MBAM problems

[Indrananda]

I have attempted 6 times now to download and install MBAM from 3 different download sites. Each and every time, I get to completing the installation process and I am notified that MBAM.exe is not found and the closest thing is MBAM-dor.exe, which does not open MBAM when I tried it... uninstall and try again... I have followed the directions from the main page i.e. download onto desktop, etc, and I have tried downloading into diff. folders to open/install, all with the same result. Any help/advice would be welcomed... TIA

[Derek]

that sounds like virus blocking it

step 1

follow advice here and post the logs those programs make in your next reply to this topic

[Indrananda]

Okay here is dds log and its attachment. GMER did not work... it ran for 3+ hours, but hung up on one program for well over an hour, then the computer became completely nonresponsive, needing a reboot. I will attempt to run it again tonight after work.

Oh, some basic info, Win XP home svc pack 3, EeePc net book. I removed 8 varundo versions yesterday with SAS, haven't tried MBAM again since then.


DDS (Ver_09-12-01.01) - NTFSx86 
Run by Jnanama at 13:15:12.23 on Sun 12/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.589 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated)   {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled*   {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AsScrPro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jnanama\Desktop\44vd765v.exe
C:\DOCUME~1\Jnanama\LOCALS~1\Temp\RarSFX1\4f76gc.exe
C:\Documents and Settings\Jnanama\Desktop\44vd765v.exe
C:\DOCUME~1\Jnanama\LOCALS~1\Temp\RarSFX2\4f76gc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jnanama\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\coIEPlg.dll
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
c:\documents and settings\jnanama\local settings\temp\75.tmp\temp00
StartupFolder: c:\docume~1\jnanama\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\skype4com.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\norton internet security\engine\16.7.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: betiyifi.dll c:\windows\system32\hinovali.dll c:\windows\system32\jifafusu.dll c:\windows\system32\zimuworo.dll c:\windows\system32\yejedotu.dll c:\windows\system32\fomasopi.dll c:\windows\system32\kedohugu.dll c:\windows\system32\weyokupi.dll c:\windows\system32\vonibusa.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: lugubawek - {4d637875-854f-4771-9f4c-de41ef49f867} - c:\windows\system32\hinovali.dll
SSODL: jumefupul - {8077a75d-cf61-4fa9-b2d1-cf254b1275b7} - c:\windows\system32\jifafusu.dll
SSODL: yudevuziy - {87124200-10fc-4030-8c80-233a0c190f7a} - c:\windows\system32\zimuworo.dll
SSODL: jofokuyug - {2c9d0ee2-a784-4825-817c-34fdb5b389f3} - c:\windows\system32\yejedotu.dll
SSODL: durudemig - {bcbd066f-7783-4c28-be45-61b619cdcd1a} - c:\windows\system32\fomasopi.dll
SSODL: seriburuh - {3fc5f7be-406a-456f-8ff6-ded646501f6b} - c:\windows\system32\kedohugu.dll
SSODL: dehagewef - {a1db03a4-ce46-4167-88f4-3cb4bae60d8e} - c:\windows\system32\weyokupi.dll
SSODL: kuvazumog - {dc2b5773-e8e1-4687-970c-98c94cea08f8} - c:\windows\system32\vonibusa.dll
STS: kupuhivus: {4d637875-854f-4771-9f4c-de41ef49f867} - c:\windows\system32\hinovali.dll
STS: kupuhivus: {8077a75d-cf61-4fa9-b2d1-cf254b1275b7} - c:\windows\system32\jifafusu.dll
STS: kupuhivus: {87124200-10fc-4030-8c80-233a0c190f7a} - c:\windows\system32\zimuworo.dll
STS: jugezatag: {2c9d0ee2-a784-4825-817c-34fdb5b389f3} - c:\windows\system32\yejedotu.dll
STS: kupuhivus: {bcbd066f-7783-4c28-be45-61b619cdcd1a} - c:\windows\system32\fomasopi.dll
STS: mujuzedij: {3fc5f7be-406a-456f-8ff6-ded646501f6b} - c:\windows\system32\kedohugu.dll
STS: mujuzedij: {a1db03a4-ce46-4167-88f4-3cb4bae60d8e} - c:\windows\system32\weyokupi.dll
STS: kupuhivus: {dc2b5773-e8e1-4687-970c-98c94cea08f8} - c:\windows\system32\vonibusa.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli somotiye.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jnanama\applic~1\mozilla\firefox\profiles\zbotgoou.default\
FF - prefs.js: browser.startup.homepage - mail.yahoo.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-14 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-12-22 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007020.00b\BHDrvx86.sys [2009-12-22 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007020.00b\cchpx86.sys [2009-12-22 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091217.002\IDSXpx86.sys [2009-12-20 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 55152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-12-22 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-20 102448]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091227.004\NAVENG.SYS [2009-12-27 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091227.004\NAVEX15.SYS [2009-12-27 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-14 464264]

