Excellent, it worked
Posting it here, for all to see the log
Will reply when I've looked it over
=========
ComboFix 09-07-01.01 - Alvaro 07/01/2009 22:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1427 [GMT -4:00]
Running from: c:\tools-av\10612\10612.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Look 'n' Stop 2.06p3 (Soft4Ever) *disabled* {2A530F53-4A99-4EE0-8471-4A00BA4A47B0}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Alvaro\Application Data\inst.exe
c:\documents and settings\Alvaro\Start Menu\Programs\Uninstall.lnk
c:\windows\system32\mlfcache.dat
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.
2009-07-02 02:36 . 2009-07-02 02:36 -------- d-----w- c:\windows\system32\xircom
2009-07-02 02:36 . 2009-07-02 02:36 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-02 02:36 . 2009-07-02 02:36 -------- d-----w- c:\program files\microsoft frontpage
2009-07-02 02:27 . 2009-07-02 02:27 -------- d-----w- C:\Tools-AV
2009-06-27 18:16 . 2009-06-27 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 17:44 . 2009-06-27 17:44 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-27 17:44 . 2009-06-27 17:44 -------- d-----w- C:\HOrtensia
2009-06-27 17:44 . 2009-06-27 17:44 -------- d-----w- C:\Diskettes DL
2009-06-27 17:44 . 2009-06-27 17:44 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-06-17 00:26 . 2009-06-17 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 00:24 . 2009-06-27 17:43 -------- d-----w- c:\program files\QuickTime(2)
2009-06-17 00:19 . 2009-06-27 17:43 -------- d-----w- c:\program files\Bonjour(2)
2009-06-16 18:07 . 2009-06-16 18:07 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2009-06-15 18:51 . 2009-06-15 18:51 -------- d-----w- c:\program files\VS Revo Group
2009-06-14 23:59 . 2009-06-27 17:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-12 16:02 . 2009-06-27 17:44 -------- d-----w- c:\program files\Free ISO Creator
2009-06-12 04:17 . 2009-06-12 11:06 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-12 03:26 . 2009-04-18 16:14 2937720 ----a-w- c:\documents and settings\Alvaro\Application Data\Simply Super Software\Trojan Remover\jai3135.exe
2009-06-11 19:13 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 19:13 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 21:46 . 2009-06-10 21:46 -------- d-----w- c:\documents and settings\Alvaro\Local Settings\Application Data\SCE
2009-06-10 21:44 . 2009-07-01 14:54 -------- d-----w- c:\program files\Sony Online Entertainment
2009-06-10 17:14 . 2009-06-10 17:14 152576 ----a-w- c:\documents and settings\Alvaro\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-07 03:13 . 2009-06-27 17:43 -------- d-----w- c:\program files\Free Window Registry Repair
2009-06-06 03:42 . 2009-06-06 03:42 -------- d-----w- c:\documents and settings\Alvaro\Application Data\OnlineArmor
2009-06-06 03:42 . 2009-06-06 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-06-06 03:41 . 2009-06-03 11:27 21368 ----a-w- c:\windows\system32\drivers\OAmon.sys
2009-06-06 03:41 . 2009-06-03 11:27 27000 ----a-w- c:\windows\system32\drivers\OAnet.sys
2009-06-06 03:41 . 2009-06-03 11:27 197496 ----a-w- c:\windows\system32\drivers\OADriver.sys
2009-06-06 03:41 . 2009-06-06 03:41 -------- d-----w- c:\program files\Tall Emu
2009-06-06 02:49 . 2009-06-06 02:49 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Roxio
2009-06-06 02:48 . 2009-06-30 03:24 256 ----a-w- c:\windows\system32\pool.bin
2009-06-06 02:48 . 2009-06-06 02:48 -------- d-----w- c:\documents and settings\Alvaro\Application Data\Research In Motion
2009-06-06 02:32 . 2009-06-06 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-06 02:32 . 2009-06-06 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-06-06 02:30 . 2009-06-06 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-06-06 02:30 . 2009-06-06 02:31 -------- d-----w- c:\program files\Roxio
2009-06-06 02:30 . 2009-06-06 02:30 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-06 02:28 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2009-06-06 02:27 . 2009-06-06 02:27 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-04 00:41 . 2008-04-14 03:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-06-04 00:40 . 2008-04-14 03:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-06-04 00:40 . 2008-04-14 03:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-06-04 00:40 . 2008-04-14 03:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-06-04 00:40 . 2008-04-14 03:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-04 00:40 . 2008-04-14 03:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-04 00:40 . 2008-04-14 03:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-06-04 00:40 . 2008-04-14 08:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-06-04 00:35 . 2009-06-04 00:35 -------- d-----w- c:\program files\MyDSC2
