Solve : **STILL HAVING PROBLEMS, PLEASE HELP!!**?

1.	Solve : STILL HAVING PROBLEMS, PLEASE HELP!!?
Answer» Piece of crap still won't work. Can't do anything in safe mode. The minute I try to type something in that line after I hit run the piece of crap freezes up. Now what? Sorry, I've just been at this about 12-16 hours a day for the last 2 weeks, and I'm ready to give up. This things been a total pile of junk since I got it, I should have sued the idiot that sold it to me. Does any of this have to do with the huge "system 32" file that now magically opens up when I boot up? That never happened before, and none of the crap that's in that file is mine. I'm sure it's taking up 90% of what little memory or whatever that I have. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. For Windows XP Systems install the Recovery Console: - If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes*. - If for some reason your Internet is not working click No. - If you are not using Windows XP, you will not be prompted. - When prompted to accept the EULA click OK. - Accept Microsoft's EULA (Click Yes). - When you are told that the RC is installed correctly click YES* to continue scanning for malware. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. *Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Here are the logs you asked for. The first is part of ComboFix, I had to post it in two different posts because it is so long. HIJACK This follows. Thanks!! ComboFix 08-12-07.04 - Christopher Apostle 2008-12-10 0:00:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351 [GMT -7:00] Running from: c:\documents and settings\Christopher Apostle\Desktop\ComboFix.exe Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Common Files\uninstall information c:\program files\Need2Find c:\program files\Need2Find\bar\History\search c:\program files\Need2Find\bar\Settings\settings.dat c:\program files\Need2Find\bar\Settings\settings.htm c:\windows\system32\cache329 c:\windows\system32\cache329\B_134000.htm c:\windows\system32\cache329\B_329_0_0_105300.htm c:\windows\system32\cache329\B_329_0_0_106800.htm c:\windows\system32\cache329\B_329_0_0_107400.htm c:\windows\system32\cache329\B_329_0_0_446700.htm c:\windows\system32\cache329\B_329_0_0_446800.htm c:\windows\system32\cache329\B_329_0_0_446900.htm c:\windows\system32\cache329\B_329_1_0_449200.gif c:\windows\system32\cache329\B_329_1_0_449200.htm c:\windows\system32\cache329\B_329_1_0_449600.gif c:\windows\system32\cache329\B_329_1_0_449600.htm c:\windows\system32\cache329\B_329_1_0_454300.gif c:\windows\system32\cache329\B_329_1_0_454300.htm c:\windows\system32\cache329\B_329_2_0_105300.htm c:\windows\system32\cache329\B_329_2_0_106800.htm c:\windows\system32\cache329\B_329_2_0_107400.htm c:\windows\system32\cache329\B_329_2_0_446700.htm c:\windows\system32\cache329\B_329_2_0_446800.htm c:\windows\system32\cache329\B_329_2_0_446900.htm c:\windows\system32\cache329\B_329_3_0_105300.htm c:\windows\system32\cache329\B_329_3_0_106800.htm c:\windows\system32\cache329\B_329_3_0_107400.htm c:\windows\system32\cache329\B_329_3_0_446700.htm c:\windows\system32\cache329\B_329_3_0_446800.htm c:\windows\system32\cache329\B_329_3_0_446900.htm c:\windows\system32\cache329\B_329_4_0_111600.htm c:\windows\system32\cache329\B_329_4_0_152400.htm c:\windows\system32\cache329\B_329_4_0_155300.htm c:\windows\system32\cache329\B_329_4_0_164100.htm c:\windows\system32\cache329\B_329_4_0_448200.htm c:\windows\system32\cache329\B_329_4_0_448300.htm c:\windows\system32\cache329\B_329_4_0_453400.htm c:\windows\system32\cache329\t_B_134000.htm c:\windows\system32\cache329\t_B_329_0_0_105300.htm c:\windows\system32\cache329\t_B_329_0_0_106800.htm c:\windows\system32\cache329\t_B_329_0_0_107400.htm c:\windows\system32\cache329\t_B_329_0_0_446700.htm c:\windows\system32\cache329\t_B_329_0_0_446800.htm c:\windows\system32\cache329\t_B_329_0_0_446900.htm c:\windows\system32\cache329\t_B_329_1_0_449200.htm c:\windows\system32\cache329\t_B_329_1_0_449600.htm c:\windows\system32\cache329\t_B_329_1_0_454300.htm c:\windows\system32\cache329\t_B_329_2_0_105300.htm c:\windows\system32\cache329\t_B_329_2_0_106800.htm c:\windows\system32\cache329\t_B_329_2_0_107400.htm c:\windows\system32\cache329\t_B_329_2_0_446700.htm c:\windows\system32\cache329\t_B_329_2_0_446800.htm c:\windows\system32\cache329\t_B_329_2_0_446900.htm c:\windows\system32\cache329\t_B_329_3_0_105300.htm c:\windows\system32\cache329\t_B_329_3_0_106800.htm c:\windows\system32\cache329\t_B_329_3_0_107400.htm c:\windows\system32\cache329\t_B_329_3_0_446700.htm