Omputer running slow especially when on internet

The_Grandmaster

It may be hidden: do you have a left arrow which looks like: <
Press it to see if the avast icon appears. Having a look on google can't find another way at the moment.

Fit_Like

The_Grandmaster wrote: »

It may be hidden: do you have a left arrow which looks like: <
Press it to see if the avast icon appears. Having a look on google can't find another way at the moment.

Yes I do, but its not under their either :-( Im away to uninstall it.

The_Grandmaster

check that's ok with alienRIK

Fit_Like

Combo Fix Log:
ComboFix 10-06-09.04 - HP_Owner 10/06/2010 17:35:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.231 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\mtwb.dat
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FastBrowserSearchProtection.exe
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\FbsSearchProtectionUnInstall.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.crc
c:\program files\Fast Browser Search\IE\FBStoolbar.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.inf
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\options.html
c:\program files\Fast Browser Search\IE\searchbutton1.gif
c:\program files\Fast Browser Search\IE\searchbutton2.gif
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\Unreg.dll
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\windows\desktop
c:\windows\desktop\My Briefcase\My Money Backup.mbf
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\g32.txt
c:\windows\system32\core3.sys
c:\windows\system32\zlibwapi.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

\Legacy_ASPIMGR

---

\Legacy_CORE3

---

\Service_AVPsys

---

\Service_core3

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.
2010-06-10 12:14 . 2010-05-06 10:41 743424

---

w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 18:39 . 2010-06-09 18:43

---

d

---

w- c:\program files\Registry Mechanic Hijack this
2010-05-27 21:25 . 2010-05-27 21:25

---

d

---

w- c:\program files\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 16:50 . 2007-03-27 22:27

---

d

---

w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org2
2010-06-10 16:00 . 2006-04-30 23:38

---

d

---

w- c:\program files\Alwil Software
2010-06-09 20:39 . 2010-03-03 19:45

---

d

---

w- c:\program files\Zynga
2010-06-09 20:39 . 2009-10-28 10:34

---

d

---

w- c:\program files\WebView
2010-06-09 20:39 . 2009-04-21 22:27

---

d

---

w- c:\program files\jZip
2010-06-09 18:45 . 2010-06-09 18:45 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 18:44 . 2008-03-03 16:41

---

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 16:05 . 2005-10-05 11:57

---

d

---

w- c:\program files\Google
2010-06-09 15:43 . 2008-07-31 19:05

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 15:31 . 2008-02-27 15:59

---

d

---

w- c:\program files\LEGO Company
2010-06-09 15:29 . 2009-12-07 20:06 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2010-06-09 15:27 . 2009-08-31 20:31

---

d

---

w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator
2010-06-09 15:16 . 2010-04-17 19:17

---

d

---

w- c:\documents and settings\All Users\Application Data\avg9
2010-06-09 15:12 . 2010-04-12 11:41

---

d

---

w- c:\program files\SlySoft
2010-06-06 17:17 . 2010-04-11 19:01

---

d

---

w- c:\program files\Microsoft Silverlight
2010-05-29 14:03 . 2010-05-29 14:03 10134 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-05-29 14:03 . 2005-01-01 15:49

---

d

---

w- c:\program files\HP
2010-05-29 13:16 . 2006-05-01 00:34 52632 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-05-11 13:18 . 2006-05-01 00:34 87392 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 19:18 . 2010-05-10 19:18

---

d

---

w- c:\program files\MSECache
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2008-07-31 19:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-07-31 19:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:14 . 2010-04-25 19:17

---

d

---

w- c:\program files\Promosoft Corporation
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 19:17 . 2010-04-17 19:17

---

d

---

w- c:\program files\AVG
2010-04-12 11:52 . 2005-09-05 21:20

---

d

---

w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-12 11:44 . 2010-04-12 11:44

---

d

---

w- c:\documents and settings\All Users\Application Data\SlySoft
2009-09-03 15:04 . 2009-09-03 17:30 257 -c--a-w- c:\program files\Facebook Home.url
2009-06-10 22:26 . 2009-06-10 22:26 16409960 ----a-w- c:\program files\spybotsd162.exe
2008-07-31 07:44 . 2008-07-31 07:44 19535 ----a-w- c:\program files\Common Files\iwanyd.db
2008-07-31 07:44 . 2008-07-31 07:44 11248 ----a-w- c:\program files\Common Files\gaqic.reg
2008-07-31 07:44 . 2008-07-31 07:44 11185 ----a-w- c:\program files\Common Files\gyxowu.bat
.

