winnzy32 missing

[Buckens]

There is some time now that my computer, when it starts, give a message saying that winnzy32.rom is missing.

I am using Windows Vista.

I tried to use my Recover Disk but the option that should let me recover, without to make a new clean installation, was greyed.

When I shut down it takes a very, very long time and sometimes it don't shut down.

When runing it is unstable

I have ran the HijackThis tool and created a log (details below) in case someone can help.
Your expert advice at this stage would be most welcome.

Thanks a lot in advance. I will apreciate any help

Here goes the HijackTis! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:09, on 04-10-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NkView6\NkvMon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sapo.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Advanced Uninstaller PRO - Version 9\Monitor.exe"
O4 - HKCU\..\Run: [GBMPro8Agent] C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [MSSMSGS] rundll32.exe winnzy32.rom,HXKRun (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [Syncplicity] C:\Program Files\Syncplicity\Syncplicity.exe (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [ADPHONE] C:\Program Files\ADPHONE3\ADPHONE.EXE /STARTUP (User 'JBC')
O4 - HKUS\S-1-5-21-3913240693-3433831808-639878202-1001\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'JBC')
O4 - S-1-5-21-3913240693-3433831808-639878202-1001 Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'JBC')
O4 - S-1-5-21-3913240693-3433831808-639878202-1001 User Startup: Iniciação Rápida do Microsoft Office OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'JBC')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: SAM.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\NkView6\NkvMon.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\Users\JBC_2\AppData\Local\Temp\RarSFX1\jc_all.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\Users\JBC_2\AppData\Local\Temp\RarSFX1\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\program files\microsoft office\office12\excel.exe/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://c:\program files\microsoft office\office12\excel.exe/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97262A2C-0811-47A1-B02C-BD416DF5D699}: NameServer = 194.65.47.43,194.65.47.44
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13914 bytes

==================================================

[Billy O'Neal]

Hello, Buckens
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

• In the meantime, please refrain from making any changes to your computer.
• Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Finally, please reply using the button in the lower left hand corner of your screen.
• Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to run a Scan with DDS

1. Please download DDS, and save it to your desktop, from one of the following mirrors:
   • This is a mirror
   • This is another mirror
2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
3. Double click on your desktop.
4. If prompted by any script blocking tools, please allow any actions taken by DDS.
5. When prompted to preform an Optional Scan, please select
6. Two reports will open. Please reply with the generated reports:
   • DDS.txt <-- Copy and paste into your next post
   • Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER

1. Please download gmer.zip and save to your desktop.
   • alternate download site 1
   • alternate download site 2
2. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
3. When you have done this, disconnect from the Internet and close all running programs.
   Note: There is a small chance this application may crash your computer so save any work you have open.
4. Double-click on Gmer.exe to start the program.
5. Allow the gmer.sys driver to load if asked.
6. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
7. Click on "Settings", then check the first five settings:
   • System Protection and Tracing
   • Processes
   • Save created processes to the log
   • Drivers
   • Save loaded drivers to the log
8. You will be prompted to restart your computer. Please do so.
9. Run Gmer again and click on the Rootkit tab.
10. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
11. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
12. Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
13. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
14. Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:

• DDS.txt
• Attach.txt
• GMER's Log

Billy3

[Buckens]

Hi Billy

Thank you for your answer, I apreciate.

For the moment I solved one part of my problem, I don't get no more the message saying that winnzy32.rom is missing but the other symptoms continue.

I mean my computer freezes all the time.
It is almost impossible to shut down. I have to close the computer closing the energy.

I do as your instructions.

