0

i remember having to take a test and not knowing anything about the subject and just like then, now
my combo fix report

ComboFix 08-09-05.05 - booker 2008-09-07 0:45:44.1 - NTFSx86

Running from: C:\Documents and Settings\booker.HOME-5214237687\Desktop\ddddaannniiwwweeebb\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\Common\Lib\sguard.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\booker.HOME-5214237687\ResErrors.log
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\tdgdrs33.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_DHLP
-------\Legacy_IPRIP
-------\Service_6to4
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-10-06 18:51 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERe9e6.dir00
2008-10-06 18:48 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER6ac8.dir00
2008-09-23 07:09 . 2008-08-23 00:45 <DIR> d-------- C:\temp\QuickCam_11.80.1065
2008-09-23 03:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf0b7.dir00
2008-09-23 01:06 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WER8778.dir00
2008-09-07 00:55 . 2008-09-07 00:55 53,248 --a------ C:\temp\catchme.dll
2008-09-07 00:54 . 2008-09-07 00:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-07 00:54 . 2008-09-07 00:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-07 00:53 . 2008-09-07 00:53 <DIR> d-------- C:\temp\WPDNSE
2008-09-07 00:51 . 2008-09-07 00:51 16,384 --a----t- C:\temp\Perflib_Perfdata_32c.dat
2008-09-06 19:45 . 2008-09-07 00:54 <DIR> d-------- C:\temp\{C90C518C-0720-4961-B9B5-B579B33311AB}
2008-09-06 15:18 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsb6.tmp
2008-09-06 15:07 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WER5e41.dir00
2008-09-06 14:55 . 2008-09-07 00:54 <DIR> d-------- C:\temp\WERad76.dir00
2008-09-05 08:38 . 2008-09-05 08:38 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-09-05 08:38 . 2008-09-05 08:38 <DIR> d-------- C:\temp\Picasa3
2008-09-05 08:38 . 2008-09-07 00:52 <DIR> d-------- C:\temp\nsu7D.tmp
2008-09-04 20:44 . 2008-09-04 20:44 <DIR> d-------- C:\temp\Google Gadget Cache
2008-08-30 22:19 . 2008-08-30 22:41 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-08-30 15:44 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wzf3e4
2008-08-30 15:42 . 2008-09-04 21:06 <DIR> d-------- C:\temp\wz0a83
2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Documents and Settings\booker.HOME-5214237687\Application Data\Malwarebytes
2008-08-30 07:57 . 2008-08-30 07:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-30 07:57 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-30 07:57 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 01:24 . 2008-08-23 01:24 <DIR> d-------- C:\temp\{ECAB36B7-1453-4DA2-8308-CCA67D1DA735}
2008-08-23 01:24 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{8F5E9A50-4A68-43F2-86D4-A696B7E2A532}
2008-08-23 01:20 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{D9C5206A-F48C-443C-84FE-F673674A4322}
2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\temp\{A3516346-06FD-4EB7-93D1-803542A697C1}
2008-08-23 00:47 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{A90AA336-24E8-4F06-9977-29ED693FC233}
2008-08-23 00:35 . 2008-09-23 03:03 <DIR> d-------- C:\temp\~nsu.tmp
2008-08-23 00:08 . 2008-08-23 00:12 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ascentive
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{6E58355A-6911-4A35-8A3B-808AB3A22FA7}
2008-08-23 00:05 . 2008-08-23 00:05 <DIR> d-------- C:\temp\{3EC28456-29D6-40AB-B438-41CF3CCAD4CF}
2008-08-23 00:05 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2A89E315-2DEC-42E4-934C-C94533E628E1}
2008-08-23 00:05 . 2007-07-03 11:48 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll
2008-08-23 00:03 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{CCDC7478-97CC-4933-92F4-B836890DEFCB}
2008-08-23 00:01 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{2FAFDCAB-0E6C-4547-BB5E-96367B673B4C}
2008-08-22 23:59 . 2008-09-06 19:46 <DIR> d-------- C:\Program Files\Ascentive
2008-08-22 23:59 . 2007-08-10 12:56 303,104 --a------ C:\WINDOWS\system32\ciplListBar.ocx
2008-08-22 23:59 . 2007-08-10 12:56 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
2008-08-22 23:59 . 2008-04-29 13:14 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-08-22 23:59 . 2007-08-10 12:56 155,648 --a------ C:\WINDOWS\system32\ciplImageList.ocx
2008-08-22 23:58 . 2008-08-22 23:59 <DIR> d-------- C:\temp\{C36080B7-84C3-4839-8B16-973DBC1CA2D7}
2008-08-22 23:58 . 2008-08-30 06:48 <DIR> d-------- C:\temp\{408419FF-C461-4DCE-814D-8CD1C398DE23}
2008-08-22 22:41 . 2008-08-30 06:47 <DIR> d-------- C:\temp\WERf713.dir00
2008-08-22 16:45 . 2008-08-22 16:48 <DIR> d-------- C:\temp\plugtmp-6
2008-08-21 01:02 . 2008-08-21 01:03 <DIR> d-------- C:\temp\iss33.tmp
2008-08-21 01:00 . 2008-08-21 01:00 <DIR> d-------- C:\temp\iss17.tmp
2008-08-20 21:53 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2ba3.dir00
2008-08-20 19:38 . 2008-08-21 16:20 <DIR> d-------- C:\temp\WER2a7a.dir00
2008-08-20 04:31 . 2008-08-20 04:31 53,365 --a------ C:\WINDOWS\system32\COMPROHESIVE
2008-08-19 20:22 . 2008-08-22 21:07 <DIR> d-------- C:\temp\plugtmp-5