---

Sigcheck

---

[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
c:\windows\System32\es.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-03 2002160]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 344064]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 2754560]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"XoftSpy"="c:\program files\XoftSpy\XoftSpy.exe" [2007-04-26 2453504]
"SpeedTouch USB Diagnostics"="c:\program files\Virgin Net Broadband\Dragdiag.exe" [2004-01-26 866816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"hp Update 2100C"="c:\sj644\hpupdate.exe" [2002-01-24 28672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-04 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-26 08:25 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
2005-01-01 16:07 159744 ----a-w- c:\progra~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-28 20:09 700416

---

w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
2004-11-05 07:26 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 13:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 13:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 19:02 61440 ----a-w- c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 16:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-01 16:03 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-01-01 16:00 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-11-05 08:44 192512 ----a-w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 13:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 74480]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [21/03/2009 16:46 266240]
R2 WebView-Reporting-Service;WebView-Reporting-Service;c:\program files\WebView\WebView-Reporting.exe [23/02/2009 13:20 102400]
R2 WebView-Update-Service;WebView-Update-Service;c:\program files\WebView\WebView-Updater.exe [23/02/2009 13:20 176128]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [01/01/2005 16:45 24544]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [20/11/2009 12:56 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [20/11/2009 12:56 26368]
S3 PAC207;PC [EMAIL="Camer&#64;;c:\windows\system32\drivers\PFC027.SYS"]Camer@;c:\windows\system32\drivers\PFC027.SYS[/EMAIL] [20/11/2006 08:48 506112]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-06-09 c:\windows\Tasks\Free Registry Fix.job
- c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe [2010-02-14 14:03]
2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{BD231EB8-F747-47BD-B9F1-DAC0E66E922E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
2007-08-04 c:\windows\Tasks\XoftSpy.job
- c:\program files\XoftSpy\XoftSpy.exe [2007-04-26 13:39]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20081113090451
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.parquesantiago.com/webcam/AMC.CAB
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-core3.sys
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-kdx - c:\program files\Kontiki\KHost.exe
MSConfigStartUp-MtdAcqu - c:\program files\Creative\MediaSource5\MtdAcqu.exe
MSConfigStartUp-STManager - c:\program files\SpeedTouch\Dr SpeedTouch\drst.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 17:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(6016)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.

---

Other Running Processes

---

.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\OpenOffice.org 2.1\program\soffice.exe
c:\program files\OpenOffice.org 2.1\program\soffice.BIN
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Logitech Vid\LU\LULnchr.exe
c:\program files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-06-10 18:01:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 17:01
Pre-Run: 114,966,966,272 bytes free
Post-Run: 115,054,415,872 bytes free
- - End Of File - - AEC176096A7D04432DC7C6D3D24C56CC

Thanks very much again, Im just installing Avast 5 at the moment.

aliEnRIK

Uninstall REGFIX


Open notepad and copy/paste the text in RED below

File::
c:\program files\Facebook Home.url
c:\program files\Common Files\iwanyd.db
c:\program files\Common Files\gaqic.reg
c:\program files\Common Files\gyxowu.bat
c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe
c:\windows\Tasks\XoftSpy.job
c:\program files\XoftSpy\XoftSpy.exe


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

Fit_Like

ComboFix 10-06-10.02 - HP_Owner 10/06/2010 21:20:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.160 [GMT 1:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\program files\Common Files\gaqic.reg"
"c:\program files\Common Files\gyxowu.bat"
"c:\program files\Common Files\iwanyd.db"
"c:\program files\Facebook Home.url"
"c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe"
"c:\program files\XoftSpy\XoftSpy.exe"
"c:\windows\Tasks\XoftSpy.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\gaqic.reg
c:\program files\Common Files\gyxowu.bat
c:\program files\Common Files\iwanyd.db
c:\program files\Promosoft Corporation\Free Registry Fix\application\regfix.exe
c:\program files\XoftSpy\XoftSpy.exe
c:\windows\Tasks\XoftSpy.job
.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.
2010-06-10 17:10 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-10 17:10 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-10 17:10 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-10 17:10 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-10 17:10 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-10 17:10 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-10 17:10 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-10 17:09 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-10 17:09 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-10 17:09 . 2010-06-10 17:09

---

d

---

w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-10 12:14 . 2010-05-06 10:41 743424

---

w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 18:45 . 2010-06-09 18:45 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-09 18:39 . 2010-06-09 18:43

---

d

---

w- c:\program files\Registry Mechanic Hijack this
2010-05-29 14:03 . 2010-05-29 14:03 10134 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{4CCC7F68-A437-4559-A840-F5E010934951}\ARPPRODUCTICON.exe
2010-05-27 21:25 . 2010-05-27 21:25

---

d

---

w- c:\program files\ESET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 20:30 . 2006-04-30 23:34

---

d

---

w- c:\program files\XoftSpy
2010-06-10 17:09 . 2006-04-30 23:38

---

d

---

w- c:\program files\Alwil Software
2010-06-10 16:50 . 2007-03-27 22:27

---

d

---

w- c:\documents and settings\HP_Owner\Application Data\OpenOffice.org2
2010-06-09 20:39 . 2010-03-03 19:45