=============== Created Last 30 ================

2009-12-26 22:44:59   0   d-----w-   c:\documents and settings\jnanama\DoctorWeb
2009-12-26 22:17:04   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-26 22:16:54   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-12-26 22:16:54   0   d-----w-   c:\docume~1\jnanama\applic~1\SUPERAntiSpyware.com
2009-12-26 22:16:23   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-12-26 20:00:06   0   d-----w-   c:\docume~1\jnanama\applic~1\Malwarebytes
2009-12-26 19:59:56   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-25 20:28:02   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2009-12-25 20:28:01   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-24 02:31:04   0   d-----w-   c:\docume~1\alluse~1\applic~1\Symantec
2009-12-20 22:40:38   36400   ----a-r-   c:\windows\system32\drivers\SymIM.sys
2009-12-20 22:40:35   806   ----a-w-   c:\windows\system32\drivers\SYMEVENT.INF
2009-12-20 22:40:35   7456   ----a-w-   c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-20 22:40:35   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2009-12-20 22:40:35   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-20 22:40:35   0   d-----w-   c:\program files\Symantec
2009-12-20 22:40:35   0   d-----w-   c:\program files\common files\Symantec Shared
2009-12-20 22:39:45   0   d-----w-   c:\windows\system32\drivers\NIS
2009-12-20 22:39:40   0   d-----w-   c:\docume~1\alluse~1\applic~1\Norton
2009-12-20 22:39:00   0   d-----w-   c:\program files\NortonInstaller
2009-12-20 22:39:00   0   d-----w-   c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-12-20 22:28:58   0   d-----w-   c:\program files\common files\Hewlett-Packard
2009-12-20 22:27:39   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2009-12-20 22:27:39   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2009-12-20 22:27:06   0   d-----w-   c:\program files\HP
2009-12-20 22:18:41   17176   ------w-   c:\windows\hpomdl04.dat
2009-12-20 22:18:41   103509   ----a-w-   c:\windows\hpoins04.dat
2009-12-20 22:18:38   51088   ----a-w-   c:\windows\system32\drivers\hpzid412.sys
2009-12-20 22:18:38   21744   ----a-w-   c:\windows\system32\drivers\HPZius12.sys
2009-12-20 22:18:38   16496   ----a-w-   c:\windows\system32\drivers\HPZipr12.sys
2009-12-20 22:18:33   90112   ----a-w-   c:\windows\system32\hpovst08.dll
2009-12-20 22:18:33   581632   ----a-w-   c:\windows\system32\hpotscl.dll
2009-12-20 22:18:33   278528   ----a-w-   c:\windows\system32\hpgwiamd.dll
2009-12-20 22:18:33   270336   ----a-w-   c:\windows\system32\HPZc3212.dll
2009-12-20 22:18:30   135249   ----a-w-   c:\windows\system32\hpzlnt10.dll
2009-12-20 22:18:28   344064   ----a-w-   c:\windows\system32\hpzcon10.dll
2009-12-20 22:18:28   196608   ----a-w-   c:\windows\system32\hpzcoi10.dll
2009-12-20 20:15:53   0   d-sh--w-   c:\documents and settings\jnanama\PrivacIE
2009-12-18 02:19:47   0   d-sh--w-   c:\documents and settings\jnanama\IETldCache
2009-12-17 04:15:02   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-12-17 04:15:02   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-12-17 04:14:59   0   d-----w-   c:\windows\ie8updates
2009-12-17 04:14:47   92160   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2009-12-17 04:14:11   0   dc-h--w-   c:\windows\ie8
2009-12-11 15:42:15   0   d-----w-   c:\windows\system32\PreInstall