c:\windows\system32\cache329\t_B_329_3_0_446800.htm c:\windows\system32\cache329\t_B_329_3_0_446900.htm c:\windows\system32\cache329\t_B_329_4_0_111600.htm c:\windows\system32\cache329\t_B_329_4_0_152400.htm c:\windows\system32\cache329\t_B_329_4_0_155300.htm c:\windows\system32\cache329\t_B_329_4_0_164100.htm c:\windows\system32\cache329\t_B_329_4_0_448200.htm c:\windows\system32\cache329\t_B_329_4_0_448300.htm c:\windows\system32\cache329\t_B_329_4_0_453400.htm c:\windows\system32\elikabut.ini c:\windows\system32\ezimelet.ini c:\windows\system32\irezasos.ini c:\windows\system32\iyimogov.ini c:\windows\system32\mudagisi.dll c:\windows\system32\upiyedef.ini . ((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 ))))))))))))))))))))))))))))))) . 2008-12-07 21:49 . 2008-11-06 02:03d--------C:\SDFix 2008-12-04 19:29 . 2008-04-13 18:12116,224--a------c:\windows\SYSTEM32\DLLCACHE\xrxwiadr.dll 2008-12-04 19:29 . 2001-08-17 22:3727,648--a------c:\windows\SYSTEM32\DLLCACHE\xrxftplt.exe 2008-12-04 19:29 . 2001-08-17 22:3623,040--a------c:\windows\SYSTEM32\DLLCACHE\xrxwbtmp.dll 2008-12-04 19:29 . 2008-04-13 18:1218,944--a------c:\windows\SYSTEM32\DLLCACHE\xrxscnui.dll 2008-12-04 19:29 . 2001-08-17 22:374,608--a------c:\windows\SYSTEM32\DLLCACHE\xrxflnch.exe 2008-12-04 19:28 . 2001-08-17 13:28771,581--a------c:\windows\SYSTEM32\DLLCACHE\winacisa.sys 2008-12-04 19:28 . 2002-08-28 20:59154,624--a------c:\windows\SYSTEM32\DLLCACHE\wlluc48.sys 2008-12-04 19:28 . 2001-08-17 22:3799,865--a------c:\windows\SYSTEM32\DLLCACHE\xlog.exe 2008-12-04 19:28 . 2001-08-17 22:3687,040--a------c:\windows\SYSTEM32\DLLCACHE\wiafbdrv.dll 2008-12-04 19:28 . 2001-08-17 22:3653,760--a------c:\windows\SYSTEM32\DLLCACHE\wiamsmud.dll 2008-12-04 19:28 . 2002-08-29 03:0041,600--a------c:\windows\SYSTEM32\DLLCACHE\weitekp9.dll 2008-12-04 19:28 . 2001-08-17 12:1234,890--a------c:\windows\SYSTEM32\DLLCACHE\wlandrv2.sys 2008-12-04 19:28 . 2002-08-29 03:0031,232--a------c:\windows\SYSTEM32\DLLCACHE\weitekp9.sys 2008-12-04 19:28 . 2001-08-17 12:1116,970--a------c:\windows\SYSTEM32\DLLCACHE\xem336n5.sys 2008-12-04 19:28 . 2008-04-13 12:368,832--a------c:\windows\SYSTEM32\DLLCACHE\wmiacpi.sys 2008-12-04 19:28 . 2008-04-13 18:128,192--a------c:\windows\SYSTEM32\DLLCACHE\wshirda.dll 2008-12-04 19:26 . 2001-08-17 12:18285,760--a------c:\windows\SYSTEM32\DLLCACHE\stlnata.sys 2008-12-04 19:25 . 2001-08-17 22:36495,616--a------c:\windows\SYSTEM32\DLLCACHE\sblfx.dll 2008-12-04 19:24 . 2001-08-17 13:28899,146--a------c:\windows\SYSTEM32\DLLCACHE\r2mdkxga.sys 2008-12-04 19:23 . 2008-08-14 02:332,023,936--a------c:\windows\SYSTEM32\DLLCACHE\OLD3DE.tmp 2008-12-04 19:22 . 2002-08-28 20:59132,695--a------c:\windows\SYSTEM32\DLLCACHE\netwlan5.sys 2008-12-04 19:21 . 2001-08-17 13:28802,683--a------c:\windows\SYSTEM32\DLLCACHE\ltsm.sys 2008-12-04 19:20 . 2008-04-13 18:11253,952--a------c:\windows\SYSTEM32\DLLCACHE\kdsusd.dll 2008-12-04 19:19 . 2001-08-17 13:28542,879--a------c:\windows\SYSTEM32\DLLCACHE\hsf_msft.sys 2008-12-04 19:18 . 2001-08-17 14:561,733,120--a------c:\windows\SYSTEM32\DLLCACHE\g400d.dll 2008-12-04 19:17 . 2001-08-17 12:14952,007--a------c:\windows\SYSTEM32\DLLCACHE\diwan.sys 2008-12-04 19:16 . 2001-08-17 22:36614,429--a------c:\windows\SYSTEM32\DLLCACHE\digiview.exe 2008-12-04 19:15 . 2001-08-17 12:13980,034--a------c:\windows\SYSTEM32\DLLCACHE\cicap.sys 2008-12-04 19:14 . 2001-08-17 13:28871,388--a------c:\windows\SYSTEM32\DLLCACHE\bcmdm.sys 2008-12-04 19:13 . 2001-08-17 12:19747,392--a------c:\windows\SYSTEM32\DLLCACHE\adm8830.sys 2008-12-04 19:12 . 2008-08-14 03:092,145,280--a------c:\windows\SYSTEM32\DLLCACHE\OLD2B.tmp 2008-12-04 19:12 . 2001-08-17 13:28762,780--a------c:\windows\SYSTEM32\DLLCACHE\3cwmcru.sys 2008-12-04 19:12 . 2001-08-17 14:55689,216--a------c:\windows\SYSTEM32\DLLCACHE\3dfxvs.dll 2008-12-04 19:12 . 2001-08-17 12:48148,352--a------c:\windows\SYSTEM32\DLLCACHE\3dfxvsm.sys 2008-12-04 19:12 . 2001-08-17 14:5666,048--a------c:\windows\SYSTEM32\DLLCACHE\s3legacy.dll 2008-12-04 19:12 . 2008-04-13 12:4653,376--a------c:\windows\SYSTEM32\DLLCACHE\1394bus.sys 2008-12-04 19:12 . 2008-04-13 12:4012,288--a------c:\windows\SYSTEM32\DLLCACHE\4mmdat.sys 2008-12-04 19:12 . 2001-08-17 14:0611,264--a------c:\windows\SYSTEM32\DLLCACHE\1394vdbg.sys 2008-12-04 19:12 . 2002-08-29 03:007,168--a------c:\windows\SYSTEM32\DLLCACHE\wamregps.dll 2008-12-04 19:11 . 2002-08-29 03:00169,984--a------c:\windows\SYSTEM32\DLLCACHE\iisui.dll 2008-12-04 19:11 . 2002-08-29 03:0094,720--a------c:\windows\SYSTEM32\DLLCACHE\certmap.ocx 2008-12-04 19:11 . 