2008-08-19 17:12 . 2008-08-19 17:12 <DIR> d-------- C:\Program Files\Solitaire.Com
2008-08-19 13:59 . 2008-08-19 22:13 <DIR> d-------- C:\temp\WERe465.dir00
2008-08-19 05:22 . 2008-08-21 09:38 <DIR> d-------- C:\Program Files\Steam
2008-08-18 21:41 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERb528.dir00
2008-08-18 21:34 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERf5a3.dir00
2008-08-18 21:33 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERdc43.dir00
2008-08-18 21:17 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER8a9e.dir00
2008-08-18 20:43 . 2008-08-18 20:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-17 15:10 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER43b3.dir00
2008-08-17 15:05 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERadbd.dir00
2008-08-14 03:06 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 3 for OpticalMouse-MicroInnovations-.zip
2008-08-14 03:05 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 2 for OpticalMouse-MicroInnovations-.zip
2008-08-14 01:02 . 2008-08-21 16:55 <DIR> d-------- C:\WINDOWS\Logs
2008-08-12 20:30 . 2008-08-19 12:47 <DIR> d-------- C:\temp\plugtmp-4
2008-08-12 18:29 . 2008-08-12 18:29 <DIR> d-------- C:\temp\MCA6D.tmp
2008-08-12 18:29 . 2002-03-13 08:50 23,296 --a------ C:\WINDOWS\system32\drivers\NaiFiltr.sys
2008-08-12 18:28 . 2008-09-04 21:06 <DIR> d-------- C:\temp\vsoaol8026.tmp
2008-08-12 17:18 . 2008-08-12 17:19 <DIR> d-------- C:\temp\CDM
2008-08-12 11:19 . 2008-08-31 08:48 <DIR> d-------- C:\Program Files\PowerArchiver
2008-08-12 11:19 . 2008-08-12 11:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ConeXware
2008-08-12 09:49 . 2008-09-07 00:52 <DIR> d--h----- C:\temp\Temporary Directory 1 for OpticalMouse-MicroInnovations-.zip
2008-08-12 09:49 . 2008-08-12 09:49 <DIR> d-------- C:\Program Files\Browser Mouse
2008-08-12 09:49 . 2000-05-09 22:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.VXD
2008-08-12 05:27 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER6d96.dir00
2008-08-12 05:23 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WERfd71.dir00
2008-08-12 05:22 . 2008-08-19 12:36 <DIR> d-------- C:\temp\WER3812.dir00
2008-08-10 17:18 . 2008-08-19 12:47 <DIR> d-------- C:\temp\pftA.tmp
2008-08-10 16:31 . 2008-08-19 12:46 <DIR> d-------- C:\temp\pft13.tmp
2008-08-10 03:29 . 2008-08-10 03:29 6,656 --ahs---- C:\Thumbs.db
2008-08-09 03:23 . 2008-08-09 03:24 <DIR> d-------- C:\temp\plugtmp-3
2008-08-07 20:12 . 2008-09-07 00:56 <DIR> d-------- C:\Documents and Settings\booker.HOME-5214237687\Application Data\OpenOffice.org2
2008-08-07 20:10 . 2008-08-07 20:10 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 02:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-06 22:18 --------- d-----w C:\Program Files\Google
2008-08-31 15:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-08-31 01:11 --------- d-----w C:\Program Files\NovaLogic
2008-08-30 15:56 --------- d-----w C:\Program Files\PremierOpinion
2008-08-21 18:49 --------- d-----w C:\Program Files\GPL 2004 DEMO
2008-08-21 18:39 --------- d-----w C:\Program Files\SpaceHaste
2008-08-21 12:04 --------- d-----w C:\Program Files\Common Files\Logitech
2008-08-21 08:03 --------- d-----w C:\Program Files\Logitech
2008-08-21 08:01 --------- d-----w C:\Program Files\DivX
2008-08-21 08:00 --------- d-----w C:\Program Files\Creative
2008-08-21 07:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2008-08-21 07:54 --------- d-----w C:\Program Files\GedSmart
2008-08-20 00:12 --------- d-----w C:\Documents and Settings\booker.HOME-5214237687\Application Data\Solitaire.Com
2008-08-19 12:56 --------- d-----w C:\Program Files\Java
2008-08-13 01:29 --------- d-----w C:\Program Files\McAfee.com
2008-08-12 22:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-08-12 18:46 --------- d-----w C:\Program Files\WinAce
2008-08-11 00:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-08-07 18:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-07-23 03:28 --------- d-----w C:\Documents and Settings\booker.HOME-5214237687\Application Data\ErrorSmart
2008-07-22 23:06 --------- d-----w C:\Program Files\NOS
2008-07-22 23:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-07-22 05:54 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-22 05:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-20 20:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
2008-07-14 11:04 --------- d-----w C:\Program Files\EZ Emoticons
2008-05-01 09:54 784 ----a-w C:\Documents and Settings\booker.HOME-5214237687\Application Data\mpauth.dat
1998-10-24 07:00 700 -csha-w C:\WINDOWS\dv11mxv_0$1_783482.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 557056]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe" [2008-02-01 173312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-04 29744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2002-12-02 C:\WINDOWS\MIDIDEF.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 44544]
"RunNarrator"="Narrator.exe" [2008-04-14 C:\WINDOWS\system32\narrator.exe]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-02 C:\WINDOWS\MIDIDEF.EXE]
"DefaultP17"="P17Def.Exe" [2005-05-02 C:\WINDOWS\P17DEF.EXE]

