[theparade]

So recently I had internet problems, just randomly one day and then after spending hours with my internet service provider trying to get a connection, they said it was my computer and I needed to get it checked out by a technician. So I decided to do a System Restore, and now the internet is fine on the computer at least. However, the anti-virus starts as expected once I log in to my account, but it says it is unable to find the file. (Avira Antivirus from the C drive) I went to Security Center and select Antivirus, and it says my computer is protected by Avira Antivirus. I am also unable to Remove Avira from the Add/Remove Programs. (It says: Setup could not determine the feature control file or was not able to read it correctly) My Firewall is working fine however. (Comodo Firewall Pro) Scanned with Spybot + a-squared Anti-Malware, deleted the infections. When I try to start Avira, it just tells me that it cannot find the file. I think I am infected because I came up with infections after scans, and especially after the internet not working.

Note: I'm currently trying to get learning to read HJT logs @ other security forums, but still not good enough so I've decided to let you guys help me out. Thanks, school is starting so I need the computer ready.

Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:07 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Joshua\Desktop\HiJackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - E:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\cssdll32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 16167 bytes


Thanks to whoever helps me out!

Edited by theparade, 28 August 2008 - 01:04 AM.

[Advertisements]

Welcome to GTG.

Did you try reinstalling Avira to see if it helps?

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\cssdll32.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\cssdll32.dll

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

[greyknight17]

Welcome to GTG.

Did you try reinstalling Avira to see if it helps?

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\cssdll32.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\cssdll32.dll

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

[theparade]

I can't even uninstall Avira or start it, so no.

Did everything you said, deleted 020 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,C:\WINDOWS\system32\cssdll32.dll.

However, when I look for the file C:\WINDOWS\system32\cssdll32.dll, I find it but something pops up and says "Cannot delete cssdl32: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

Here is the Combofix log:

ComboFix 08-08-30.03 - Joshua 2008-08-31 15:24:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.153 [GMT -7:00]
Running from: C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Janice\Cookies\janice@live[1].txt
C:\Documents and Settings\Janice\Cookies\[email protected][1].txt
C:\Documents and Settings\Janice\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Joseph\Application Data\macromedia\Flash Player\#SharedObjects\EVKU9GKM\static.youku.com
C:\Documents and Settings\Joseph\Application Data\macromedia\Flash Player\#SharedObjects\EVKU9GKM\static.youku.com\v1.0.0224\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Joseph\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Joseph\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\bin.clearspring.com
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\static.youku.com
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\static.youku.com\v1.0.0234\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\static.youku.com\v1.0.0304\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\#SharedObjects\6LFH2TJ5\static.youku.com\v1.0.0312\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Joshua\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Joshua\Cookies\joshua@myheritage[2].txt
C:\Documents and Settings\Joshua\Cookies\[email protected][2].txt
C:\Documents and Settings\Joshua\Cookies\[email protected][1].txt
C:\Documents and Settings\Joshua\Cookies\[email protected][2].txt
C:\WINDOWS\setup.exe

