Page 2 - Help with not working antivirus/firewall/ ...

SUPERAntiSpyware Scan Log
http;//www.superantispyware.com

Generated 03/24/2008 at 10;03 AM

Application Version ; 4.0.1154

Core Rules Database Version ; 3423
Trace Rules Database Version; 1415

Scan type ; Complete Scan
Total Scan Time ; 00;37;40

Memory items scanned ; 453
Memory threats detected ; 0
Registry items scanned ; 7245
Registry threats detected ; 12
File items scanned ; 20690
File threats detected ; 30

Adware.Tracking Cookie
C;\Documents and Settings\Maros\Cookies\maros@toplist[2].txt
C;\Documents and Settings\Maros\Cookies\maros@atwola[2].txt
C;\Documents and Settings\Maros\Cookies\maros@server.iad.liveperson[2].txt
C;\Documents and Settings\Maros\Cookies\maros@revsci[2].txt
C;\Documents and Settings\Maros\Cookies\maros@www.trafficexplorer[2].txt
C;\Documents and Settings\Maros\Cookies\maros@pacificpoker[1].txt
C;\Documents and Settings\Maros\Cookies\maros@toplist[1].txt
C;\Documents and Settings\Maros\Cookies\maros@adrenalinesk[1].txt
C;\Documents and Settings\Maros\Cookies\maros@doubleclick[2].txt
C;\Documents and Settings\Maros\Cookies\maros@usenext[2].txt
C;\Documents and Settings\Maros\Cookies\maros@adlegend[2].txt
C;\Documents and Settings\Maros\Cookies\maros@shop.mediatech[1].txt
C;\Documents and Settings\Maros\Cookies\maros@int.sitestat[3].txt
C;\Documents and Settings\Maros\Cookies\maros@roiservice[1].txt
C;\Documents and Settings\Maros\Cookies\maros@int.sitestat[1].txt
C;\Documents and Settings\Maros\Cookies\maros@tribalfusion[2].txt
C;\Documents and Settings\Maros\Cookies\maros@ad.yieldmanager[2].txt
C;\Documents and Settings\Maros\Cookies\maros@rambler[2].txt
C;\Documents and Settings\Maros\Cookies\maros@int.sitestat[2].txt
C;\Documents and Settings\Maros\Cookies\maros@perf.overture[1].txt
C;\Documents and Settings\Maros\Cookies\maros@adv.meteo[1].txt
C;\Documents and Settings\Maros\Cookies\maros@ad2.bbmedia[2].txt
C;\Documents and Settings\Maros\Cookies\maros@imrworldwide[2].txt
C;\Documents and Settings\Maros\Cookies\maros@2o7[2].txt
C;\Documents and Settings\Maros\Cookies\maros@as1.falkag[2].txt
C;\Documents and Settings\Maros\Cookies\maros@adarbo2.bbmedia[1].txt
C;\Documents and Settings\Maros\Cookies\maros@www.3dstats[1].txt
C;\Deckard\System Scanner\backup\DOCUME~1\Maros\LOCALS~1\Temp\Cookies\maros@atwola[2].txt
C;\Deckard\System Scanner\backup\DOCUME~1\Maros\LOCALS~1\Temp\Cookies\maros@2o7[1].txt

CommonName Toolbar/Browser Helper Object
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\Implemented Categories
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32#ThreadingModel
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\ProgID
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\Programmable
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\TypeLib
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\VersionIndependentProgID

Adware.WhenU
HKCR\WUSE.1
HKCR\WUSE.1#WUSE_Id

Unclassified.Unknown Origin
C;\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LMSAL1K.EXE

still waiting on the activescan.txt from panda.

Hi, I know, but took a while to scan all pc by panda. Here is the log. I'm about to run Hijack and combofix now, so the log will be ready in few minutes ...