2002-08-29 03:0019,968--a------c:\windows\SYSTEM32\DLLCACHE\inetsloc.dll 2008-12-04 19:11 . 2002-08-29 03:0014,336--a------c:\windows\SYSTEM32\DLLCACHE\iisreset.exe 2008-12-04 19:11 . 2002-08-29 03:007,680--a------c:\windows\SYSTEM32\DLLCACHE\inetmgr.exe 2008-12-04 19:11 . 2002-08-29 03:006,144--a------c:\windows\SYSTEM32\DLLCACHE\ftpsapi2.dll 2008-12-04 19:11 . 2002-08-29 03:005,632--a------c:\windows\SYSTEM32\DLLCACHE\iisrstap.dll 2008-12-03 19:13 . 2008-12-03 19:30d--------c:\documents and settings\Christopher Apostle\Incomplete 2008-12-02 16:53 . 2008-12-02 16:53d--------c:\program files\AMT 2008-12-02 15:39 . 2008-12-09 10:22d--------c:\program files\SUPERAntiSpyware 2008-12-02 15:39 . 2008-12-02 15:39d--------c:\documents and settings\Christopher Apostle\Application Data\SUPERAntiSpyware.com 2008-12-02 15:39 . 2008-12-02 15:39d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-02 15:38 . 2008-12-02 15:38d--------c:\program files\Common Files\Wise INSTALLATION Wizard 2008-12-02 15:26 . 2008-12-07 21:39d--------c:\program files\CCleaner 2008-12-02 14:46 . 2008-12-02 14:46d--------c:\program files\TechTracker 2008-12-02 14:46 . 2008-12-02 14:54d--------c:\documents and settings\Christopher Apostle\Application Data\VersionTracker Pro 2008-12-02 14:40 . 2008-12-02 14:40d--------c:\program files\Trend Micro 2008-12-01 23:02 . 2008-12-01 23:02d--------c:\program files\CAT 2008-11-29 17:06 . 2008-11-29 17:06d--------c:\program files\Alwil Software 2008-11-26 13:54 . 2008-12-08 17:51d--------c:\program files\Malwarebytes' Anti-Malware 2008-11-26 13:54 . 2008-11-26 13:54d--------c:\documents and settings\Christopher Apostle\Application Data\Malwarebytes 2008-11-26 13:54 . 2008-11-26 13:54d--------c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-26 13:54 . 2008-12-03 19:5238,496--a------c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys 2008-11-26 13:54 . 2008-12-03 19:5215,504--a------c:\windows\SYSTEM32\DRIVERS\mbam.sys 2008-11-18 17:31 . 2008-02-05 16:051,009,664--a------c:\windows\SYSTEM32\Ltwvc13n.dll 2008-11-18 17:31 . 2008-02-05 16:05453,120--a------c:\windows\SYSTEM32\ltkrn13n.dll 2008-11-18 17:31 . 2008-02-05 16:05445,440--a------c:\windows\SYSTEM32\ltimg13n.dll 2008-11-18 17:31 . 2008-02-05 16:05388,608--a------c:\windows\SYSTEM32\LFCMP13n.DLL 2008-11-18 17:31 . 2008-02-05 16:05265,216--a------c:\windows\SYSTEM32\LTDIS13n.dll 2008-11-18 17:31 . 2008-02-05 16:05246,272--a------c:\windows\SYSTEM32\LFJ2K13n.dll 2008-11-18 17:31 . 2008-02-05 16:05206,848--a------c:\windows\SYSTEM32\ltefx13n.dll 2008-11-18 17:31 . 2008-02-05 16:05182,784--a------c:\windows\SYSTEM32\Lfpng13n.dll 2008-11-18 17:31 . 2008-02-05 16:05154,112--a------c:\windows\SYSTEM32\ltfil13n.DLL 2008-11-18 17:31 . 2008-02-05 16:05142,848--a------c:\windows\SYSTEM32\lftif13n.dll 2008-11-18 17:31 . 2008-02-05 16:0573,728--a------c:\windows\SYSTEM32\lffax13n.dll 2008-11-18 17:31 . 2008-02-05 16:0530,208--a------c:\windows\SYSTEM32\lfbmp13n.dll 2008-11-18 17:30 . 2008-11-18 17:31d--------c:\program files\RingCentral 2008-11-18 17:30 . 2008-11-18 18:21d--------c:\documents and settings\All Users\Application Data\RingCentral 2008-11-18 11:14 . 2008-11-18 11:15d--------c:\documents and settings\Christopher Apostle\tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-04 02:13---------d-----wc:\documents and settings\Christopher Apostle\Application Data\LimeWire 2008-12-02 22:31---------d-----wc:\program files\Java 2008-12-02 17:43---------d-----wc:\program files\Web Publish 2008-12-02 17:43---------d-----wc:\program files\Spybot - Search & Destroy 2008-12-02 17:43---------d-----wc:\program files\Motherboard Monitor 5 2008-12-02 17:43---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-02 02:58---------d-----wc:\program files\Viewpoint 2008-12-02 02:58---------d-----wc:\documents and settings\All Users\Application Data\Viewpoint 2008-11-10 12:43410,984----a-wc:\windows\SYSTEM32\deploytk.dll 2008-11-03 05:40---------d-----wc:\documents and settings\Christopher Apostle\Application Data\Image Zone Express 2008-11-03 02:52---------d-----wc:\program files\MSECache 2008-11-02 11:31---------d-----wc:\documents and settings\Christopher Apostle\Application Data\InstallShield 2008-11-02 11:29---------d--h--wc:\program files\InstallShield Installation Information 2008-10-31 05:56---------d-----wc:\documents and settings\Christopher Apostle\Application Data\eBookPro6 2008-10-28 20:07---------d-----wc:\documents and settings\All Users\Application Data\PureEdge 2008-10-28 20:06---------d-----wc:\documents and settings\All