==================== Find3M  ====================

2009-11-15 02:30:58   93360   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 02:30:53   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2009-11-15 02:19:23   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2009-11-13 16:37:36   0   ----a-w-   c:\docume~1\jnanama\applic~1\wklnhst.dat
2009-10-29 07:45:38   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-21 05:38:36   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-13 10:30:16   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38:19   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38:18   79872   ----a-w-   c:\windows\system32\raschap.dll
2009-07-02 02:49:12   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

============= FINISH: 13:15:59.53 ===============

[Derek]

Delete any existing version of ComboFix you have sitting on your desktop

Please read and follow all these instructions very carefully

Download ComboFix from Here to your Desktop.

**Note:  It is important that it is saved directly to your desktop  and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Very Important! Temporarily disable your anti-virus and  anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
• Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  
• Remember to re enable the protection again after combofix has finished
  

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this
When finished, it will produce a report for you. 
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. 

[Indrananda]

I cannot disable Norton AV the way that is suggested in the above link. I have tried everything I can think of, including msconfig to disable the startup of anything norton/symantic related, yet combofix says it's still running. Any ideas? Thanks!

[Derek]

if Norton doesn't disable by right click in the sys tray window , then ignore it & run combofix

[Indrananda]

Okay. Got to computer tonight, and ran combofix. I have the log here, which I will paste below. I can attach it if you'd prefer... just say the word. Thanks. Please let me know where we go/what we do from here. Thanks again.

ComboFix 09-12-26.05 - Jnanama 12/30/2009   1:50.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.479 [GMT -5:00]
Running from: c:\documents and settings\Jnanama\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-346308534-839334332-2326838845-1003
c:\windows\Tasks\ucjmxjra.job

.
(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-30  )))))))))))))))))))))))))))))))
.