----- BITS: Possible infected sites -----

http://au.doj+|Cv+@J:NGD_DQ{ztHG.X|[Hv~WU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXu.,.,.,".?\JtHG.XtHG.XuKMWU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXu
.
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-24 22:17 . 2008-08-24 22:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 21:59 . 2008-05-01 07:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-24 21:57 . 2008-07-07 13:32 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-24 21:42 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Avira
2008-08-24 21:42 . 2008-08-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-24 21:31 . 2008-08-24 21:31 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-22 03:28 . 2008-08-22 03:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-22 03:28 . 2008-08-22 03:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-22 03:22 . 2008-08-22 03:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-21 17:57 . 2008-04-13 17:12 8,461,312 --a------ C:\WINDOWS\system32\SET391.tmp
2008-08-21 17:56 . 2008-04-13 17:11 2,843,136 --a------ C:\WINDOWS\system32\SET48D.tmp
2008-08-21 17:55 . 2008-04-13 17:11 1,082,368 --a------ C:\WINDOWS\system32\SET542.tmp
2008-08-21 17:54 . 2008-04-13 17:11 1,267,200 --a------ C:\WINDOWS\system32\SET5B1.tmp
2008-08-11 16:04 . 2008-08-24 21:41 <DIR> d-------- C:\UDC Output Files
2008-08-11 16:04 . 2008-08-24 21:41 <DIR> d-------- C:\Program Files\Universal Document Converter
2008-08-11 15:53 . 2008-08-11 15:53 <DIR> d-------- C:\Program Files\LizardTech
2008-08-11 13:12 . 2008-08-11 13:12 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Leadertech
2008-08-08 17:22 . 2008-08-08 17:22 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Nero
2008-08-08 17:19 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Nero
2008-08-08 17:19 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-08 14:47 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Audacity
2008-08-08 10:08 . 2008-08-08 10:08 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\Comodo
2008-08-03 22:29 . 2008-08-24 21:08 <DIR> d-------- C:\Program Files\Opera
2008-08-02 21:58 . 2008-08-24 21:08 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-08-01 20:40 . 2008-08-01 20:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 20:24 . 2008-08-01 20:24 <DIR> d-------- C:\Deckard
2008-08-01 00:09 . 2008-08-01 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-31 23:45 . 2008-08-01 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-07-31 19:12 . 2008-08-13 13:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-31 19:11 . 2008-08-03 22:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-31 18:36 . 2008-07-31 18:36 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-31 18:36 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-30 22:59 . 2008-07-30 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-30 22:30 . 2008-07-30 22:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-28 16:11 . 2008-07-28 16:11 <DIR> d-------- C:\Program Files\Bonjour
2008-07-27 23:53 . 2004-08-10 05:00 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2008-07-27 23:53 . 2004-08-10 05:00 185,344 --a--c--- C:\WINDOWS\system32\dllcache\thawbrkr.dll
2008-07-27 23:53 . 2004-08-10 05:00 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_1140.nls
2008-07-27 23:53 . 2004-08-10 05:00 66,082 --a------ C:\WINDOWS\system32\c_1140.nls
2008-07-27 23:53 . 2004-08-10 05:00 10,752 --a--c--- C:\WINDOWS\system32\dllcache\c_iscii.dll
2008-07-27 23:53 . 2004-08-10 05:00 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2008-07-27 23:44 . 2008-07-27 23:44 <DIR> d-------- C:\Program Files\TheWeatherNetwork
2008-07-27 16:56 . 2008-08-24 21:08 <DIR> d-------- C:\Documents and Settings\Joshua\.rainlendar2
2008-07-27 16:53 . 2008-07-27 16:54 <DIR> d-------- C:\Program Files\Rainlendar2
2008-07-27 16:26 . 2008-07-27 16:32 <DIR> d-------- C:\Program Files\ePrompter
2008-07-27 16:26 . 2008-07-27 16:31 8,093 --a------ C:\WINDOWS\ePrompter.ini
2008-07-25 22:56 . 2008-07-25 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-23 22:51 . 2008-07-26 16:21 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-23 22:50 . 2008-07-26 16:21 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-07-23 22:49 . 2008-07-23 22:49 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-23 22:49 . 2008-07-23 22:49 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-07-22 20:18 . 2008-07-25 22:50 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\IGN_DLM
2008-07-22 16:30 . 2008-07-22 16:30 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\gtk-2.0
2008-07-22 16:30 . 2008-07-22 16:30 <DIR> d-------- C:\Documents and Settings\Joshua\.thumbnails
2008-07-21 23:40 . 2008-07-22 18:00 <DIR> d-------- C:\Documents and Settings\Joshua\.gimp-2.4
2008-07-21 16:34 . 2008-07-21 16:34 <DIR> d-------- C:\Program Files\AskSBar
2008-07-21 16:34 . 2008-07-21 16:34 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-07-21 16:33 . 2008-07-21 16:34 <DIR> d-------- C:\Program Files\COMODO
2008-07-21 16:33 . 2008-07-21 16:33 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Comodo
2008-07-21 16:33 . 2008-07-21 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-07-21 16:33 . 2008-07-21 16:33 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-07-21 16:33 . 2008-07-21 16:33 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-21 16:33 . 2008-07-21 16:33 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-20 23:25 . 2008-07-20 23:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-20 23:25 . 2008-08-03 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-19 20:22 . 2008-07-19 20:22 <DIR> d-------- C:\Documents and Settings\Joshua\LocalLow
2008-07-12 20:20 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-04 17:40 . 2008-07-04 17:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-02 21:12 . 2008-07-02 21:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-02 21:11 . 2008-07-02 21:11 <DIR> d-------- C:\Program Files\Windows Live
2008-07-02 21:11 . 2008-07-02 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-01 01:40 --------- d-----w C:\Program Files\iTunes
2008-08-01 01:40 --------- d-----w C:\Program Files\iPod
2008-07-31 05:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-30 03:45 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-30 03:32 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Apple Computer
2008-07-26 05:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-23 03:16 --------- d-----w C:\Program Files\Google
2008-07-21 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-21 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 05:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 05:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 20:26 --------- d-----w C:\Program Files\Java
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es(2).dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms(2).dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock(2).dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2).dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz(2).dll
2007-06-02 17:23 38,288 ----a-w C:\Documents and Settings\Joseph\Application Data\GDIPFONTCACHEV1.DAT
2007-03-21 05:52 38,288 ----a-w C:\Documents and Settings\Joshua\Application Data\GDIPFONTCACHEV1.DAT
2007-02-09 07:46 38,288 ----a-w C:\Documents and Settings\Janice\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 14:43 151552]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 11:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 11:32 126976]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 21:05 339968]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 22:08 28672]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 05:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 05:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 05:00 455168]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [2004-09-16 14:49 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 16:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 16:15 600896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-22 16:49 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-21 16:34 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-21 16:33 1655552]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 18:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 15:53 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 15:00 2748928 C:\WINDOWS\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-22 17:35:33 169472]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.mxmc"= MimicICM.DLL
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-21 16:33]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-21 16:33]
R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys [2001-07-18 15:07]
R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys [2002-01-02 20:28]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 18:26]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 05:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
S3 c8c8ace5-42b2-4e9a-9686-da3bcfb4fb0a;c8c8ace5-42b2-4e9a-9686-da3bcfb4fb0a;E:\CDS300\cds300.dll []
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-14 21:30]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 18:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2006-07-22 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\system32\OOBE\oobebaln.exe [2004-08-10 05:00]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe
HKLM-Run-SysMetrix - C:\Program Files\SysMetrix\SysMetrix.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\ncrh810u.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/firefox
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 15:33:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-08-31 15:38:39
ComboFix-quarantined-files.txt 2008-08-31 22:38:35