Users\Application Data\Amazon 2008-10-24 15:10---------d-----wc:\documents and settings\Christopher Apostle\Application Data\AdobeUM 2008-10-24 11:21455,296----a-wc:\windows\system32\drivers\mrxsmb.sys 2008-10-24 11:21455,296----a-wc:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys 2008-10-16 21:13202,776----a-wc:\windows\SYSTEM32\wuweb.dll 2008-10-16 21:13202,776----a-wc:\windows\SYSTEM32\DLLCACHE\wuweb.dll 2008-10-16 21:131,809,944----a-wc:\windows\SYSTEM32\wuaueng.dll 2008-10-16 21:131,809,944----a-wc:\windows\SYSTEM32\DLLCACHE\wuaueng.dll 2008-10-16 21:12561,688----a-wc:\windows\SYSTEM32\wuapi.dll 2008-10-16 21:12561,688----a-wc:\windows\SYSTEM32\DLLCACHE\wuapi.dll 2008-10-16 21:12323,608----a-wc:\windows\SYSTEM32\wucltui.dll 2008-10-16 21:12323,608----a-wc:\windows\SYSTEM32\DLLCACHE\wucltui.dll 2008-10-16 21:0992,696----a-wc:\windows\SYSTEM32\DLLCACHE\cdm.dll 2008-10-16 21:0992,696----a-wc:\windows\SYSTEM32\cdm.dll 2008-10-16 21:0951,224----a-wc:\windows\SYSTEM32\wuauclt.exe 2008-10-16 21:0951,224----a-wc:\windows\SYSTEM32\DLLCACHE\wuauclt.exe 2008-10-16 21:0943,544----a-wc:\windows\SYSTEM32\wups2.dll 2008-10-16 21:0834,328----a-wc:\windows\SYSTEM32\wups.dll 2008-10-16 21:0834,328----a-wc:\windows\SYSTEM32\DLLCACHE\wups.dll 2008-10-16 21:06268,648----a-wc:\windows\SYSTEM32\mucltui.dll 2008-10-16 21:06208,744----a-wc:\windows\SYSTEM32\muweb.dll 2008-10-15 16:34337,408----a-wc:\windows\SYSTEM32\DLLCACHE\netapi32.dll 2008-10-03 17:416,066,176------wc:\windows\SYSTEM32\DLLCACHE\ieframe.dll 2008-09-30 23:431,286,152----a-wc:\windows\SYSTEM32\msxml4.dll 2008-09-15 12:121,846,400----a-wc:\windows\SYSTEM32\win32k.sys 2008-09-15 12:121,846,400----a-wc:\windows\SYSTEM32\DLLCACHE\win32k.sys 2008-09-10 01:141,307,648----a-wc:\windows\SYSTEM32\DLLCACHE\msxml6.dll 2008-09-10 01:141,307,648------wc:\windows\SYSTEM32\msxml6.dll 2005-11-29 21:39236,216----a-wc:\documents and settings\Christopher Apostle\Application Data\GDIPFONTCACHEV1.DAT 2008-04-14 00:1250,688--sh--wc:\windows\twain_32.dll 2005-05-05 04:14475--sh--wc:\windows\SYSTEM32\gglizu.dll 2008-04-14 00:1211,776--sh--wc:\windows\SYSTEM32\regsvr32.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown 2nd half of ComboFix log: REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2008-11-12 479232] "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2008-11-12 32768] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-19 98304] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 17:12 15360 c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2005-03-07 21:42 176128 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb12.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2004-08-19 20:31 98304 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"= "c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"= "c:\\WINDOWS\\SYSTEM32\\wuauclt.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 78416] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-29 20560] R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944] S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys [2004-07-01 95232] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{600c93a2-c0cc-11dd-97a4-000bdbb5764c}] \Shell\AutoRun\command - E:\start.exe Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-12-09 c:\windows\Tasks\ErrorKiller Scheduled Scan.job - c:\program files\ErrorKiller\ErrorKiller.exe [] 2008-12-09 c:\windows\Tasks\ErrorKiller Scheduled Scan.job - c:\program files\ErrorKiller [] . - - - - ORPHANS REMOVED - - - - HKLM-Run-cat - (no file) MSConfigStartUp-EPSON Stylus C82 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe MSConfigStartUp-Nsv - c:\windows\system32\nsvsvc\nsvsvc.exe MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-Tsa - c:\progra~1\COMMON~1\tsa\tsm.exe MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = 127.0.0.1;.local Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd c:\windows\SYSTEM32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx O16 -: {38AB0814-B09B-4378-9940-14A19638C3C2} hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab c:\windows\Downloaded Program Files\ImageUploader5.inf FireFox -: Profile - c:\documents and settings\Christopher Apostle\Application Data\Mozilla\Firefox\Profiles\c10u9v8q.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-10 00:03:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\program files\SUPERAntiSpyware\SASWINLO.dll . Completion time: 2008-12-10 0:04:58 ComboFix-quarantined-files.txt 2008-12-10 07:04:23 Pre-Run: 24,265,408,512 bytes free Post-Run: 24,297,021,440 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)PARTITION(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 337--- E O F ---2008-11-12 10:28:04Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:08:13 AM, on 12/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\LEXBCES.