C:\Documents and Settings\booker.HOME-5214237687\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
QuickLink Mobile.lnk - C:\Program Files\Verizon Wireless\QuickLink Mobile\QuickLink Mobile.exe [2006-06-27 917504]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 fasttrak;fasttrak;C:\WINDOWS\system32\DRIVERS\fasttrak.sys [2002-04-23 73856]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 9728]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 53329]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 20225]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-04 29744]
S3 lgatbus;LG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\lgatbus.sys [2002-10-15 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\lgatmdm.sys [2002-10-15 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);C:\WINDOWS\system32\DRIVERS\lgatserd.sys [2002-10-15 60816]
S3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 20464]
S3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys [2006-03-20 1452032]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PLUsbbc2;Hi-Speed USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc2.sys [2003-03-04 7936]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys [2007-05-01 132232]
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys [2007-05-01 28416]
S4 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2007-08-10 69120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
SharedTaskScheduler-{588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
SharedTaskScheduler-{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\booker.HOME-5214237687\Application Data\Mozilla\Firefox\Profiles\k0zmzvbx.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin9.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
.
.
------- File Associations (Beta) -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 00:55:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\TEMP\sv9l5.tmp
C:\TEMP\sv9l5.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\Common\Lib\sguard.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-09-07 1:09:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 08:09:37

Pre-Run: 38,670,258,176 bytes free
Post-Run: 38,901,612,544 bytes free

292 --- E O F --- 2008-09-07 07:58:14

2
Contributors
4
Replies
5
Views
9 Years
Discussion Span
Last Post by jholland1964
0

Can you tell us the reason you ran combofix in the first place? You really shouldn't run that unless directed to do so after running the steps in the link below.
You need to go HERE and complete the steps given there. Including ATF-Cleaner, to get rid of all those temp files...this should always be a FIRST Step. Then run Malwarebytes' Anti-Malware and allow it to fix what it finds. Do the online ESET Scan and SKIP the DSS program as it is not available at this time.
Following that please run HiJackThis on a full system scan and save the log. Post back here with the MBA-M log and the HiJackThis log.
Judy