Pre-Run: 81,487,245,312 bytes free
Post-Run: 82,743,721,984 bytes free

269 --- E O F --- 2008-08-28 07:19:52

[greyknight17]

But did you try reinstalling Avira? Forget about uninstalling it. Install Avira on top of the current installation to see if it resolves the issue.

Uninstall AskSBar via the Add/Remove Programs panel if found.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
c8c8ace5-42b2-4e9a-9686-da3bcfb4fb0a
File::
C:\WINDOWS\system32\cssdll32.dll
C:\WINDOWS\system32\SET391.tmp
C:\WINDOWS\system32\SET48D.tmp
C:\WINDOWS\system32\SET542.tmp
C:\WINDOWS\system32\SET5B1.tmp
Folder::
C:\Program Files\AskSBar

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

[theparade]

I'm going to try just running the setup again and see what happens. Seems like it's working, I'll restart my computer now and see if I can open the program. Works great, thanks!

When I try removing the Ask Toolbar it says, "Error loading C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll The specified module could not be found. I didn't do the notepad part yet because of the error I just encountered.

And thanks for helping me, I'll hopefully get a donation to Geeks to Go, you guys are great help

Edited by theparade, 01 September 2008 - 07:08 PM.

[greyknight17]

Proceed with the notepad instructions and post the new log here. Hopefully, that will be a final log assuming everything comes back clean

[theparade]

ComboFix 08-09-01.04 - Joshua 2008-09-02 19:05:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.852.1033.18.213 [GMT -7:00]
Running from: C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joshua\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
C:\Program Files\AskSBar\bar\Cache\011F777D
C:\Program Files\AskSBar\bar\Cache\011F8D57
C:\Program Files\AskSBar\bar\Cache\011F9F49.bin
C:\Program Files\AskSBar\bar\Cache\011FA98A.bin
C:\Program Files\AskSBar\bar\Cache\011FB4D5.bin
C:\Program Files\AskSBar\bar\Cache\011FD6E3.bin
C:\Program Files\AskSBar\bar\Cache\011FDF6F.bin
C:\Program Files\AskSBar\bar\Cache\011FE57A.bin
C:\Program Files\AskSBar\bar\Cache\011FEC40.bin
C:\Program Files\AskSBar\bar\Cache\011FF180.bin
C:\Program Files\AskSBar\bar\Cache\files.ini
C:\Program Files\AskSBar\bar\History\search2
C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
C:\WINDOWS\system32\cssdll32.dll
C:\WINDOWS\system32\SET391.tmp
C:\WINDOWS\system32\SET48D.tmp
C:\WINDOWS\system32\SET542.tmp
C:\WINDOWS\system32\SET5B1.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_c8c8ace5-42b2-4e9a-9686-da3bcfb4fb0a