2009-12-30 06:58 . 2009-08-26 00:09   165240   ----a-r-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-12-30 01:54 . 2009-12-20 09:00   84912   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\NAVENG.SYS
2009-12-30 01:54 . 2009-12-20 09:00   177520   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\NAVENG32.DLL
2009-12-30 01:54 . 2009-12-20 09:00   1647984   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\NAVEX32A.DLL
2009-12-30 01:54 . 2009-12-20 09:00   1323568   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\NAVEX15.SYS
2009-12-30 01:54 . 2009-12-20 09:00   371248   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\EECTRL.SYS
2009-12-30 01:54 . 2009-12-20 09:00   2747440   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\CCERASER.DLL
2009-12-30 01:54 . 2009-12-20 09:00   259440   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\ECMSVR32.DLL
2009-12-30 01:54 . 2009-12-20 09:00   102448   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091229.025\ERASER.SYS
2009-12-26 22:44 . 2009-12-26 22:44   --------   d-----w-   c:\documents and settings\Jnanama\DoctorWeb
2009-12-26 22:18 . 2009-12-27 23:15   52224   ----a-w-   c:\documents and settings\Jnanama\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-26 22:18 . 2009-12-27 23:15   117760   ----a-w-   c:\documents and settings\Jnanama\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-26 22:17 . 2009-12-26 22:17   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-26 22:16 . 2009-12-26 22:16   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-12-26 22:16 . 2009-12-26 22:16   --------   d-----w-   c:\documents and settings\Jnanama\Application Data\SUPERAntiSpyware.com
2009-12-26 22:16 . 2009-12-26 22:16   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-26 20:00 . 2009-12-26 20:00   --------   d-----w-   c:\documents and settings\Jnanama\Application Data\Malwarebytes
2009-12-26 19:59 . 2009-12-26 19:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-25 20:29 . 2009-12-25 20:29   --------   d-----w-   c:\windows\Sun
2009-12-25 20:28 . 2009-12-25 20:27   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-25 20:27 . 2009-12-25 20:27   --------   d-----w-   c:\program files\Java
2009-12-25 20:26 . 2009-12-25 20:26   152576   ----a-w-   c:\documents and settings\Jnanama\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-25 20:24 . 2009-12-25 20:24   79488   ----a-w-   c:\documents and settings\Jnanama\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-24 02:31 . 2009-12-24 02:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2009-12-22 17:14 . 2008-04-14 12:00   26624   ----a-w-   c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-21 00:42 . 2009-11-05 06:30   811896   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\Scxpx86.dll
2009-12-21 00:42 . 2009-11-05 06:30   488312   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSxpx86.dll
2009-12-21 00:42 . 2009-11-05 06:30   466992   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSviA64.sys
2009-12-21 00:42 . 2009-11-05 06:30   343088   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSvix86.sys
2009-12-21 00:42 . 2009-11-05 06:30   329592   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys
2009-12-20 22:50 . 2009-12-22 15:50   554352   ----a-r-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-12-20 22:39 . 2009-12-23 03:16   --------   d-----w-   c:\windows\system32\drivers\NIS
2009-12-20 22:39 . 2009-12-20 22:39   --------   d-----w-   c:\program files\Windows Sidebar
2009-12-20 22:39 . 2009-12-20 22:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Norton
2009-12-20 22:39 . 2009-12-20 22:39   --------   d-----w-   c:\program files\NortonInstaller
2009-12-20 22:39 . 2009-12-20 22:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-20 22:28 . 2009-12-20 22:28   --------   d-----w-   c:\program files\Common Files\Hewlett-Packard
2009-12-20 22:27 . 2008-04-14 05:15   15104   -c--a-w-   c:\windows\system32\dllcache\usbscan.sys
2009-12-20 22:27 . 2008-04-14 05:15   15104   ----a-w-   c:\windows\system32\drivers\usbscan.sys
2009-12-20 22:27 . 2009-12-20 22:27   --------   d-----w-   c:\program files\HP
2009-12-20 22:18 . 2009-12-20 22:29   103509   ----a-w-   c:\windows\hpoins04.dat
2009-12-20 22:18 . 2004-06-22 15:04   17176   ------w-   c:\windows\hpomdl04.dat
2009-12-20 22:18 . 2004-06-22 15:05   51088   ----a-w-   c:\windows\system32\drivers\hpzid412.sys
2009-12-20 22:18 . 2004-06-22 15:05   21744   ----a-w-   c:\windows\system32\drivers\HPZius12.sys
2009-12-20 22:18 . 2004-06-22 15:05   16496   ----a-w-   c:\windows\system32\drivers\HPZipr12.sys
2009-12-20 22:18 . 2004-06-22 15:05   90112   ----a-w-   c:\windows\system32\hpovst08.dll
2009-12-20 22:18 . 2004-06-22 15:05   581632   ----a-w-   c:\windows\system32\hpotscl.dll
2009-12-20 22:18 . 2004-06-22 15:05   278528   ----a-w-   c:\windows\system32\hpgwiamd.dll
2009-12-20 22:18 . 2004-06-22 15:04   270336   ----a-w-   c:\windows\system32\HPZc3212.dll
2009-12-20 22:18 . 2004-06-22 15:05   135249   ----a-w-   c:\windows\system32\hpzlnt10.dll
2009-12-20 22:18 . 2004-06-22 15:05   196608   ----a-w-   c:\windows\system32\hpzcoi10.dll
2009-12-20 22:18 . 2004-06-22 15:05   344064   ----a-w-   c:\windows\system32\hpzcon10.dll
2009-12-20 20:15 . 2009-12-20 20:15   --------   d-sh--w-   c:\documents and settings\Jnanama\PrivacIE
2009-12-18 06:25 . 2009-12-18 06:25   --------   d-sh--w-   c:\documents and settings\LocalService\IETldCache
2009-12-18 02:19 . 2009-12-18 02:19   --------   d-sh--w-   c:\documents and settings\Jnanama\IETldCache
2009-12-17 04:15 . 2009-10-29 07:45   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2009-12-17 04:15 . 2009-10-29 07:45   246272   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2009-12-17 04:14 . 2009-12-20 19:29   --------   d-----w-   c:\windows\ie8updates
2009-12-17 04:14 . 2009-10-02 04:44   92160   -c----w-   c:\windows\system32\dllcache\iecompat.dll
2009-12-17 04:14 . 2009-12-17 04:14   --------   dc-h--w-   c:\windows\ie8