2009-06-04 00:35 . 2009-06-04 00:35 -------- d-----w- c:\program files\Mars
2009-06-04 00:35 . 2005-12-15 21:34 135168 ----a-w- c:\windows\system32\jl_jdct.drv
2009-06-04 00:35 . 2009-06-04 00:35 -------- d-----w- c:\program files\JL2005B
2009-06-04 00:35 . 2007-04-10 16:36 62794 ----a-w- c:\windows\system32\drivers\jl2005c.sys
2009-06-04 00:34 . 2006-04-11 08:49 118784 ------w- c:\windows\system32\PTTreeIcons.dll
2009-06-04 00:34 . 2009-06-27 17:43 -------- d-----w- c:\program files\Kidz Cam Photo Editing Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 16:50 . 2009-06-27 17:43 -------- d-----w- c:\documents and settings\Alvaro\Application Data\Vista Start Menu
2009-06-27 18:12 . 2008-06-18 07:17 -------- d-----w- c:\program files\Styler
2009-06-27 17:51 . 2009-06-27 17:51 4920 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-27 17:47 . 2008-06-18 07:29 158216 ----a-w- c:\documents and settings\Alvaro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 17:44 . 2008-06-18 15:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-27 17:44 . 2008-06-18 07:17 -------- d-----w- c:\program files\RocketDock
2009-06-27 17:44 . 2008-06-18 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-27 17:43 . 2009-06-27 17:43 -------- d-----w- c:\program files\Bonjour
2009-06-27 17:43 . 2009-06-27 17:43 -------- d-----w- c:\program files\QuickTime
2009-06-27 17:43 . 2009-06-27 17:43 -------- d-----w- c:\program files\iPod
2009-06-27 17:43 . 2009-06-27 17:43 -------- d-----w- c:\program files\iTunes
2009-06-27 17:43 . 2009-06-27 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-06-27 17:43 . 2009-06-17 00:26 -------- d-----w- c:\program files\iPod(2)
2009-06-27 17:43 . 2009-06-17 00:26 -------- d-----w- c:\program files\iTunes(2)
2009-06-27 17:43 . 2008-07-08 03:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-27 17:43 . 2009-06-27 17:43 -------- d-----w- c:\program files\Vista Start Menu
2009-06-25 21:14 . 2009-01-01 18:44 -------- d-----w- c:\documents and settings\Alvaro\Application Data\FrostWire
2009-06-25 21:09 . 2009-06-25 21:09 -------- d-----w- c:\program files\Trend Micro
2009-06-20 22:04 . 2009-06-20 22:04 -------- d-----w- c:\documents and settings\Alvaro\Application Data\Sony Online Entertainment
2009-06-19 04:45 . 2008-06-18 15:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-18 01:58 . 2008-10-06 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy
2009-06-17 15:27 . 2008-10-08 22:25 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-10-08 22:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 02:30 . 2008-06-17 21:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-12 04:27 . 2008-06-18 15:18 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:15 . 2008-07-15 05:10 -------- d-----w- c:\program files\Java
2009-06-06 02:49 . 2008-08-19 01:09 -------- d-----w- c:\documents and settings\Alvaro\Application Data\Roxio
2009-06-06 02:43 . 2009-03-13 00:41 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-06 02:31 . 2008-08-19 00:55 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-06-06 02:30 . 2008-06-18 07:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-21 15:33 . 2008-12-15 19:36 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-18 04:05 . 2009-05-18 04:05 -------- d-----w- c:\documents and settings\Alvaro\Application Data\KodakCredentialStore
2009-05-13 05:15 . 2008-05-18 11:03 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 03:42 . 2009-05-08 03:16 -------- d-----w- c:\documents and settings\Alvaro\Application Data\Download Manager
2009-05-08 03:42 . 2008-12-11 17:28 -------- d-----w- c:\program files\MagicISO
2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 03:42 . 2009-05-07 03:42 -------- d-----w- c:\program files\Western Digital Corporation
2009-05-07 03:32 . 2008-06-27 02:14 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-03 23:09 . 2008-06-26 05:41 -------- d-----w- c:\program files\JetAudio
2009-04-26 21:30 . 2009-04-26 21:30 3928064 ----a-w- c:\documents and settings\Alvaro\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe
2009-04-26 21:30 . 2009-04-26 21:30 917504 ----a-w- c:\documents and settings\Alvaro\Application Data\PowerChallenge\PowerSoccer\TVE3.dll
