a3fdf8fee4
Packers detected:
-


Scanner results
Scan taken on 08 May 2009 02:04:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Ok, well that's it, let me know what else u need! I have to say this has been one of the most incredible learning experiences I have ever had, and in doing so, I have a few questions, but they can wait until after this is done....THANKS!!!!!:D

OK, then. Go ahead and navigate to those two folders (C:\Program Files\type funk camp and C:\Documents and Settings\Ramirez.BIANCA\Application Data\type funk camp) and right-click-and delete them; qpaz.sys doesn't seem to be a nasty so you may as well let it be for now.

When you're done with that, let's see one more Combofix scan log and then an HJT scan log. Just a few loose ends to tidy up and we should be done.:)

ok, sorry for the delay. Here is the combofix log report:


ComboFix 09-05-13.02 - Ramirez 05/13/2009 19:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.106 [GMT -4:00]
Running from: c:\documents and settings\Ramirez.BIANCA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 03:58 . 2009-05-13 03:58 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVS4YOU
2009-05-13 03:58 . 2009-05-13 03:58 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-13 03:57 . 2009-05-13 03:58 -------- d-----w c:\program files\Common Files\AVSMedia
2009-05-13 03:57 . 2009-01-29 00:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-05-13 03:57 . 2009-01-29 00:49 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-05-13 03:57 . 2009-01-29 00:49 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-05-13 03:57 . 2009-01-29 00:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-05-13 03:57 . 2009-01-29 00:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-05-13 03:57 . 2009-05-13 03:58 -------- d-----w c:\program files\AVS4YOU
2009-05-10 03:37 . 2009-05-10 03:37 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\MySpace
2009-05-10 03:37 . 2009-05-10 03:37 -------- d-----w c:\program files\MySpace
2009-05-05 07:02 . 2004-08-04 19:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-30 23:43 . 2009-04-30 23:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-27 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-30 22:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:47 . 2009-04-27 09:47 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\Yahoo!
2009-04-26 02:43 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-24 03:21 . 2009-04-26 02:19 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-22 03:31 . 2009-05-09 16:34 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-22 03:27 . 2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 03:27 . 2009-05-04 07:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 03:27 . 2009-05-04 07:47 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 03:27 . 2009-05-13 21:12 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 03:27 . 2009-04-22 03:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVGTOOLBAR
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\program files\AVG
2009-04-22 03:27 . 2009-05-05 22:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 22:05 . 2009-01-22 00:28 -------- d-----w c:\program files\Safari
2009-04-27 01:58 . 2009-01-22 01:42 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-22 03:57 . 2009-04-10 18:40 -------- d-----w c:\program files\Circle Developemnt
2009-04-10 18:40 . 2009-04-10 18:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\program files\QuickTime
2009-04-05 18:19 . 2009-01-22 10:17 -------- d-----w c:\program files\Windows Live
2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-05 00:17 . 2009-01-22 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 00:17 . 2009-04-05 00:17 -------- d-----w c:\program files\CyberLink
2009-04-03 19:12 . 2009-04-03 19:12 -------- d-----w c:\program files\Venice Mystery
2009-04-03 01:24 . 2009-01-23 00:26 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-03 00:32 . 2009-01-23 00:26 -------- d-----w c:\program files\World of Warcraft
2009-04-02 23:13 . 2009-04-02 23:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\shARES
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\Conduit
2009-04-02 22:54 . 2009-03-21 02:11 -------- d-----w c:\program files\DivX
2009-04-02 22:54 . 2009-03-30 21:35 -------- d-----w c:\program files\Chocolatier 2 - Secret Ingredients
2009-04-02 22:52 . 2009-04-02 22:15 -------- d-----w c:\program files\PremierOpinion(2)
2009-03-06 14:44 . 2009-01-22 01:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2009-04-02 23:16 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2009-01-22 01:01 659456 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-05-05_22.51.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-13 23:40 . 2009-05-13 23:40 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat
+ 2009-05-13 23:40 . 2009-05-13 23:40 16384 c:\windows\Temp\Perflib_Perfdata_4e0.dat
+ 2009-05-13 05:02 . 2009-05-13 05:02 16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat
+ 2009-05-13 22:06 . 2009-05-13 22:06 307200 c:\windows\Installer\{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}\SafariIco.exe
+ 2009-05-08 01:48 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9c905b42-976e-43c1-bc30-fc5937017909}"= "c:\program files\shARES\tbshAR.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{9c905b42-976e-43c1-bc30-fc5937017909}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-13 882176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.lnk]
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"&#37;windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/21/2009 11:27 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/21/2009 11:27 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/21/2009 11:27 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/21/2009 11:27 PM 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/5/2009 2:19 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [1/22/2009 2:39 AM 53307]
S0 nfcepcb;nfcepcb;c:\windows\system32\drivers\qpaz.sys --> c:\windows\system32\drivers\qpaz.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZNman000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Ramirez.BIANCA\Application Data\Mozilla\Firefox\Profiles\nswmlzaa.default\
FF - prefs.js: browser.search.selectedEngine - MySpace.com
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 19:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7488)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\snmp.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-13 19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-13 23:46
ComboFix2.txt 2009-05-05 22:57
ComboFix3.txt 2009-05-04 11:36

Pre-Run: 128,233,406,464 bytes free
Post-Run: 128,327,565,312 bytes free

229 --- E O F --- 2009-05-13 04:06

and here is the hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:14 PM, on 5/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7706 bytes