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 05:04 . 2009-06-23 03:51   --------   d-----w-   c:\program files\Common Files\Adobe
2009-12-23 02:37 . 2009-11-15 02:30   862040   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-23 02:37 . 2009-11-15 02:30   206944   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-23 02:37 . 2009-11-15 02:30   390288   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-23 02:37 . 2009-11-15 02:30   537576   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-23 02:37 . 2009-11-15 02:30   370744   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-23 02:37 . 2009-11-15 02:30   163728   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-23 02:37 . 2009-11-15 02:30   194104   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-23 02:35 . 2009-11-15 02:30   6296864   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-23 02:35 . 2009-11-15 02:30   327000   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-23 02:35 . 2009-11-15 02:30   87496   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-23 02:35 . 2009-11-15 02:29   933120   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-23 02:34 . 2009-11-15 02:29   641632   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-23 02:34 . 2009-11-15 02:29   816272   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-23 02:34 . 2009-11-15 02:29   822904   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-23 02:34 . 2009-11-15 02:29   1643272   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-23 02:34 . 2009-11-15 02:29   788880   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-23 02:34 . 2009-11-15 02:29   1181328   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-22 15:50 . 2009-12-20 22:40   --------   d-----w-   c:\program files\Symantec
2009-12-22 15:50 . 2009-12-20 22:40   806   ----a-w-   c:\windows\system32\drivers\SYMEVENT.INF
2009-12-22 15:50 . 2009-12-20 22:40   7456   ----a-w-   c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-22 15:50 . 2009-12-20 22:40   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2009-12-22 15:50 . 2009-12-20 22:40   124976   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-21 00:37 . 2009-12-20 22:40   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2009-12-20 22:40 . 2009-12-20 22:40   1294680   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-12-20 22:40 . 2009-12-20 22:40   136840   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-12-20 22:40 . 2009-12-20 22:40   791920   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-12-20 22:40 . 2009-12-20 22:40   288104   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CPDOEM\CPDOEM.dll
2009-12-20 22:39 . 2009-06-23 04:03   --------   d-----w-   c:\program files\Norton Internet Security
2009-12-20 19:41 . 2009-06-23 04:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-20 19:38 . 2009-11-13 16:33   60664   ----a-w-   c:\documents and settings\Jnanama\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-15 17:37 . 2009-06-23 03:51   --------   d-----w-   c:\program files\Microsoft Works
2009-11-24 22:29 . 2009-11-16 02:05   --------   d-----w-   c:\documents and settings\Jnanama\Application Data\U3
2009-11-16 02:07 . 2009-11-16 02:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\TEMP
2009-11-15 02:40 . 2009-11-15 02:40   --------   d-----w-   c:\documents and settings\Jnanama\Application Data\AVG8
2009-11-15 02:30 . 2009-11-15 02:31   93360   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
2009-11-15 02:30 . 2009-11-15 02:30   93360   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-15 02:30 . 2009-11-15 02:30   554280   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-15 02:30 . 2009-11-15 02:47   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2009-11-15 02:30 . 2009-11-15 02:30   15880   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-15 02:30 . 2009-11-15 02:30   212480   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-15 02:30 . 2009-11-15 02:30   283944   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-15 02:30 . 2009-11-15 02:30   1223976   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-15 02:30 . 2009-11-15 02:30   242984   ----a-w-   c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-15 02:28 . 2009-11-15 02:28   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-15 02:27 . 2009-11-15 02:27   --------   d-----w-   c:\program files\Lavasoft
2009-11-15 02:27 . 2009-11-15 02:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-15 02:19 . 2009-11-15 02:19   --------   d-----w-   c:\program files\AskBarDis
2009-11-15 02:19 . 2009-11-15 02:19   4212   ---ha-w-   c:\windows\system32\zllictbl.dat
2009-11-15 02:19 . 2009-11-15 02:19   --------   d-----w-   c:\program files\Zone Labs
2009-11-15 02:17 . 2009-11-15 02:17   --------   d-----w-   c:\documents and settings\Jnanama\Application Data\Sammsoft
2009-11-15 02:17 . 2009-11-15 02:17   --------   d-----w-   c:\program files\MemTurbo 4
2009-11-15 02:17 . 2009-11-15 02:17   --------   d-----w-   c:\program files\Advanced Registry Optimizer
2009-11-15 01:42 . 2009-11-15 01:42   0   ----a-w-   c:\windows\nsreg.dat
2009-11-13 16:37 . 2009-11-13 16:37   0   ----a-w-   c:\documents and settings\Jnanama\Application Data\wklnhst.dat
2009-11-05 06:30 . 2009-12-20 22:40   466992   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-11-05 06:30 . 2009-12-20 22:40   343088   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-11-05 06:30 . 2009-12-20 22:40   329592   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-11-05 06:30 . 2009-12-20 22:40   811896   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-11-05 06:30 . 2009-12-20 22:40   488312   ----a-w-   c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-29 07:45 . 2009-05-20 19:07   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-05-20 19:07   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2009-05-20 19:07   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 00:23   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2009-05-20 19:07   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-05-20 19:07   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2009-05-20 19:07   79872   ----a-w-   c:\windows\system32\raschap.dll
2009-10-03 08:15 . 2009-11-15 02:28   2924848   -c--a-w-   c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 23:22   333192   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2005-09-23 14:28   270848   ----a-w-   c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2005-09-23 14:28   270848   ----a-w-   c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-16 2002160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