Incident Status Location

Potentially unwanted tool;Application/MyWebSearch Not disinfected C;\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
Spyware;spyware/commonname Not disinfected c;\windows\system32\winnet.ini
Adware;adware/iedriver Not disinfected c;\windows\system32\IEDriver
Adware;adware/ncase Not disinfected c;\program files\n-Case
Adware;adware/whenusearch Not disinfected Windows Registry
Spyware;Cookie/Toplist Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.toplist.cz/]
Spyware;Cookie/Com.com Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.com.com/]
Spyware;Cookie/Doubleclick Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.doubleclick.net/]
Spyware;Cookie/PointRoll Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.ads.pointroll.com/]
Spyware;Cookie/Atlas DMT Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.atdmt.com/]
Spyware;Cookie/Mediaplex Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.mediaplex.com/]
Spyware;Cookie/Adverserve Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.adverserve.net/]
Spyware;Cookie/SpyLog Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.spylog.com/]
Spyware;Cookie/Azjmp Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.azjmp.com/]
Spyware;Cookie/Statcounter Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.statcounter.com/]
Spyware;Cookie/Casalemedia Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.casalemedia.com/]
Spyware;Cookie/FastClick Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.fastclick.net/]
Spyware;Cookie/Tribalfusion Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.tribalfusion.com/]
Spyware;Cookie/FastClick Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.fastclick.net/]
Spyware;Cookie/BurstNet Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.burstnet.com/]
Spyware;Cookie/YieldManager Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[ad.yieldmanager.com/]
Spyware;Cookie/Zedo Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.zedo.com/]
Spyware;Cookie/WebtrendsLive Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[statse.webtrendslive.com/]
Spyware;Cookie/Adtech Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.adtech.de/]
Spyware;Cookie/Toplist Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[www.toplist.cz/]
Spyware;Cookie/Overture Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.overture.com/]
Spyware;Cookie/Advertising Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.advertising.com/]
Spyware;Cookie/RealMedia Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.realmedia.com/]
Spyware;Cookie/Atwola Not disinfected C;\Documents and Settings\Maros\Application Data\Mozilla\Firefox\Profiles\lyccbf2p.default\cookies.txt[.atwola.com/]
Spyware;Cookie/888 Not disinfected C;\Documents and Settings\Maros\Cookies\maros@888[2].txt
Spyware;Cookie/Tribalfusion Not disinfected C;\Documents and Settings\Maros\Cookies\maros@tribalfusion[2].txt
Virus;Trj/Bancos.RQ Not disinfected C;\Documents and Settings\Maros\Desktop\MzCombo.exe[327882R2FWJFW\pv.cfexe]
Virus;Trj/Bancos.RQ Not disinfected G;\MzCombo.exe[327882R2FWJFW\pv.cfexe]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16;40;38, on 24.3.2008
Platform; Windows XP SP2 (WinNT 5.01.2600)
MSIE; Internet Explorer v7.00 (7.00.6000.16608)
Boot mode; Normal