---

d

---

w- c:\program files\Zynga
2010-06-09 20:39 . 2009-10-28 10:34

---

d

---

w- c:\program files\WebView
2010-06-09 20:39 . 2009-04-21 22:27

---

d

---

w- c:\program files\jZip
2010-06-09 18:44 . 2008-03-03 16:41

---

d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 16:05 . 2005-10-05 11:57

---

d

---

w- c:\program files\Google
2010-06-09 15:43 . 2008-07-31 19:05

---

d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-06-09 15:31 . 2008-02-27 15:59

---

d

---

w- c:\program files\LEGO Company
2010-06-09 15:29 . 2009-12-07 20:06 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2010-06-09 15:27 . 2009-08-31 20:31

---

d

---

w- c:\documents and settings\All Users\Application Data\Tesco Photobook Creator
2010-06-09 15:16 . 2010-04-17 19:17

---

d

---

w- c:\documents and settings\All Users\Application Data\avg9
2010-06-09 15:12 . 2010-04-12 11:41

---

d

---

w- c:\program files\SlySoft
2010-06-06 17:17 . 2010-04-11 19:01

---

d

---

w- c:\program files\Microsoft Silverlight
2010-05-29 14:03 . 2005-01-01 15:49

---

d

---

w- c:\program files\HP
2010-05-29 13:16 . 2006-05-01 00:34 52632 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2010-05-11 13:18 . 2006-05-01 00:34 87392 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 19:18 . 2010-05-10 19:18

---

d

---

w- c:\program files\MSECache
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2008-07-31 19:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2008-07-31 19:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:14 . 2010-04-25 19:17

---

d

---

w- c:\program files\Promosoft Corporation
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-17 19:17 . 2010-04-17 19:17

---

d

---

w- c:\program files\AVG
2010-04-12 11:52 . 2005-09-05 21:20

---

d

---

w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-12 11:44 . 2010-04-12 11:44

---

d

---

w- c:\documents and settings\All Users\Application Data\SlySoft
2009-09-03 15:04 . 2009-09-03 17:30 257 -c--a-w- c:\program files\Facebook Home.url
2009-06-10 22:26 . 2009-06-10 22:26 16409960 ----a-w- c:\program files\spybotsd162.exe
.

---

Sigcheck

---

[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[7] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
c:\windows\System32\es.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-03 2002160]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-04 344064]
"PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
"SoundMan"="SOUNDMAN.EXE" [2005-02-21 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-02-18 2754560]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"SpeedTouch USB Diagnostics"="c:\program files\Virgin Net Broadband\Dragdiag.exe" [2004-01-26 866816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"hp Update 2100C"="c:\sj644\hpupdate.exe" [2002-01-24 28672]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-04 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-26 08:25 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
2005-01-01 16:07 159744 ----a-w- c:\progra~1\HELPAN~1\HPQ\XPXWWPP5\plugin\bin\PCHButton.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-28 20:09 700416

---

w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
2004-11-05 07:26 106496 ----a-w- c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 13:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 13:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-11 19:02 61440 ----a-w- c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 16:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-01-01 16:03 98304 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-01-01 16:00 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
2004-11-05 08:44 192512 ----a-w- c:\program files\InterVideo\Common\Bin\WinRemote.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/06/2010 18:10 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 13:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/06/2010 18:10 19024]
R2 WebView-Reporting-Service;WebView-Reporting-Service;c:\program files\WebView\WebView-Reporting.exe [23/02/2009 13:20 102400]
R2 WebView-Update-Service;WebView-Update-Service;c:\program files\WebView\WebView-Updater.exe [23/02/2009 13:20 176128]
R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [01/01/2005 16:45 24544]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [21/03/2009 16:46 266240]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [20/11/2009 12:56 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [20/11/2009 12:56 26368]
S3 PAC207;PC [EMAIL="Camer&#64;;c:\windows\system32\drivers\PFC027.SYS"]Camer@;c:\windows\system32\drivers\PFC027.SYS[/EMAIL] [20/11/2006 08:48 506112]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{BD231EB8-F747-47BD-B9F1-DAC0E66E922E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20081113090451
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.parquesantiago.com/webcam/AMC.CAB
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-XoftSpy - c:\program files\XoftSpy\XoftSpy.exe

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-10 21:35:47
ComboFix-quarantined-files.txt 2010-06-10 20:35
ComboFix2.txt 2010-06-10 17:01
Pre-Run: 114,961,567,744 bytes free
Post-Run: 114,963,263,488 bytes free
- - End Of File - - 69C0AF1681A19889A337B1F7C804FB4B

Hope this is right? Thanks again.

aliEnRIK

Give it a full scan with AVAST