0

i assure you i didnt just run combofix by just dreaming up the name and then luckily finding a program that actually matched the dreamt up name. I was sent there.

well j holland, theres a problem with my computer and its me. i have been trying to do what you have asked.

j let me say i'll start anew again if thats what you would like me to do.I have no problem with that

let me try to type what i think i mean to say i.m starting off with a computer that has no partiton and it tells me to reboot. I also have a lot of files im trying to give a name too. i have many files with the name new file. i have many files that r named 1 2 3 4 5 6 etc . I also trying to copy alll these files onto a another harddrive but for sure as cats meow i get blue screened

this is of course all not my biggest problem its the fact i either have to change the month ahead a month right after starting so that when im told that my comp is going to shut down in 59 sec i change the calender back to the correct month and i get 30 days and 59 seconds r i use the abort command.
I hope you understand and will be willing to put up with my ignorance im not even to sure how to put or where to put my scans after i get them but heres one that i was able to copy its the files in my add and remove list in which theres alot i cant get rid of ty booker

Acrobat.com
AcroChallenge 2.86
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9
Adobe Reader Chinese Traditional Fonts
Adobe Shockwave Player
Apple Software Update
Bird Hunter 2003 Demo
CCleaner (remove only)
DivX Codec
Double Solitaire 2.00
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
ebgcInfra
ebgcRes
ebgcSDK
ESET Online Scanner
FasType Typing Tutorial 6
FlatOut Demo
FLV Player 2.0, build 24
FoxyTunes for Firefox
Google Desktop
Google Earth
Google Photos Screensaver
Google SketchUp 6
Google Toolbar for Internet Explorer
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
HijackThis 2.0.2
iTunes
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Math Logic 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MVision
Norton Security Scan
NVIDIA Drivers
OpenOffice.org 2.4
Peggle Extreme
Platform
Portal: The First Slice
PowerArchiver 2007
QuickTime
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
SmartFTP Client 2.0
Sound Blaster Audigy
Sportsbook.com Poker
Steam
Stickman 4
SystemSuite 8 Professional
URGE
VIA Rhine-Family Fast Ethernet Adapter
VideoLAN VLC media player 0.8.6c
WebFldrs XP
WinAce Archiver 2.0
Windows Communication Foundation
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinZip 11.1

0

hers the ones i cant get rid of

Adobe Reader Chinese Traditional Fonts
Bird Hunter 2003 Demo
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14
ebgcInfra
ebgcRes
ebgcSDK
FasType Typing Tutorial 6
FlatOut Demo
Google Photos Screensaver
Google Toolbar for Internet Explorer
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Windows Journal Viewer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MVision
Norton Security Scan
Platform
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
SmartFTP Client 2.0
Stickman 4
URGE
WebFldrs XP
Windows Communication Foundation
Windows Presentation Foundation
Windows Workflow Foundation

0

i assure you i didnt just run combofix by just dreaming up the name and then luckily finding a program that actually matched the dreamt up name. I was sent there.

That is not what I meant. I didn't think you just dreamed it up. But now the question is WHO told you to use it and WHY?

Combofix wouldn't remove those programs you note, those are legitimate programs. Combofix is a scanner used to scan for malware and hopefully will remove the malware it finds. But it isn't generally going to remove legitimate programs, especially those which came installed on the computer having to do with the operating system or updates to that system or to those programs.

When you say "Here's the ones I can't get rid of" do you mean they will not uninstall? How did you try to uninstall them and WHY? Many of the items you show are Security Updates for various Microsoft programs and shouldn't be removed.

You have not told us what operating system you are running, though I have to assume, based on the Add/Remove list is that it is XPSP3

WHy do you want to get rid of Dr. Watson?

To pick some others at random...your Add/Remove list shows the following Java versions in the list;
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
But you state you "can't get rid of" only J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2. If the others are on the list then they aren't removed either. The only one you need is Java(TM) 6 Update 7.

All of the listings for Office are a part of the Microsoft Office program or updates to Microsoft Office. Do you want to Uninstall the Office Program? If you Uninstall the Microsoft Office program entirely then generally all of those would be uninstalled also.

The way to Uninstall is first to go through the Add/Remove in the Control Panel and remove them that way. If they aren't listed then go into the Start, All Programs menu and see if there is an Uninstall Option on the various programs you note. You have to look in each program. If they aren't listed there then search on the computer for the program folder and see if there is an uninstall option within that program folder.

We need actual information about the computer and the operating system installed. Do you feel your computer is infected with something? If so, what are the symptoms?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.