Running processes;
C;\WINDOWS\System32\smss.exe
C;\WINDOWS\system32\winlogon.exe
C;\WINDOWS\system32\services.exe
C;\WINDOWS\system32\lsass.exe
C;\WINDOWS\system32\svchost.exe
C;\WINDOWS\System32\svchost.exe
C;\WINDOWS\system32\svchost.exe
C;\WINDOWS\System32\WLTRYSVC.EXE
C;\WINDOWS\System32\bcmwltry.exe
C;\WINDOWS\system32\spoolsv.exe
C;\WINDOWS\Explorer.EXE
C;\WINDOWS\system32\igfxsrvc.exe
C;\WINDOWS\system32\hkcmd.exe
C;\WINDOWS\system32\igfxpers.exe
C;\WINDOWS\stsystra.exe
C;\Program Files\Synaptics\SynTP\SynTPEnh.exe
C;\Program Files\Dell\QuickSet\Quickset.exe
C;\WINDOWS\system32\WLTRAY.exe
C;\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C;\Program Files\Dell\Media Experience\DMXLauncher.exe
C;\WINDOWS\system32\dla\tfswctrl.exe
C;\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C;\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C;\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C;\Program Files\iTunes\iTunesHelper.exe
C;\Program Files\Common Files\Real\Update_OB\realsched.exe
C;\WINDOWS\system32\ctfmon.exe
C;\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C;\WINDOWS\System32\svchost.exe
C;\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C;\WINDOWS\system32\svchost.exe
C;\WINDOWS\system32\svchost.exe
C;\Program Files\iPod\bin\iPodService.exe
C;\Program Files\MSN Messenger\usnsvc.exe
C;\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file;///C;/www/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http;//go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http;//go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http;//go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http;//go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http;//www1.euro.dell.com/content/default.aspx?c=sk&l=sk&s=gen
O2 - BHO; BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O2 - BHO; Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C;\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO; Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C;\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO; RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C;\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO; DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C;\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO; SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C;\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO; IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} - c;\Program Files\IE7\Adons\Developer Toolbar\IEDevToolbar.dll
O2 - BHO; Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C;\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar; Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} - c;\Program Files\IE7\Adons\Developer Toolbar\IEDevToolbar.dll
O3 - Toolbar; Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C;\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar; Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C;\PROGRA~1\Zend\ZENDST~1\bin\ZENDIE~1.DLL
O4 - HKLM\..\Run; [igfxtray] C;\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run; [igfxhkcmd] C;\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run; [igfxpers] C;\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run; [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run; [SynTPEnh] C;\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run; [Dell QuickSet] C;\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run; [Broadcom Wireless Manager UI] C;\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run; [DVDLauncher] "C;\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run; [DMXLauncher] C;\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run; [ISUSPM Startup] "C;\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run; [ISUSScheduler] "C;\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run; [MpsOnn] C;\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe
O4 - HKLM\..\Run; [dla] C;\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run; [SunJavaUpdateSched] "C;\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run; [ICQ Lite] "C;\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run; [SSBkgdUpdate] "C;\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run; [PaperPort PTD] C;\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run; [IndexSearch] C;\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run; [OpwareSE2] "C;\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run; [NeroFilterCheck] C;\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run; [QuickTime Task] "C;\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run; [iTunesHelper] "C;\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run; [ShaPlus Bandwidth Meter] "C;\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run; [Adobe Photo Downloader] "C;\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run; [TkBellExe] "C;\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run; [ctfmon.exe] C;\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run; [MsnMsgr] "C;\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run; [Switchboard] C;\Program Files\Switchboard\Switchboard.exe
O4 - HKCU\..\Run; [DU Meter] C;\WINDOWS\system32\DUMeter.exe
O4 - HKCU\..\Run; [Right Web Monitor Pro] C;\Program Files\Right Web Monitor Pro\webmonpro.exe
O4 - HKCU\..\Run; [SUPERAntiSpyware] C;\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce; [ICQ Lite] C;\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-18\..\Run; [CTFMON.EXE] C;\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run; [Picasa Media Detector] C;\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run; [Nokia.PCSync] "C;\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run; [CTFMON.EXE] C;\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup; Microsoft Office Outlook 2003.lnk = ?
O4 - Startup; Total Commander.lnk = C;\Program Files\totalcmd\TOTALCMD.EXE
O4 - Global Startup; Adobe Gamma Loader.lnk = C;\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item; &Clean Traces - C;\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item; &Download with &DAP - C;\Program Files\DAP\dapextie.htm
O8 - Extra context menu item; Add A Page Note - C;\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item; Bookmark This Page - C;\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item; Download &all with DAP - C;\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item; Download &Flash Movies - C;\Program Files\Flash Hunter\save.htm
O8 - Extra context menu item; Email This Link - C;\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item; Search using CommonName - C;\Program Files\CommonName\AddressBar\navigate.htm
O8 - Extra context menu item; Zend Studio - Debug current page - res;//C;\Program Files\Zend\ZendStudioClient5\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item; Zend Studio - Debug next page - res;//C;\Program Files\Zend\ZendStudioClient5\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button; iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C;\Program Files\IE7\Adons\iMacros\imacros.dll (file missing)
O9 - Extra button; (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C;\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem; Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C;\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button; (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C;\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem; Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C;\WINDOWS\bdoscandel.exe
O9 - Extra button; Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C;\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button; Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C;\PROGRA~1\Zend\ZENDST~1\bin\ZENDIE~1.DLL
O9 - Extra 'Tools' menuitem; Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C;\PROGRA~1\Zend\ZENDST~1\bin\ZENDIE~1.DLL
O9 - Extra button; ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C;\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem; ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C;\Program Files\ICQLite\ICQLite.exe
O9 - Extra button; (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C;\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem; @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C;\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button; Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C;\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem; Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C;\Program Files\Messenger\msmsgs.exe
O9 - Extra button; Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C;\Program Files\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem; &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C;\Program Files\Flash Hunter\save.htm (file missing) (HKCU)
O11 - Options group; [CommonName] CommonName
O16 - DPF; {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http;//download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF; {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http;//acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF; {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http;//fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol hijack; cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O18 - Protocol; skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C;\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify; !SASWinLogon - C;\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service; Adobe LM Service - Adobe Systems - C;\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service; Apple Mobile Device - Apple, Inc. - C;\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service; Google Updater Service (gusvc) - Google - C;\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service; iPod Service - Apple Inc. - C;\Program Files\iPod\bin\iPodService.exe
O23 - Service; Macromedia Licensing Service - Unknown owner - C;\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service; McAfee WSC Integration (McDetect.exe) - Unknown owner - c;\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service; McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c;\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service; MySQL5 - Unknown owner - C;\Program.exe (file missing)
O23 - Service; NICCONFIGSVC - Dell Inc. - C;\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service; ServiceLayer - Nokia. - C;\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service; Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C;\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12191 bytes