2009-04-26 21:30 . 2009-04-26 21:30 676464 ----a-w- c:\documents and settings\Alvaro\Application Data\PowerChallenge\PowerSoccer\DFEngine.dll
2009-04-26 21:30 . 2009-04-26 21:30 253952 ----a-w- c:\documents and settings\Alvaro\Application Data\PowerChallenge\PowerSoccer\openal32.dll
2009-04-26 21:30 . 2009-04-26 21:30 54760 ----a-w- c:\documents and settings\Alvaro\Application Data\PowerChallenge\PowerSoccer\webdriver0.dll
2009-04-17 12:26 . 2008-04-14 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 65536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VistaStartMenu"="d:\program files\Vista Start Menu\VistaStartMenu.exe" [2008-04-11 2136064]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-25 1451264]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-29 233472]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-29 131072]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-09-04 315392]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-08-14 352256]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\OAui.exe" [2009-06-03 2059248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-21 19968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]
c:\documents and settings\Alvaro\Start Menu\Programs\Startup\
ImpulseNow.lnk - d:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-5-26 356352]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-6-2 3446512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-06-03 333296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-30 20:30 356352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-22 21:59 174328 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"JMB36X Configure"=c:\windows\system32\JMRaidSetup.exe boot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"CTHelper"=CTHELPER.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SaiVolume"=c:\program files\Saitek\SD6\Software\SaiVolume.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 34824]
R1 lnsfw1;lnsfw1;c:\windows\system32\drivers\lnsfw1.sys [2/1/2009 12:28 AM 79232]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [6/5/2009 11:41 PM 197496]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [6/5/2009 11:41 PM 21368]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [6/5/2009 11:41 PM 27000]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/17/2007 11:19 PM 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 55024]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/24/2008 9:51 PM 468224]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [6/5/2009 11:41 PM 358896]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [4/16/2009 11:55 PM 12032]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [4/16/2009 11:55 PM 39424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/8/2008 6:25 PM 19096]
R3 SaiH0728;SaiH0728;c:\windows\system32\drivers\SaiH0728.sys [3/3/2009 4:26 PM 136448]
S2 MBAMService;MBAMService;"d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [6/5/2009 11:41 PM 3274736]
S3 NHCIENUM;NHCIENUM;c:\windows\system32\DRIVERS\nhcienum.sys --> c:\windows\system32\DRIVERS\nhcienum.sys [?]
S3 NHCIMONO;NHCIMONO;c:\windows\system32\DRIVERS\nhcimono.sys --> c:\windows\system32\DRIVERS\nhcimono.sys [?]
S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 21:57]
2009-07-01 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Alvaro.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-27 15:27]
2009-07-01 c:\windows\Tasks\Malwarebytes' Scheduled Update for Alvaro.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-27 15:27]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with Xilisoft Download YouTube Video - d:\program files\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alvaro\Application Data\Mozilla\Firefox\Profiles\kks25muj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quixtar.com/
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: d:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-01 22:37
Windows 5.1.2600 Service Pack 3, v.5755 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-776561741-651377827-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(820)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\WININET.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
d:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-02 22:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 02:43
Pre-Run: 149,404,958,720 bytes free
Post-Run: 149,277,057,024 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff
306 --- E O F --- 2009-06-27 17:52
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