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\explorer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV HELPER - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe" O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6714 bytes Run the Kaspersky Online Scanner In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator* command. From the Desktop right click the icon to open the browser and choose Run as Administrator. Click on SCAN NOW Click Accept. The program will then begin downloading the latest definition files. Once the files have been downloaded locate the Scan Settings and have it scan My Computer. The scan will take a while, so be patient and let it finish. When the scan is done, in the Scan is complete window, any infection is displayed. There is no option to clean/disinfect, however, we need to analyze the information on the report. To obtain the report: Click on: Save Report As Next, in the Save as prompt, Save in area, select: Desktop. In the File name area use KScan, or something similar. In Save as type: click the drop arrow and select: *Text file [.txt] Then, click: Save Copy and paste the Kaspersky Online Scanner Report** in your next reply. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Solve : STILL HAVING PROBLEMS, PLEASE HELP!!?

Answer»

Piece of crap still won't work. Can't do anything in safe mode. The minute I try to type something in that line after I hit run the piece of crap freezes up. Now what? Sorry, I've just been at this about 12-16 hours a day for the last 2 weeks, and I'm ready to give up. This things been a total pile of junk since I got it, I should have sued the idiot that sold it to me.
Does any of this have to do with the huge "system 32" file that now magically opens up when I boot up? That never happened before, and none of the crap that's in that file is mine. I'm sure it's taking up 90% of what little memory or whatever that I have. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Here are the logs you asked for. The first is part of ComboFix, I had to post it in two different posts because it is so long. HIJACK This follows. Thanks!!

ComboFix 08-12-07.04 - Christopher Apostle 2008-12-10 0:00:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.351 [GMT -7:00]
Running from: c:\documents and settings\Christopher Apostle\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\uninstall information
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\settings.dat
c:\program files\Need2Find\bar\Settings\settings.htm
c:\windows\system32\cache329
c:\windows\system32\cache329\B_134000.htm
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_0_0_107400.htm
c:\windows\system32\cache329\B_329_0_0_446700.htm
c:\windows\system32\cache329\B_329_0_0_446800.htm
c:\windows\system32\cache329\B_329_0_0_446900.htm
c:\windows\system32\cache329\B_329_1_0_449200.gif
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.gif
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.gif
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_105300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_2_0_446700.htm
c:\windows\system32\cache329\B_329_2_0_446800.htm
c:\windows\system32\cache329\B_329_2_0_446900.htm
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_3_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_446700.htm
c:\windows\system32\cache329\B_329_3_0_446800.htm
c:\windows\system32\cache329\B_329_3_0_446900.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\B_329_4_0_448200.htm
c:\windows\system32\cache329\B_329_4_0_448300.htm
c:\windows\system32\cache329\B_329_4_0_453400.htm
c:\windows\system32\cache329\t_B_134000.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_0_0_107400.htm
c:\windows\system32\cache329\t_B_329_0_0_446700.htm
c:\windows\system32\cache329\t_B_329_0_0_446800.htm
c:\windows\system32\cache329\t_B_329_0_0_446900.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_105300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_2_0_446700.htm
c:\windows\system32\cache329\t_B_329_2_0_446800.htm
c:\windows\system32\cache329\t_B_329_2_0_446900.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_3_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_446700.htm
c:\windows\system32\cache329\t_B_329_3_0_446800.htm