((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-08-24 22:17 . 2008-08-24 22:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-24 21:59 . 2008-05-01 07:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-24 21:57 . 2008-07-07 13:32 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll
2008-08-24 21:42 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Avira
2008-08-24 21:42 . 2008-08-24 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-24 21:31 . 2008-08-24 21:31 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-22 03:28 . 2008-08-22 03:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-22 03:28 . 2008-08-22 03:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-22 03:22 . 2008-08-22 03:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-21 17:57 . 2008-04-13 17:12 1,499,136 --a------ C:\WINDOWS\system32\SET392.tmp
2008-08-21 17:56 . 2008-04-13 17:12 1,703,936 --a------ C:\WINDOWS\system32\SET42C.tmp
2008-08-21 17:55 . 2008-04-13 17:12 1,033,728 --a------ C:\WINDOWS\SET630.tmp
2008-08-21 17:54 . 2008-04-13 17:11 1,025,024 --a------ C:\WINDOWS\system32\SET5DE.tmp
2008-08-11 16:04 . 2008-08-24 21:41 <DIR> d-------- C:\UDC Output Files
2008-08-11 16:04 . 2008-08-24 21:41 <DIR> d-------- C:\Program Files\Universal Document Converter
2008-08-11 15:53 . 2008-08-11 15:53 <DIR> d-------- C:\Program Files\LizardTech
2008-08-11 13:12 . 2008-08-11 13:12 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Leadertech
2008-08-08 17:22 . 2008-08-08 17:22 <DIR> d-------- C:\Documents and Settings\Joshua\Application Data\Nero
2008-08-08 17:19 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Nero
2008-08-08 17:19 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-08-08 14:47 . 2008-08-24 21:42 <DIR> d-------- C:\Program Files\Audacity
2008-08-08 10:08 . 2008-08-08 10:08 <DIR> d-------- C:\Documents and Settings\Joseph\Application Data\Comodo
2008-08-03 22:29 . 2008-08-24 21:08 <DIR> d-------- C:\Program Files\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-25 04:08 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-08-13 20:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 05:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-03 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 03:40 --------- d-----w C:\Program Files\Trend Micro
2008-08-01 07:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-01 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-01 01:40 --------- d-----w C:\Program Files\iTunes
2008-08-01 01:40 --------- d-----w C:\Program Files\iPod
2008-08-01 01:36 --------- d-----w C:\Program Files\Common Files\Apple
2008-07-31 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-31 05:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 05:30 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-30 03:45 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-30 03:32 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Apple Computer
2008-07-28 23:11 --------- d-----w C:\Program Files\Bonjour
2008-07-28 06:44 --------- d-----w C:\Program Files\TheWeatherNetwork
2008-07-27 23:54 --------- d-----w C:\Program Files\Rainlendar2
2008-07-27 23:32 --------- d-----w C:\Program Files\ePrompter
2008-07-26 23:21 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-26 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-26 05:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-26 05:50 --------- d-----w C:\Documents and Settings\Joshua\Application Data\IGN_DLM
2008-07-23 03:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-23 03:16 --------- d-----w C:\Program Files\Google
2008-07-22 23:30 --------- d-----w C:\Documents and Settings\Joshua\Application Data\gtk-2.0
2008-07-22 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-07-21 23:34 --------- d-----w C:\Program Files\COMODO
2008-07-21 23:33 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-21 23:33 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-21 23:33 --------- d-----w C:\Documents and Settings\Joshua\Application Data\Comodo
2008-07-21 06:25 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-21 05:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-21 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-18 20:26 --------- d-----w C:\Program Files\Java
2008-07-03 04:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-03 04:11 --------- d-----w C:\Program Files\Windows Live
2008-07-03 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-06-02 17:23 38,288 ----a-w C:\Documents and Settings\Joseph\Application Data\GDIPFONTCACHEV1.DAT
2007-03-21 05:52 38,288 ----a-w C:\Documents and Settings\Joshua\Application Data\GDIPFONTCACHEV1.DAT
2007-02-09 07:46 38,288 ----a-w C:\Documents and Settings\Janice\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-31_15.38.04.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-09-03 02:15:30 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"Google Update"="C:\Documents and Settings\Joshua\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 59392]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 126976]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [2004-09-16 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-22 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-21 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-21 1655552]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-29 C:\WINDOWS\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-22 169472]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.mxmc"= MimicICM.DLL
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-21 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-21 24208]
R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys [2001-07-18 20704]
R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys [2002-01-02 17216]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 51712]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-02-14 32768]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 19:16:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
.
**************************************************************************
.
Completion time: 2008-09-02 19:26:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 02:26:32
ComboFix2.txt 2008-08-31 22:38:40

Pre-Run: 82,186,739,712 bytes free
Post-Run: 82,088,284,160 bytes free

243 --- E O F --- 2008-08-28 07:19:52

[greyknight17]

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

[greyknight17]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.