c:\documents and settings\Jnanama\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2009-11-14 3121760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
 SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04   39792   ----a-w-   c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]
2008-08-22 21:33   2084480   ----a-w-   c:\program files\Advanced Registry Optimizer\ARO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-07-08 07:10   3054136   ----a-w-   c:\windows\AsScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2009-08-27 21:53   735208   ----a-w-   c:\program files\ASUS\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-07 01:51   3885408   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00   59392   ----a-w-   c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00   455168   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00   455168   ----a-w-   c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-27 03:22   17567744   ----a-w-   c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-25 20:27   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ASKService"=2 (0x2)
"btwdins"=2 (0x2)
"TapiSrv"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"odserv"=3 (0x3)
"ose"=3 (0x3)
"fsssvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/14/2009 9:31 PM 64288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [12/22/2009 10:50 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [12/22/2009 10:50 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [12/22/2009 10:50 AM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091217.002\IDSXpx86.sys [12/20/2009 7:42 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [6/22/2009 11:03 PM 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [12/22/2009 10:50 AM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/20/2009 7:42 PM 102448]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [6/1/2009 2:26 AM 38912]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/22/2009 10:49 PM 1684736]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [6/1/2009 2:26 AM 39040]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/14/2009 9:19 PM 464264]
S4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 8:08 PM 533360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mail.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\Jnanama\Application Data\Mozilla\Firefox\Profiles\zbotgoou.default\
FF - prefs.js: browser.startup.homepage - mail.yahoo.com
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{4d637875-854f-4771-9f4c-de41ef49f867} - c:\windows\system32\hinovali.dll
SharedTaskScheduler-{8077a75d-cf61-4fa9-b2d1-cf254b1275b7} - c:\windows\system32\jifafusu.dll
SharedTaskScheduler-{87124200-10fc-4030-8c80-233a0c190f7a} - c:\windows\system32\zimuworo.dll
SharedTaskScheduler-{2c9d0ee2-a784-4825-817c-34fdb5b389f3} - c:\windows\system32\yejedotu.dll
SharedTaskScheduler-{bcbd066f-7783-4c28-be45-61b619cdcd1a} - c:\windows\system32\fomasopi.dll
SharedTaskScheduler-{3fc5f7be-406a-456f-8ff6-ded646501f6b} - (no file)
SharedTaskScheduler-{a1db03a4-ce46-4167-88f4-3cb4bae60d8e} - c:\windows\system32\weyokupi.dll
SharedTaskScheduler-{dc2b5773-e8e1-4687-970c-98c94cea08f8} - c:\windows\system32\vonibusa.dll
SSODL-lugubawek-{4d637875-854f-4771-9f4c-de41ef49f867} - c:\windows\system32\hinovali.dll
SSODL-jumefupul-{8077a75d-cf61-4fa9-b2d1-cf254b1275b7} - c:\windows\system32\jifafusu.dll
SSODL-yudevuziy-{87124200-10fc-4030-8c80-233a0c190f7a} - (no file)
SSODL-jofokuyug-{2c9d0ee2-a784-4825-817c-34fdb5b389f3} - (no file)
SSODL-durudemig-{bcbd066f-7783-4c28-be45-61b619cdcd1a} - c:\windows\system32\fomasopi.dll
SSODL-seriburuh-{3fc5f7be-406a-456f-8ff6-ded646501f6b} - c:\windows\system32\kedohugu.dll
SSODL-dehagewef-{a1db03a4-ce46-4167-88f4-3cb4bae60d8e} - c:\windows\system32\weyokupi.dll
SSODL-kuvazumog-{dc2b5773-e8e1-4687-970c-98c94cea08f8} - (no file)
MSConfigStartUp-banawifep - c:\windows\system32\vonibusa.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 01:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2076)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\SoftwareDistribution\Download\Install\dotnetfx35_x86.exe
d:\c4d015ec55f41343f5d0f24e20\dotnetfx35setup.exe
d:\997d4469dea42f194fce\setup.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2009-12-30  02:06:12 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-30 07:06