In atach the files
Attach.zip
Gmer.txt

Hope this helps, thank you

And now the log DDs.txt
__________________________________________

DDS (Version 1.0) - NTFSx86
Run by JBC_2 at 21:54:10,88 on 26-11-2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.351.2070.18.3069.1638 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Syncplicity\Syncplicity.exe
C:\Program Files\NkView6\NkvMon.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JBC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Psuedo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - c:\program files\p2p_torrent\tbP2P_.dll
mURLSearchHooks: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - c:\program files\p2p_torrent\tbP2P_.dll
dURLSearchHooks: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - c:\program files\p2p_torrent\tbP2P_.dll
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - c:\program files\p2p_torrent\tbP2P_.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - c:\program files\p2p_torrent\tbP2P_.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {BC4BE15D-6A34-4356-9E97-79E43DA32B1D} - c:\program files\p2p_torrent\tbP2P_.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [VoipStunt] "c:\program files\voipstunt.com\voipstunt\VoipStunt.exe" -nosplash -minimized
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [TVEService] "c:\program files\homecinema\tv enhance\TVEService.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\users\jbc_2\appdata\roaming\micros~1\windows\startm~1\programs\startup\sam.lnk - c:\progra~1\sam\SAM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nkview6\NkvMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 9\SnagIt32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: DisableTaskMgr = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with Rapidshare Downloader
IE: &Download with Rapidshare Downloader
IE: E&xport to Microsoft Excel - c:\program files\microsoft office\office12\excel.exe/3000
IE: E&xportar para o Microsoft Excel - c:\program files\microsoft office\office12\excel.exe/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: avsda.dll
TCP: {97262A2C-0811-47A1-B02C-BD416DF5D699} = 194.65.47.43,194.65.47.44
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2008-4-20 66176]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-24 97928]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"c:\program files\avira\avira premium security suite\avesvc.exe" [2008-4-20 41217]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-24 231704]
R2 DQLWinService;DQLWinService;"c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe" [2007-2-12 208896]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-10-28 809296]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);"c:\program files\homecinema\tv enhance\kernel\tv\TVECapSvc.exe" [2008-2-14 290909]
R2 TVESched;TVEnhance Task Scheduler (TTS));"c:\program files\homecinema\tv enhance\kernel\tv\TVESched.exe" [2008-2-14 114779]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-5-4 1302368]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2008-5-4 554496]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-5-4 13976]
S2 NMSCore;Intel(R) NMSCore;"c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe" [2007-6-27 317656]
S2 QualityManager;Intel(R) Quality Manager;"c:\program files\intel\inteldh\intel media server\media server\bin\qualitymanager.exe" [2007-6-27 272600]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]

=============== Created Last 30 ================

2008-11-25 18:23 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-25 18:23 712,704 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-25 18:23 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-25 18:23 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-25 18:23 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-20 21:55 <DIR> --d----- c:\program files\FrostWire
2008-11-18 20:54 <DIR> --d----- c:\program files\Serials 2000 7.1 Plus
2008-11-17 20:55 11 a----r-- c:\windows\amunres.lsl
2008-11-17 15:13 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-11-17 15:13 83,456 a------- c:\windows\system32\wudriver.dll
2008-11-17 15:12 162,064 a------- c:\windows\system32\wuwebv.dll
2008-11-17 15:12 31,232 a------- c:\windows\system32\wuapp.exe
2008-11-12 07:34 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-12 07:34 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-12 07:34 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-11 21:48 <DIR> --d----- c:\program files\Conduit
2008-11-11 21:48 <DIR> --d----- c:\program files\P2P_Torrent
2008-11-07 23:04 <DIR> --d----- c:\users\jbc_2\Incomplete
2008-11-07 23:04 <DIR> --d----- c:\users\jbc_2\appdata\roaming\FrostWire
2008-11-06 18:24 <DIR> --d----- c:\program files\Syncplicity
2008-11-05 22:10 28,672 a------- c:\windows\Getdisk.exe
2008-11-05 22:10 <DIR> --d----- c:\program files\Quick Recovery for Pen Drives
2008-11-04 22:12 <DIR> --d----- c:\program files\FotoSketcher
2008-11-01 22:22 <DIR> --d----- c:\program files\Virtual Earth 3D
2008-11-01 10:54 318,976 a------- c:\windows\system32\CF824.exe
2008-11-01 10:54 <DIR> --d----- C:\ComboFix
2008-11-01 10:10 <DIR> --d----- c:\program files\CCleaner
2008-10-31 12:41 <DIR> -cdsh--- c:\program files\common files\WindowsLiveInstaller
2008-10-31 12:39 <DIR> --d----- c:\programdata\WLInstaller
2008-10-30 22:07 <DIR> --d----- C:\MGtools
2008-10-30 22:06 1,312,578 a------- C:\MGtools.exe
2008-10-30 18:58 428,544 a------- c:\windows\system32\EncDec.dll
2008-10-30 18:58 217,088 a------- c:\windows\system32\psisrndr.ax
2008-10-30 18:58 293,376 a------- c:\windows\system32\psisdecd.dll
2008-10-30 18:58 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-10-30 18:58 80,896 a------- c:\windows\system32\MSNP.ax
2008-10-28 23:35 161,792 a------- c:\windows\SWREG.exe
2008-10-28 23:35 98,816 a------- c:\windows\sed.exe
2008-10-28 20:37 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2008-10-28 20:37 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2008-10-28 20:37 <DIR> --d----- c:\users\jbc_2\appdata\roaming\SUPERAntiSpyware.com
2008-10-28 20:37 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-10-28 19:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-28 19:56 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-28 19:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-10-28 17:59 147,456 a------- c:\windows\system32\Faultrep.dll
2008-10-28 17:59 125,952 a------- c:\windows\system32\wersvc.dll
2008-10-28 17:53 443,392 a------- c:\windows\system32\win32spl.dll