c:\windows\system32\cache329\t_B_329_3_0_446900.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_4_0_448200.htm
c:\windows\system32\cache329\t_B_329_4_0_448300.htm
c:\windows\system32\cache329\t_B_329_4_0_453400.htm
c:\windows\system32\elikabut.ini
c:\windows\system32\ezimelet.ini
c:\windows\system32\irezasos.ini
c:\windows\system32\iyimogov.ini
c:\windows\system32\mudagisi.dll
c:\windows\system32\upiyedef.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-07 21:49 . 2008-11-06 02:03d--------C:\SDFix
2008-12-04 19:29 . 2008-04-13 18:12116,224--a------c:\windows\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-12-04 19:29 . 2001-08-17 22:3727,648--a------c:\windows\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-12-04 19:29 . 2001-08-17 22:3623,040--a------c:\windows\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-12-04 19:29 . 2008-04-13 18:1218,944--a------c:\windows\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-12-04 19:29 . 2001-08-17 22:374,608--a------c:\windows\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-12-04 19:28 . 2001-08-17 13:28771,581--a------c:\windows\SYSTEM32\DLLCACHE\winacisa.sys
2008-12-04 19:28 . 2002-08-28 20:59154,624--a------c:\windows\SYSTEM32\DLLCACHE\wlluc48.sys
2008-12-04 19:28 . 2001-08-17 22:3799,865--a------c:\windows\SYSTEM32\DLLCACHE\xlog.exe
2008-12-04 19:28 . 2001-08-17 22:3687,040--a------c:\windows\SYSTEM32\DLLCACHE\wiafbdrv.dll
2008-12-04 19:28 . 2001-08-17 22:3653,760--a------c:\windows\SYSTEM32\DLLCACHE\wiamsmud.dll
2008-12-04 19:28 . 2002-08-29 03:0041,600--a------c:\windows\SYSTEM32\DLLCACHE\weitekp9.dll
2008-12-04 19:28 . 2001-08-17 12:1234,890--a------c:\windows\SYSTEM32\DLLCACHE\wlandrv2.sys
2008-12-04 19:28 . 2002-08-29 03:0031,232--a------c:\windows\SYSTEM32\DLLCACHE\weitekp9.sys
2008-12-04 19:28 . 2001-08-17 12:1116,970--a------c:\windows\SYSTEM32\DLLCACHE\xem336n5.sys
2008-12-04 19:28 . 2008-04-13 12:368,832--a------c:\windows\SYSTEM32\DLLCACHE\wmiacpi.sys
2008-12-04 19:28 . 2008-04-13 18:128,192--a------c:\windows\SYSTEM32\DLLCACHE\wshirda.dll
2008-12-04 19:26 . 2001-08-17 12:18285,760--a------c:\windows\SYSTEM32\DLLCACHE\stlnata.sys
2008-12-04 19:25 . 2001-08-17 22:36495,616--a------c:\windows\SYSTEM32\DLLCACHE\sblfx.dll
2008-12-04 19:24 . 2001-08-17 13:28899,146--a------c:\windows\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-12-04 19:23 . 2008-08-14 02:332,023,936--a------c:\windows\SYSTEM32\DLLCACHE\OLD3DE.tmp
2008-12-04 19:22 . 2002-08-28 20:59132,695--a------c:\windows\SYSTEM32\DLLCACHE\netwlan5.sys
2008-12-04 19:21 . 2001-08-17 13:28802,683--a------c:\windows\SYSTEM32\DLLCACHE\ltsm.sys
2008-12-04 19:20 . 2008-04-13 18:11253,952--a------c:\windows\SYSTEM32\DLLCACHE\kdsusd.dll
2008-12-04 19:19 . 2001-08-17 13:28542,879--a------c:\windows\SYSTEM32\DLLCACHE\hsf_msft.sys
2008-12-04 19:18 . 2001-08-17 14:561,733,120--a------c:\windows\SYSTEM32\DLLCACHE\g400d.dll
2008-12-04 19:17 . 2001-08-17 12:14952,007--a------c:\windows\SYSTEM32\DLLCACHE\diwan.sys
2008-12-04 19:16 . 2001-08-17 22:36614,429--a------c:\windows\SYSTEM32\DLLCACHE\digiview.exe
2008-12-04 19:15 . 2001-08-17 12:13980,034--a------c:\windows\SYSTEM32\DLLCACHE\cicap.sys
2008-12-04 19:14 . 2001-08-17 13:28871,388--a------c:\windows\SYSTEM32\DLLCACHE\bcmdm.sys
2008-12-04 19:13 . 2001-08-17 12:19747,392--a------c:\windows\SYSTEM32\DLLCACHE\adm8830.sys
2008-12-04 19:12 . 2008-08-14 03:092,145,280--a------c:\windows\SYSTEM32\DLLCACHE\OLD2B.tmp
2008-12-04 19:12 . 2001-08-17 13:28762,780--a------c:\windows\SYSTEM32\DLLCACHE\3cwmcru.sys
2008-12-04 19:12 . 2001-08-17 14:55689,216--a------c:\windows\SYSTEM32\DLLCACHE\3dfxvs.dll
2008-12-04 19:12 . 2001-08-17 12:48148,352--a------c:\windows\SYSTEM32\DLLCACHE\3dfxvsm.sys
2008-12-04 19:12 . 2001-08-17 14:5666,048--a------c:\windows\SYSTEM32\DLLCACHE\s3legacy.dll
2008-12-04 19:12 . 2008-04-13 12:4653,376--a------c:\windows\SYSTEM32\DLLCACHE\1394bus.sys
2008-12-04 19:12 . 2008-04-13 12:4012,288--a------c:\windows\SYSTEM32\DLLCACHE\4mmdat.sys
2008-12-04 19:12 . 2001-08-17 14:0611,264--a------c:\windows\SYSTEM32\DLLCACHE\1394vdbg.sys
2008-12-04 19:12 . 2002-08-29 03:007,168--a------c:\windows\SYSTEM32\DLLCACHE\wamregps.dll
2008-12-04 19:11 . 2002-08-29 03:00169,984--a------c:\windows\SYSTEM32\DLLCACHE\iisui.dll
2008-12-04 19:11 . 2002-08-29 03:0094,720--a------c:\windows\SYSTEM32\DLLCACHE\certmap.ocx
2008-12-04 19:11 . 2002-08-29 03:0019,968--a------c:\windows\SYSTEM32\DLLCACHE\inetsloc.dll
2008-12-04 19:11 . 2002-08-29 03:0014,336--a------c:\windows\SYSTEM32\DLLCACHE\iisreset.exe
2008-12-04 19:11 . 2002-08-29 03:007,680--a------c:\windows\SYSTEM32\DLLCACHE\inetmgr.exe