Pre-Run: 63,173,906,432 bytes free
Post-Run: 64,098,144,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F3FD9CDEE1754F32F23C9CF4BF17E0B8

[Indrananda]

Well, with that mess up there ^ I thought I'd attach the file afterall, just to save yours eyeballs some strain...

[Derek]

please download and run this tool:
http://jpshortstuff.247fixes.com/Kenco.exe
It will only take a few moments, please post the log it produces.

[Indrananda]

Here you go Derek. Thanks.

Kenco by jpshortstuff (30.12.09.1)
Log created at 00:45 on 31/12/2009 (Jnanama)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
Ad-Aware Update (Daily 1).job -> [02:38 23/12/2009] 472 bytes
Ad-Aware Update (Daily 2).job -> [02:38 23/12/2009] 472 bytes
Ad-Aware Update (Daily 3).job -> [02:38 23/12/2009] 472 bytes
Ad-Aware Update (Daily 4).job -> [02:38 23/12/2009] 472 bytes
Ad-Aware Update (Weekly).job -> [02:34 15/11/2009] 472 bytes

-=E.O.F=-

[Would you do all this for nothing?]

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware has become so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

The reason I run this site is to raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the paypal service, just click on one of the buttons below.

To donate in UK £

To donate in US$

To donate in Euro €

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

To donate via paypal when the button doesn't appear or the link doesn't work: just go to www.paypal.com or your country's paypal log in page and chose send money and use help@thehedgehog.co.uk as recipient email address and select other service as the option. then follow prompts

[Information]

  
  Information
   Security & Protection Blog
   Prevention
   Using Autoruns
     System Restore
  Rss feeds
     Microsoft at Home
     MSRC
     Malware blog

Take the Kaspersky Challenge: See what your current antivirus is missing. Our free online virus scanner is a great way to find out if you have any viruses or spyware on your machine without having to uninstall your current antivirus software or install a new one.

Kaspersky Online Scanner

Most importantly, you can see what viruses your current antivirus software let slip through! Now works with ANY Java enabled browser