==================== Find3M ====================

2008-11-23 14:41 650,438 a------- c:\windows\system32\prfh0816.dat
2008-11-23 14:41 127,778 a------- c:\windows\system32\prfc0816.dat
2008-11-20 21:49 <DIR> --d----- c:\program files\Hotspot Shield
2008-11-13 18:23 <DIR> --d----- c:\users\jbc_2\appdata\roaming\ADPHONE
2008-11-11 21:40 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2008-11-09 00:12 <DIR> --d----- c:\users\jbc_2\appdata\roaming\LimeWire
2008-10-28 23:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-10-28 20:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-10-26 18:07 <DIR> --d----- c:\progra~2\SecTaskMan
2008-10-25 16:07 <DIR> --d----- c:\program files\Nonoh.net
2008-10-24 19:49 <DIR> --d----- c:\program files\common files\Equis
2008-10-16 17:48 <DIR> --d----- c:\program files\Google Earth Pro 4.2
2008-10-11 23:27 <DIR> --d----- c:\program files\Skype
2008-10-11 20:17 <DIR> --d----- c:\program files\Portable Bookmark Exporter 2.48
2008-10-11 15:18 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Dropbox
2008-10-09 13:25 1,221,008 a------- c:\windows\system32\zpeng25.dll
2008-10-07 21:26 <DIR> --d----- c:\program files\AIP4Win
2008-10-04 16:05 <DIR> --d----- c:\users\jbc_2\appdata\roaming\SAM
2008-10-04 16:05 <DIR> --d----- c:\program files\PDF PDF Editor v2.2
2008-10-03 18:21 <DIR> --d----- c:\program files\Replay Music 3
2008-10-03 18:19 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2008-10-02 03:49 827,392 a------- c:\windows\system32\wininet.dll
2008-10-01 17:31 <DIR> --d----- c:\program files\Driver Magician
2008-09-30 17:25 <DIR> --d----- c:\program files\Bonjour
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-28 17:22 <DIR> --d----- c:\program files\NkView6
2008-09-28 12:45 <DIR> --d----- c:\program files\Zone Labs
2008-09-28 12:34 <DIR> --d----- c:\program files\ZoneAlarm
2008-09-21 15:22 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Malwarebytes
2008-09-21 15:22 <DIR> --d----- c:\progra~2\Malwarebytes
2008-09-18 05:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-08-29 13:59 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Vso
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-08-03 12:43 <DIR> --d----- c:\progra~2\Karen's Power Tools
2008-07-25 18:07 <DIR> --d----- c:\users\jbc_2\appdata\roaming\TVU networks
2008-07-25 18:06 <DIR> --d----- c:\progra~2\TVU networks
2008-07-20 16:43 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Reallusion
2008-07-13 16:02 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Anthropics
2008-07-12 23:27 <DIR> --d----- c:\progra~2\Lavasoft
2008-07-05 20:26 <DIR> --d----- c:\progra~2\Hagel Technologies
2008-06-29 16:07 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Smart PC Solutions
2008-06-08 11:02 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Nonoh
2008-06-02 09:56 <DIR> --d----- c:\progra~2\WEBREG
2008-05-25 19:52 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Pamela
2008-05-24 11:59 <DIR> --d----- c:\progra~2\avg8
2008-05-22 11:24 <DIR> --d----- c:\users\jbc_2\appdata\roaming\VoipStunt