2008-12-04 19:11 . 2002-08-29 03:006,144--a------c:\windows\SYSTEM32\DLLCACHE\ftpsapi2.dll
2008-12-04 19:11 . 2002-08-29 03:005,632--a------c:\windows\SYSTEM32\DLLCACHE\iisrstap.dll
2008-12-03 19:13 . 2008-12-03 19:30d--------c:\documents and settings\Christopher Apostle\Incomplete
2008-12-02 16:53 . 2008-12-02 16:53d--------c:\program files\AMT
2008-12-02 15:39 . 2008-12-09 10:22d--------c:\program files\SUPERAntiSpyware
2008-12-02 15:39 . 2008-12-02 15:39d--------c:\documents and settings\Christopher Apostle\Application Data\SUPERAntiSpyware.com
2008-12-02 15:39 . 2008-12-02 15:39d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-02 15:38 . 2008-12-02 15:38d--------c:\program files\Common Files\Wise INSTALLATION Wizard
2008-12-02 15:26 . 2008-12-07 21:39d--------c:\program files\CCleaner
2008-12-02 14:46 . 2008-12-02 14:46d--------c:\program files\TechTracker
2008-12-02 14:46 . 2008-12-02 14:54d--------c:\documents and settings\Christopher Apostle\Application Data\VersionTracker Pro
2008-12-02 14:40 . 2008-12-02 14:40d--------c:\program files\Trend Micro
2008-12-01 23:02 . 2008-12-01 23:02d--------c:\program files\CAT
2008-11-29 17:06 . 2008-11-29 17:06d--------c:\program files\Alwil Software
2008-11-26 13:54 . 2008-12-08 17:51d--------c:\program files\Malwarebytes' Anti-Malware
2008-11-26 13:54 . 2008-11-26 13:54d--------c:\documents and settings\Christopher Apostle\Application Data\Malwarebytes
2008-11-26 13:54 . 2008-11-26 13:54d--------c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-26 13:54 . 2008-12-03 19:5238,496--a------c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-11-26 13:54 . 2008-12-03 19:5215,504--a------c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-11-18 17:31 . 2008-02-05 16:051,009,664--a------c:\windows\SYSTEM32\Ltwvc13n.dll
2008-11-18 17:31 . 2008-02-05 16:05453,120--a------c:\windows\SYSTEM32\ltkrn13n.dll
2008-11-18 17:31 . 2008-02-05 16:05445,440--a------c:\windows\SYSTEM32\ltimg13n.dll
2008-11-18 17:31 . 2008-02-05 16:05388,608--a------c:\windows\SYSTEM32\LFCMP13n.DLL
2008-11-18 17:31 . 2008-02-05 16:05265,216--a------c:\windows\SYSTEM32\LTDIS13n.dll
2008-11-18 17:31 . 2008-02-05 16:05246,272--a------c:\windows\SYSTEM32\LFJ2K13n.dll
2008-11-18 17:31 . 2008-02-05 16:05206,848--a------c:\windows\SYSTEM32\ltefx13n.dll
2008-11-18 17:31 . 2008-02-05 16:05182,784--a------c:\windows\SYSTEM32\Lfpng13n.dll
2008-11-18 17:31 . 2008-02-05 16:05154,112--a------c:\windows\SYSTEM32\ltfil13n.DLL
2008-11-18 17:31 . 2008-02-05 16:05142,848--a------c:\windows\SYSTEM32\lftif13n.dll
2008-11-18 17:31 . 2008-02-05 16:0573,728--a------c:\windows\SYSTEM32\lffax13n.dll
2008-11-18 17:31 . 2008-02-05 16:0530,208--a------c:\windows\SYSTEM32\lfbmp13n.dll
2008-11-18 17:30 . 2008-11-18 17:31d--------c:\program files\RingCentral
2008-11-18 17:30 . 2008-11-18 18:21d--------c:\documents and settings\All Users\Application Data\RingCentral
2008-11-18 11:14 . 2008-11-18 11:15d--------c:\documents and settings\Christopher Apostle\tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 02:13---------d-----wc:\documents and settings\Christopher Apostle\Application Data\LimeWire
2008-12-02 22:31---------d-----wc:\program files\Java
2008-12-02 17:43---------d-----wc:\program files\Web Publish
2008-12-02 17:43---------d-----wc:\program files\Spybot - Search & Destroy
2008-12-02 17:43---------d-----wc:\program files\Motherboard Monitor 5
2008-12-02 17:43---------d-----wc:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-02 02:58---------d-----wc:\program files\Viewpoint
2008-12-02 02:58---------d-----wc:\documents and settings\All Users\Application Data\Viewpoint
2008-11-10 12:43410,984----a-wc:\windows\SYSTEM32\deploytk.dll
2008-11-03 05:40---------d-----wc:\documents and settings\Christopher Apostle\Application Data\Image Zone Express
2008-11-03 02:52---------d-----wc:\program files\MSECache
2008-11-02 11:31---------d-----wc:\documents and settings\Christopher Apostle\Application Data\InstallShield
2008-11-02 11:29---------d--h--wc:\program files\InstallShield Installation Information
2008-10-31 05:56---------d-----wc:\documents and settings\Christopher Apostle\Application Data\eBookPro6
2008-10-28 20:07---------d-----wc:\documents and settings\All Users\Application Data\PureEdge
2008-10-28 20:06---------d-----wc:\documents and settings\All Users\Application Data\Amazon
2008-10-24 15:10---------d-----wc:\documents and settings\Christopher Apostle\Application Data\AdobeUM