ComboFix 08-03-22.1 - Maros 2008-03-24 16;43;39.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.644 [GMT 1;00]
Running from; C;\Documents and Settings\Maros\Desktop\MzCombo.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 10;14 . 2008-03-24 12;04 <DIR> d-------- C;\WINDOWS\system32\ActiveScan
2008-03-24 10;14 . 2008-03-24 10;14 <DIR> d-------- C;\WINDOWS\LastGood
2008-03-24 10;14 . 2008-03-24 10;14 30,590 --a------ C;\WINDOWS\system32\pavas.ico
2008-03-24 10;14 . 2008-03-24 10;14 2,550 --a------ C;\WINDOWS\system32\Uninstall.ico
2008-03-24 10;14 . 2008-03-24 10;14 1,406 --a------ C;\WINDOWS\system32\Help.ico
2008-03-24 09;22 . 2008-03-24 11;50 <DIR> d-------- C;\Program Files\SUPERAntiSpyware
2008-03-24 09;22 . 2008-03-24 09;22 <DIR> d-------- C;\Documents and Settings\Maros\Application Data\SUPERAntiSpyware.com
2008-03-24 09;22 . 2008-03-24 09;22 <DIR> d-------- C;\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-23 20;26 . 2008-03-23 23;12 <DIR> d-------- C;\WINDOWS\BDOSCAN8
2008-03-23 20;17 . 2008-03-23 20;17 <DIR> d-------- C;\Program Files\Malwarebytes' Anti-Malware
2008-03-23 20;17 . 2008-03-23 20;17 <DIR> d-------- C;\Documents and Settings\Maros\Application Data\Malwarebytes
2008-03-23 20;17 . 2008-03-23 20;17 <DIR> d-------- C;\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-22 22;02 . 2008-03-22 22;02 <DIR> d-------- C;\Deckard
2008-03-22 15;10 . 2008-03-22 15;10 <DIR> d-------- C;\Program Files\Alwil Software
2008-03-14 09;53 . 2008-03-14 17;17 <DIR> d-------- C;\Program Files\Media Art
2008-03-14 08;45 . 2008-03-14 08;45 <DIR> d-------- C;\Documents and Settings\Maros\Application Data\AdobeAUM
2008-02-28 15;29 . 2008-03-13 20;42 <DIR> d-------- C;\Program Files\ProStockMaster_DB
2008-02-26 15;32 . 2008-02-28 15;29 <DIR> d-------- C;\Program Files\ProStockMaster
2008-02-26 10;03 . 2008-03-06 17;01 <DIR> d-------- C;\Program Files\Stock Photo Express
2008-02-26 09;29 . 2008-02-26 09;29 <DIR> d-------- C;\Program Files\onOne Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-24 15;40 --------- d---a-w C;\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 10;43 --------- d-----w C;\Program Files\MSN Messenger
2008-03-24 10;33 --------- d-----w C;\Program Files\iTunes
2008-03-24 10;31 --------- d-----w C;\Program Files\DAP
2008-03-24 08;22 --------- d-----w C;\Program Files\Common Files\Wise Installation Wizard
2008-03-23 08;15 --------- d-----w C;\Program Files\Bandwidth Monitor
2008-03-22 14;32 --------- d-----w C;\Documents and Settings\All Users\Application Data\avg7
2008-03-22 12;50 --------- d-----w C;\Program Files\CZDCplusplus
2008-03-22 12;01 --------- d-----w C;\Documents and Settings\Maros\Application Data\AVG7
2008-03-22 10;29 --------- d-----w C;\Program Files\eMule
2008-03-21 10;59 --------- d-----w C;\Documents and Settings\Maros\Application Data\OpenOffice.org2
2008-03-14 16;28 9,550 --sha-w C;\WINDOWS\system32\KGyGaAvL.sys
2008-03-14 07;31 --------- d--h--w C;\Program Files\InstallShield Installation Information
2008-02-28 22;01 --------- d-----w C;\Program Files\Mp3tag
2008-02-27 21;25 --------- d-----w C;\Documents and Settings\Maros\Application Data\Skype
2008-02-22 10;30 --------- d-----w C;\Program Files\AviSynth 2.5
2008-02-22 10;29 --------- d-----w C;\Program Files\SuperDVD Video Editor
2008-02-21 21;06 --------- d-----w C;\Documents and Settings\Maros\Application Data\HighAndes
2008-02-21 21;06 --------- d-----w C;\Documents and Settings\All Users\Application Data\HighAndes
2008-02-21 18;26 --------- d-----w C;\Program Files\VideoThangTM
2008-02-16 14;47 --------- d-----w C;\Program Files\totalcmd
2008-02-16 13;55 --------- d-----w C;\Program Files\strong
2008-02-16 13;54 --------- d-----w C;\Program Files\7-Zip
2008-02-15 12;12 20 ---h--w C;\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-02-14 21;30 --------- d-----w C;\Program Files\FBOffline
2008-02-14 21;29 --------- d-----w C;\Program Files\BSplayer
2008-02-14 21;29 --------- d-----w C;\Program Files\BrowserSizer
2008-02-14 21;29 --------- d-----w C;\Documents and Settings\Maros\Application Data\BSplayer
2008-02-14 20;51 0 ----a-w C;\as.dat
2008-02-14 14;45 --------- d-----w C;\Program Files\Real
2008-02-14 14;45 --------- d-----w C;\Program Files\Common Files\xing shared
2008-02-14 14;45 --------- d-----w C;\Program Files\Common Files\Real
2008-02-12 14;18 --------- d-----w C;\Program Files\NoiseNinja2
2008-02-07 12;41 --------- d-----w C;\Program Files\ElcomSoft
2008-02-06 14;20 --------- d-----w C;\Documents and Settings\All Users\Application Data\Redfield
2008-02-01 11;52 --------- d-----w C;\Documents and Settings\Maros\Application Data\ACD Systems
2008-02-01 11;50 --------- d-----w C;\Program Files\Common Files\ACD Systems
2008-02-01 11;50 --------- d-----w C;\Program Files\ACD Systems
2008-02-01 11;50 --------- d-----w C;\Documents and Settings\All Users\Application Data\ACD Systems
2008-01-28 10;52 --------- d-----w C;\Program Files\Mozilla Sunbird
2008-01-18 15;12 200 ----a-w C;\Program Files\chargeqws
2008-01-15 09;57 73,216 ----a-w C;\WINDOWS\ST6UNST.EXE
2008-01-15 09;57 249,856 ------w C;\WINDOWS\Setup1.exe
2008-01-11 05;53 44,544 ----a-w C;\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 14;01 53,248 ----a-w C;\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_ 9.28.44.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 19;27;12 45,056 ----a-w C;\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-23 19;27;12 10,240 ----a-w C;\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-23 19;27;12 27,136 ----a-w C;\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-23 19;27;13 181,760 ----a-w C;\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 14;01;48 118,784 ----a-w C;\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 14;01;48 53,248 ----a-w C;\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-23 19;27;14 142,848 ----a-w C;\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-23 19;27;12 86,016 ----a-w C;\WINDOWS\BDOSCAN8\librtvr.dll
+ 2006-08-24 07;28;54 141,424 ----a-w C;\WINDOWS\Downloaded Program Files\asinst.dll
+ 2008-01-09 14;01;48 118,784 ----a-w C;\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 14;01;48 53,248 ----a-w C;\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-03-24 08;22;28 18,944 ----a-r C;\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-24 08;22;28 65,024 ----a-r C;\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-03-29 08;20;50 110,592 ----a-w C;\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 15;15;26 233,472 ----a-w C;\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 13;03;18 96,256 ----a-w C;\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 10;00;16 36,864 ----a-w C;\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 12;42;44 86,016 ----a-w C;\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 08;46;18 26,112 ----a-w C;\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-16 17;20;20 4,608 ----a-w C;\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-25 17;08;32 348,160 ----a-w C;\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 10;10;36 61,440 ----a-w C;\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 14;01;02 139,264 ----a-w C;\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 12;04;10 45,056 ----a-w C;\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 09;50;02 159,832 ----a-w C;\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 12;05;38 94,208 ----a-w C;\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-16 17;35;38 180,224 ----a-w C;\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 15;15;38 122,880 ----a-w C;\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 10;31;52 57,344 ----a-w C;\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 13;13;38 8,704 ----a-w C;\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13;08;42 49,152 ----a-w C;\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 09;04;14 36,864 ----a-w C;\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 12;23;10 69,632 ----a-w C;\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 09;00;06 376,832 ----a-w C;\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 12;05;06 32,768 ----a-w C;\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 10;38;14 10,752 ----a-w C;\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 10;49;54 61,440 ----a-w C;\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 07;46;18 779,264 ----a-w C;\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 13;25;34 417,792 ----a-w C;\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 09;42;24 90,112 ----a-w C;\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 09;55;58 208,896 ----a-w C;\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 15;57;00 9,728 ----a-w C;\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 08;50;12 14,336 ----a-w C;\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09;58;12 33,280 ----a-w C;\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 13;42;36 266,240 ----a-w C;\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 13;33;14 62,976 ----a-w C;\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 12;13;10 13,312 ----a-w C;\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 07;53;08 69,632 ----a-w C;\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 07;49;50 167,936 ----a-w C;\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 08;30;16 105,472 ----a-w C;\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 13;29;08 10,752 ----a-w C;\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 08;30;38 42,496 ----a-w C;\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 10;19;22 98,304 ----a-w C;\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 07;52;00 20,272 ----a-w C;\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 14;49;34 11,776 ----a-w C;\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 07;52;04 76,080 ----a-w C;\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 07;52;06 21,296 ----a-w C;\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 14;26;28 28,672 ----a-w C;\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 10;40;10 86,016 ----a-w C;\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 10;27;36 27,136 ----a-w C;\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 16;16;04 353,840 ----a-w C;\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 13;42;48 35,328 ----a-w C;\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 08;44;36 8,576 ----a-w C;\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 09;56;40 44,928 ----a-w C;\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 05;12;32 9,488 ----a-w C;\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 16;23;40 69,632 ----a-w C;\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 08;14;08 126,976 ----a-w C;\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 11;39;06 73,728 ----a-w C;\WINDOWS\system32\asuninst.exe
+ 2003-03-25 17;53;50 11,776 ----a-w C;\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C;\WINDOWS\system32\ctfmon.exe" [2004-08-04 05;00 15360]
"MsnMsgr"="C;\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12;54 5674352]
"Switchboard"="C;\Program Files\Switchboard\Switchboard.exe" [ ]
"DU Meter"="C;\WINDOWS\system32\DUMeter.exe" [ ]
"Right Web Monitor Pro"="C;\Program Files\Right Web Monitor Pro\webmonpro.exe" [ ]
"SUPERAntiSpyware"="C;\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16;03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C;\WINDOWS\system32\igfxtray.exe" [2005-12-13 16;44 98304]
"igfxhkcmd"="C;\WINDOWS\system32\hkcmd.exe" [2005-12-13 16;41 77824]
"igfxpers"="C;\WINDOWS\system32\igfxpers.exe" [2005-12-13 16;45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16;30 282624 C;\WINDOWS\stsystra.exe]
"SynTPEnh"="C;\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11;48 761947]
"Dell QuickSet"="C;\Program Files\Dell\QuickSet\Quickset.exe" [2006-04-06 14;58 1032192]
"Broadcom Wireless Manager UI"="C;\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08;08 1347584]
"DVDLauncher"="C;\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20;29 49152]
"DMXLauncher"="C;\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01;02 86016]
"ISUSPM Startup"="C;\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15;30 249856]
"ISUSScheduler"="C;\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15;30 81920]
"MpsOnn"="C;\WINDOWS\System32\spool\DRIVERS\W32X86\3\MpsOnn.exe" [2001-11-19 19;14 22528]
"dla"="C;\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04;33 122941]
"SunJavaUpdateSched"="C;\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01;11 132496]
"ICQ Lite"="C;\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19;12 3142236]
"SSBkgdUpdate"="C;\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09;22 155648]
"PaperPort PTD"="C;\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-02 08;29 57393]
"IndexSearch"="C;\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-02 08;42 40960]
"OpwareSE2"="C;\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11;00 49152]
"NeroFilterCheck"="C;\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11;50 155648]
"QuickTime Task"="C;\Program Files\QuickTime\QTTask.exe" [2007-12-11 10;56 286720]
"iTunesHelper"="C;\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12;10 267048]
"ShaPlus Bandwidth Meter"="C;\Program Files\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter /s" [ ]
"Adobe Photo Downloader"="C;\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [ ]
"TkBellExe"="C;\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-14 15;45 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C;\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05;00 15360]
"Picasa Media Detector"="C;\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22;18 443968]
"Nokia.PCSync"="C;\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17;35 1294336]

C;\Documents and Settings\Maros\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - C;\WINDOWS\Installer\{9011041B-6000-11D3-8CFE-0150048383C9}\outicon.exe [2007-11-12 11;05;50 794624]
Total Commander.lnk - C;\Program Files\totalcmd\TOTALCMD.EXE [2006-07-22 15;10;05 1069776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C;\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12;55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C;\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12;41 294912 C;\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword;00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword;00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C;\\WINDOWS\\system32\\java.exe"=
"C;\\Program Files\\ICQLite\\ICQLite.exe"=
"C;\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C;\\Program Files\\DAP\\DAP.exe"=
"C;\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C;\\Program Files\\MSN Messenger\\livecall.exe"=
"C;\\Program Files\\Zend\\ZendStudioClient5\\jre\\bin\\javaw.exe"=
"C;\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C;\\Program Files\\eMule\\eMule.exe"=
"C;\\Program Files\\CZDCplusplus\\CZDC.exe"=
"C;\\Program Files\\iTunes\\iTunes.exe"=
"C;\\Program Files\\strong\\StrongDC.exe"=
"C;\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67;UDP"= 67;UDP;0.0.0.0/255.255.255.255;Enabled;DHCP Discovery Service
"443;TCP"= 443;TCP;443
"1024;TCP"= 1024;TCP;1024
"65535;TCP"= 65535;TCP;65535
"65535;UDP"= 65535;UDP;65535
"1024;UDP"= 1024;UDP;1024
"80;TCP"= 80;TCP;80
"80;UDP"= 80;UDP;80
"443;UDP"= 443;UDP;443
"12242;TCP"= 12242;TCP;emul_tcp
"24462;UDP"= 24462;UDP;emul_udp
"12243;TCP"= 12243;TCP;czdc_tcp
"24463;UDP"= 24463;UDP;czdc_udp

R3 PSched;QoS Packet Scheduler;C;\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 05;00]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C;\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-26 22;21]
S2 SpPortEx;Samsung Port Exclusion;C;\WINDOWS\system32\Drivers\SpPortEx.sys [1999-12-15 01;00]
S3 AngelUsb;Angel USB MPEG Device;C;\WINDOWS\system32\DRIVERS\AngelUsb.sys [2005-02-17 02;06]
S3 genmcmnUSB;USB Scroll Mouse Driver;C;\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 14;01]
S3 MySQL5;MySQL5;"C;\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C;\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL5 []

*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 18;40;03 C;\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C;\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-21 17;30;00 C;\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (PINGU-Maros).job"
- c;\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http;//www.gmer.net
Rootkit scan 2008-03-24 16;51;12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files; 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MySQL5]
"ImagePath"="\"C;\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C;\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL5"
.
Completion time; 2008-03-24 16;53;32
ComboFix-quarantined-files.txt 2008-03-24 15;53;30
ComboFix2.txt 2008-03-23 19;14;17
ComboFix3.txt 2008-03-23 16;46;45
ComboFix4.txt 2008-03-23 08;29;27
.
2008-03-12 08;42;38 --- E O F ---

First things first..Uninstall the ask toolbar from add/remove programs. It is supported by adware and is un desirable.
Also do the same with any entry that says CommonName.

Next after you have done the above...

Open HJT and click scan only, place a check by these entries DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O2 - BHO; BabeIE - {00000000-0000-0000-0000-000000000000} - (no file)
O8 - Extra context menu item; Add A Page Note - C;\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item; Bookmark This Page - C;\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item; Email This Link - C;\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item; Search using CommonName - C;\Program Files\CommonName\AddressBar\navigate.htm
O18 - Protocol hijack; cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O18 - Protocol; skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C;\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service; MySQL5 - Unknown owner - C;\Program.exe (file missing)



Close all windows and browsers except HJT and click fix checked.

Next


* Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the Quote box below:




* Save this as CFScript.txt and place it on your desktop.





* Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
* ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
* When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

With a new HJT log


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

as you wrote in message before the last one, I run the super antispyware and here is the log:

SUPERAntiSpyware Scan Log
http;//www.superantispyware.com

Generated 03/24/2008 at 05;37 PM

Application Version ; 4.0.1154

Core Rules Database Version ; 3423
Trace Rules Database Version; 1415

Scan type ; Complete Scan
Total Scan Time ; 00;39;19

Memory items scanned ; 447
Memory threats detected ; 0
Registry items scanned ; 7255
Registry threats detected ; 0
File items scanned ; 20818
File threats detected ; 5

Adware.Tracking Cookie
C;\Documents and Settings\Maros\Cookies\maros@pandasoftware.112.2o7[1].txt
C;\Documents and Settings\Maros\Cookies\maros@adlegend[2].txt
C;\Documents and Settings\Maros\Cookies\maros@tribalfusion[2].txt
C;\Documents and Settings\Maros\Cookies\maros@ad.yieldmanager[1].txt
C;\Documents and Settings\Maros\Cookies\maros@rambler[2].txt


According your last message I removed as toolbar and trying to remove commonname, but so far not succesfully, because the windows firewall doesn't allow me to install the active x from their web. I tried to turn off the win firewall ,but still it doesn;t allow me... I go for another try and then I'll let you know ...