2008-05-21 20:08 <DIR> --d----- c:\users\jbc_2\appdata\roaming\VoipBuster
2008-05-17 20:57 <DIR> --d----- c:\users\jbc_2\appdata\roaming\CheckPoint
2008-05-11 19:13 <DIR> --d----- c:\users\jbc_2\appdata\roaming\12Voip
2008-05-04 22:25 <DIR> --dsh--- c:\progra~2\Modelos
2008-05-04 22:25 <DIR> --dsh--- c:\progra~2\Menu Iniciar
2008-05-04 22:25 <DIR> --dsh--- c:\progra~2\Favoritos
2008-05-04 22:25 <DIR> --dsh--- c:\progra~2\Documentos
2008-05-04 22:25 <DIR> --dsh--- c:\progra~2\Ambiente de trabalho
2008-05-04 21:57 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Uniblue
2008-05-04 21:57 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Symantec
2008-05-04 21:57 <DIR> --d----- c:\users\jbc_2\appdata\roaming\MozillaControl
2008-05-04 21:57 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Genie-Soft
2008-05-04 21:49 <DIR> --d----- c:\progra~2\X10 Settings
2008-05-04 21:49 <DIR> --d----- c:\progra~2\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-05-04 21:49 <DIR> --d----- c:\progra~2\Symantec
2008-05-04 21:49 <DIR> --d----- c:\progra~2\Nero
2008-05-04 21:48 <DIR> --d----- c:\progra~2\Intel
2008-05-04 21:48 <DIR> --d----- c:\progra~2\Innovative Solutions
2008-05-04 21:48 <DIR> --d----- c:\progra~2\Genie-Soft
2008-05-04 21:48 <DIR> --d----- c:\progra~2\CheckPoint
2008-05-04 21:48 <DIR> --d----- c:\progra~2\Avira
2008-04-27 09:39 <DIR> --d----- c:\users\jbc_2\appdata\roaming\Static EMail Backup
2008-07-20 16:43 76 ---shr-- c:\windows\FFSSET.BIN
2008-05-06 21:22 23 a--sh--- c:\windows\system32\faecfe3_z.dll
2007-09-10 16:48 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:55:32,00 ===============

[Billy O'Neal]

Hello :)

Please uninstall ZoneAlarm and let me know if the problems continue.

Quote:

2008-11-01 10:54 <DIR> --d----- C:\ComboFix

It appears you ran ComboFix previously. CF is a powerful tool which shouldn't be used without guidance from an analyst.

Please post the contents of the file:
C:\ComboFix.txt

Thanks!

Billy3

[Buckens]

Hi Billy

Thank you for helping me

I uninstall ZoneAlarm and ran Combofix

See in attach the log

Best regards

[Billy O'Neal]

Hello, Buckens
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
2. Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
3. Click the "Download" button to the right.
4. Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
5. Select your Language: "Multi-Language".
6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
7. Click Continue and the page will refresh.
8. Click on the link to download Windows Offline Installation and save the file to your desktop.
9. Close any programs you may have running - especially your web browser.
10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
12. Click the Remove or Change/Remove button.
13. Follow the onscreen instructions for the Java uninstaller.
14. Repeat as many times as necessary to remove each Java version.
15. Reboot your computer once all Java components are removed.
16. Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
17. Follow the on screen instructions to install the latest Java version.

I would like us to use ESET (NOD32)'s Online Scanner

1. Please go to ESET OnlineScan (NOD32)
2. You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
3. Now click Start
4. Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
5. Click Start
   • Note: (the Onlinescanner will now prepare itself for running on your pc)
6. To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
7. Press Scan
8. The Onlinescan will now start and scan your pc (this could take a while)
9. When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
10. Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
11. The Scanresults will now open in Notepad
12. Click into the text area, right-click and chose "select all" (or use <Control>+A)
13. Right-click again and chose "Copy" (or <Control>+C)
14. Close/Exit Notepad
15. Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You Need to Update Windows (And other Microsoft Software)
Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

If you are using Windows XP or earlier
Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

If you are using Windows Vista

1. Click the "Start Menu" (or Windows Orb)
2. Click "All Programs"
3. Click "Windows Update"
4. On the left, choose "Change Settings"
5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
6. Press OK and accept the UAC prompt.
   Note: You shouldn't need to check this checkbox every single time you update, only the first time.
7. Click "Check for Updates" in the upper left corner.
8. Follow the instructions to install the latest updates.
9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install

In your next reply, please include the following:

• ESET OnlineScan's Log

Billy3

[Buckens]

Hi Billy

Thank you for helping me, I apreciate.

— I Install Java Runtime Environment (JRE)6 Update 10 as you recommend

— I use ESET (NOD32)'s Online Scanner, as you recommend.

It found 7 threads but unhapilly I do something wrong and Icouldn' save the log.
I just don't understand why AVG didn't found them

— My Windows Vista was updated (see attach).

My problem seems to be solved thanks to you
No more freezes and the PC is shuts normaly.

I think the cause was the firewall ZoneAlarm.
Can I install it again, or I will got back the problem ?

Thanks again. You have been very usefull.

My best regards

[Billy O'Neal]

Hello, Buckens
I would leave ZoneAlarm uninstall. Recent versions of windows have a firewall anyway :)

Congratulations! You now appear clean!

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


We Need to Clean Up Our Mess

1. Please download OTCleanIt from one of the following mirrors and save it to your desktop:
   • Mirror 1
   • Mirror A
2. Double click the icon.
3. Push the large "Cleanup" button.
4. Allow your system to reboot.

Reset System Restore
Windows' "System Restore" feature can cause malware files to be cached and retained by your system. Resetting System Restore will clean these files from your system, and will allow you to use System Restore without fear of reinfection.

1. Go to Start -> Control Panel -> System and Maintenance -> System.
2. Select "System Protection" in the upper left hand corner.
3. Click the button marked "Create" in the bottom of the window.
4. Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
5. Open Vista's Searchbox (on your start menu) and type in "cleanmgr.exe"
6. Click "OK".
7. Click the "More Options" Tab.
8. Click "Clean Up", and then "Delete" in the "System Restore and Shadow Copies" section to remove all previous restore points except the newly created one.

Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

Recommendations
Below are some recommendations to lower your chances of (re)infection.

1. Install Spyware Blaster and update it regularly
   If you wish, the commercial version provides automatic updating.
2. Install the MVPs hosts file, and update it regularly
   You can use the HostMan host file manager to do this automaticly if you wish.
   For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
3. Install an Anti-Spyware program, and update it regularly
   Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
   SUPERAntiSpyware is another good scanner with high detection and removal rates.
   Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
4. Keep Windows (and your other Microsoft software) up to date!
   I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
   
   If you are using Windows XP or earlier
   Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
   
   If you are using Windows Vista
   1. Click the "Start Menu" (or Windows Orb)
   2. Click "All Programs"
   3. Click "Windows Update"
   4. On the left, choose "Change Settings"
   5. Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
   6. Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
   7. Click "Check for Updates" in the upper left corner.
   8. Follow the instructions to install the latest updates.
   9. Reboot and repeat the "Check for Updates" until there are no more critical updates to install
5. Keep your other software up to date as well
   Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
6. Stay up to date!
   The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Billy3

[Billy O'Neal]

Hello, Buckens
Since this issue appears resolved, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Billy3