2008-10-24 11:21455,296----a-wc:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21455,296----a-wc:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-16 21:13202,776----a-wc:\windows\SYSTEM32\wuweb.dll
2008-10-16 21:13202,776----a-wc:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 21:131,809,944----a-wc:\windows\SYSTEM32\wuaueng.dll
2008-10-16 21:131,809,944----a-wc:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 21:12561,688----a-wc:\windows\SYSTEM32\wuapi.dll
2008-10-16 21:12561,688----a-wc:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 21:12323,608----a-wc:\windows\SYSTEM32\wucltui.dll
2008-10-16 21:12323,608----a-wc:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 21:0992,696----a-wc:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 21:0992,696----a-wc:\windows\SYSTEM32\cdm.dll
2008-10-16 21:0951,224----a-wc:\windows\SYSTEM32\wuauclt.exe
2008-10-16 21:0951,224----a-wc:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 21:0943,544----a-wc:\windows\SYSTEM32\wups2.dll
2008-10-16 21:0834,328----a-wc:\windows\SYSTEM32\wups.dll
2008-10-16 21:0834,328----a-wc:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 21:06268,648----a-wc:\windows\SYSTEM32\mucltui.dll
2008-10-16 21:06208,744----a-wc:\windows\SYSTEM32\muweb.dll
2008-10-15 16:34337,408----a-wc:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-03 17:416,066,176------wc:\windows\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-30 23:431,286,152----a-wc:\windows\SYSTEM32\msxml4.dll
2008-09-15 12:121,846,400----a-wc:\windows\SYSTEM32\win32k.sys
2008-09-15 12:121,846,400----a-wc:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:141,307,648----a-wc:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-10 01:141,307,648------wc:\windows\SYSTEM32\msxml6.dll
2005-11-29 21:39236,216----a-wc:\documents and settings\Christopher Apostle\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 00:1250,688--sh--wc:\windows\twain_32.dll
2005-05-05 04:14475--sh--wc:\windows\SYSTEM32\gglizu.dll
2008-04-14 00:1211,776--sh--wc:\windows\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

2nd half of ComboFix log:

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2008-11-12 479232]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2008-11-12 32768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-19 98304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2005-03-07 21:42 176128 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb12.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-08-19 20:31 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"=
"c:\\WINDOWS\\SYSTEM32\\wuauclt.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-29 78416]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-29 20560]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\DRIVERS\LSIPNDS.sys [2004-07-01 95232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{600c93a2-c0cc-11dd-97a4-000bdbb5764c}]
\Shell\AutoRun\command - E:\start.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\ErrorKiller Scheduled Scan.job
- c:\program files\ErrorKiller\ErrorKiller.exe []

2008-12-09 c:\windows\Tasks\ErrorKiller Scheduled Scan.job
- c:\program files\ErrorKiller []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cat - (no file)
MSConfigStartUp-EPSON Stylus C82 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-Nsv - c:\windows\system32\nsvsvc\nsvsvc.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-Tsa - c:\progra~1\COMMON~1\tsa\tsm.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\SYSTEM32\unicows.dll - c:\windows\Downloaded Program Files\ImageUploader5.ocx
O16 -: {38AB0814-B09B-4378-9940-14A19638C3C2}
hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
c:\windows\Downloaded Program Files\ImageUploader5.inf
FireFox -: Profile - c:\documents and settings\Christopher Apostle\Application Data\Mozilla\Firefox\Profiles\c10u9v8q.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 00:03:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-10 0:04:58
ComboFix-quarantined-files.txt 2008-12-10 07:04:23

Pre-Run: 24,265,408,512 bytes free
Post-Run: 24,297,021,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)PARTITION(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

337--- E O F ---2008-11-12 10:28:04Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:13 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV HELPER - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.67.cab
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6714 bytes
Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Solve : STILL HAVING PROBLEMS, PLEASE HELP!!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment