Unable to access removable Storage Devices

[overthehill]

I've been directed here from the Software Forum. It has been confirmed that my PC is infected. Sure would appreciate help. Thanks. overthehill

[overthehill]

I realize now that I should have provided more info.

I've checked the FAC's but have been unable to cure my problem.
I've also Googled this and after a page or two of suggestions there, I gave up !

The message/s that I receive is/are; Administrator has prohibited access to CD/DVD Rom Drives and/or Administrator has restricted this computer to access USB/1394 mass storage device and/or the process cannot access the file because it is used by another process.
When I check out Computer Management/Removable Storage it reads; The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. This snapin's display may be inconsistent with the removable Storage Service. If the problem persists please restart snapin.

My system; Pentium "D" 2.80GHz
Ram 3 GB
Windows XP Media Center Edition

Previous to this problem; rightfully or wrongfully, I down loaded a few YouTube Video Files and copied them to a Flash Drive, that was removed successfully. PC was then shut down for the night. This morning(before booting up) I opened my PC, removed an auxiliary fan that had a slight vibration,re-cushioned it, replaced the fan, booted up and received these messages. After receiving the first message I disconnected/reconnected the CD drive but nothing has changed. Did this a few times. Tried the Flash Drive , again, nothing ! When I check the Removable Storage Drives (thru) My Computer, they are greyed out with a red circle around and a red strike through.

After a few restarts I ran; Malwarebytes,SAS, and my Avast Anti-Virus and everything appeared OK.
Everything appears normal in Device Manager( I think) and System Restore didn't help.

Sure hope  that someone here can. overthehill

[BC_Programmer]

you are going to need to post the logs from those apps you were guided to use in the malware guide. (HJT, MBAM)

[overthehill]

Thank You

[overthehill]

Logs attached as directed. I hope ?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/31/2010 12:56:13 PM
mbam-log-2010-08-31 (12-56-13).txt

Scan type: Quick scan
Objects scanned: 132811
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:00:45 PM, on 8/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\IDU\awtray.exe
C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Folding@home\Folding@home-x86\[email protected]
C:\Documents and Settings\Bonham\Application Data\Folding@home-x86\FahCore_b4.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mymanitoba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [awTray.exe] "C:\Program Files\Intel\IDU\awtray.exe"
O4 - HKLM\..\Run: [OCDLMgr] RunDll32.exe C:\PROGRA~1\IZArc\OPENCA~1\OCSETU~1.DLL,_MgrCheck@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O15 - Trusted Zone: http://www.uclickgames.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/stg_drm.ocx
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189528423203
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189528318687
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Bonham/LOCALS~1/Temp/msoclip1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - (no file)
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Bonham/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B74C62D20-1BC8-452C-B919-F9FAEBDDC056%7D/Forward/image0323232323232.jpg
O24 - Desktop Component 3: (no name) - (no file)

--
End of file - 14986 bytes

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.

******************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

******************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O1 - Hosts: 209.216.253.186 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 205.238.40.1 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [OCDLMgr] RunDll32.exe C:\PROGRA~1\IZArc\OPENCA~1\OCSETU~1.DLL,_MgrCheck@16
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - Trusted Zone: http://www.uclickgames.com
O24 - Desktop Component 1: (no name) - (no file)
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Bonham/Local%20Settings/Application%20Data/IM/Runtime/Message/%7B74C62D20-1BC8-452C-B919-F9FAEBDDC056%7D/Forward/image0323232323232.jpg
O24 - Desktop Component 3: (no name) - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
**************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***************************************
Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[overthehill]

Thanks SuperDave for your help. I see nothing in Add/Remove programs related to Ask. Also I've disabled Windows Messenger. But try as I may ,there is just no way that I can get HijackThis to run. I ran it yesterday after renaming to sniper.exe, but today it will not run under either name. Should I now move on to Security Check? I'll wait now for your further instructions. Again, thanks so much. overthehill

[SuperDave]

Try renaming it to something like snoopy.bat and see if it will run. If not, continue with the rest of the instructions.

[overthehill]

Hi SuperDave, not much is working. SecurityCheck only gave a black screen that said it was running and then said that it was done. Nothing else. Combofix put me thru many hoops and I'm not sure if this is going to work either but I'll attempt to send that log. Thanks,again. overthehill

ComboFix 10-09-01.02 - Bonham 09/01/2010  21:42:53.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2439 [GMT -5:00]
Running from: c:\documents and settings\Bonham\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bonham\Local Settings\~GLH000f.TMP
c:\windows\system32\csftxctl.ocx
c:\windows\system32\zlibwapi.dll

.
(((((((((((((((((((((((((   Files Created from 2010-08-02 to 2010-09-02  )))))))))))))))))))))))))))))))
.

2010-09-02 00:02 . 2010-09-02 00:02   388096   ----a-r-   c:\documents and settings\Bonham\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-02 00:02 . 2010-09-02 00:02   --------   d-----w-   c:\program files\Trend Micro
2010-08-31 18:37 . 2010-08-31 18:37   --------   d-----w-   c:\program files\Common Files\Java
2010-08-31 18:37 . 2010-08-31 18:37   --------   d-----w-   c:\program files\Sun
2010-08-30 20:05 . 2010-08-30 20:05   --------   d-----w-   c:\windows\system32\wbem\Repository

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 14:02 . 2010-06-27 04:48   --------   d-----w-   c:\program files\SpeedFan
2010-08-31 18:36 . 2010-04-15 16:04   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-08-31 18:35 . 2010-02-05 04:41   --------   d-----w-   c:\program files\Java
2010-08-30 05:09 . 2010-01-29 01:57   --------   d-----w-   c:\documents and settings\Bonham\Application Data\U3
2010-08-29 14:15 . 2010-05-24 05:30   --------   d-----w-   c:\documents and settings\Bonham\Application Data\Folding@home-x86
2010-08-25 04:31 . 2010-03-25 20:57   --------   d-----w-   c:\program files\FileHippo.com
2010-08-25 04:27 . 2007-03-23 16:44   70696   -c--a-w-   c:\documents and settings\Bonham\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 18:52 . 2008-09-13 17:18   --------   d-----w-   c:\program files\CCleaner
2010-08-16 17:42 . 2007-12-06 17:08   --------   d-----w-   c:\program files\NCH Swift Sound
2010-08-16 04:30 . 2010-02-11 00:49   --------   d-----w-   c:\program files\Opera
2010-08-10 03:56 . 2010-02-02 22:09   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-10 03:54 . 2009-02-07 04:59   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-08-01 19:57 . 2009-02-15 06:38   --------   d-----w-   c:\program files\MSECACHE
2010-07-21 02:47 . 2010-07-21 02:47   --------   d-----w-   c:\documents and settings\Bonham\Application Data\Foxit Software
2010-07-18 05:55 . 2010-07-18 05:10   --------   d-----w-   c:\program files\Motherboard Monitor 5
2010-07-18 04:07 . 2010-04-01 16:29   --------   d-----w-   c:\program files\IZArc
2010-07-18 03:51 . 2010-07-18 03:51   257257   ----a-w-   c:\documents and settings\Bonham\Application Data\OpenCandy\OpenCandy_8BA1ABBB15EF4F428868FEB343C44A8D\DLMGR3.exe
2010-07-18 03:51 . 2010-07-18 03:51   --------   d-----w-   c:\documents and settings\Bonham\Application Data\OpenCandy
2010-07-17 17:34 . 2010-07-17 17:34   63488   ----a-w-   c:\documents and settings\Bonham\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-17 17:34 . 2010-07-17 17:34   52224   ----a-w-   c:\documents and settings\Bonham\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-17 17:34 . 2010-07-17 17:34   117760   ----a-w-   c:\documents and settings\Bonham\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-17 17:33 . 2010-07-17 17:33   --------   d-----w-   c:\documents and settings\Bonham\Application Data\SUPERAntiSpyware.com
2010-07-17 17:32 . 2010-02-13 02:04   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-07-17 04:04 . 2010-07-17 04:04   19724   ----a-w-   c:\program files\FAHlog.txt
2010-07-15 00:13 . 2010-07-15 00:13   1683456   ----a-w-   c:\documents and settings\Bonham\Application Data\Folding@home-x86\FahCore_82.exe
2010-07-12 21:29 . 2006-09-20 00:54   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-12 21:29 . 2010-07-12 21:29   --------   d-----w-   c:\documents and settings\Bonham\Application Data\Intel
2010-07-12 21:29 . 2010-07-12 21:29   --------   d-----w-   c:\documents and settings\Bonham\Application Data\Avocent AdminWorks
2010-07-12 21:29 . 2010-07-12 21:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avocent AdminWorks
2010-07-12 21:29 . 2010-03-01 17:01   --------   d-----w-   c:\program files\Intel
2010-07-12 05:14 . 2006-09-20 00:54   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-07-06 03:27 . 2010-03-18 03:27   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-07-06 03:26 . 2010-03-18 03:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-30 12:31 . 2006-09-20 16:19   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-06-29 03:41   38848   ----a-w-   c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-11-05 15:28   165032   ----a-w-   c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-11-05 15:28   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-11-05 15:28   165456   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-11-05 15:28   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-11-05 15:28   100176   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-11-05 15:28   94544   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-11-05 15:28   17744   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-11-05 15:28   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-06-27 06:09 . 2010-06-27 06:09   4484   ----a-w-   c:\windows\system32\drivers\cpuidlep.sys
2010-06-24 23:57 . 2010-06-24 23:57   2338816   ----a-w-   c:\documents and settings\Bonham\Application Data\Folding@home-x86\FahCore_78.exe
2010-06-24 12:22 . 2006-09-20 16:20   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2007-02-27 00:28   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-09-20 16:19   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-09-20 16:17   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-09-20 16:17   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-20 16:18   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2010-04-07 03:25 . 2010-04-07 03:25   327002   ----a-w-   c:\program files\Jumble.jpg
2010-04-02 00:49 . 2010-04-02 00:49   768191   ----a-w-   c:\program files\scan0001.pdf
2010-04-02 00:29 . 2010-04-02 00:29   5613568   ----a-w-   c:\program files\Doc1.doc
2009-03-31 05:01 . 2009-03-27 14:24   648064   ----a-w-   c:\program files\autoruns.exe
2009-03-31 05:01 . 2009-03-27 14:24   540544   ----a-w-   c:\program files\autorunsc.exe
2009-03-31 05:01 . 2008-12-16 21:46   49244   ----a-w-   c:\program files\autoruns.chm
2009-03-31 05:01 . 2006-07-28 13:32   7005   -c--a-w-   c:\program files\Eula.txt
2007-11-27 06:38 . 2007-11-27 06:41   21216112   -c--a-w-   c:\program files\aaw2007.exe
2007-11-21 22:41 . 2007-11-21 22:41   550690   ----a-w-   c:\program files\sbstar11.exe
2007-11-17 17:06 . 2007-11-17 17:06   3458671   ----a-w-   c:\program files\PCTuneUpSetup.exe
2007-11-15 03:00 . 2007-11-15 03:00   10138931   -c--a-w-   c:\program files\setupLE.exe
2007-06-06 21:31 . 2007-06-06 21:31   6820520   ----a-w-   c:\program files\FirefoxGoogleToolbarSetup.exe
2007-02-26 23:17 . 2007-02-26 23:17   0   -csha-w-   c:\windows\SMINST\HPCD.sys
2006-05-03 10:06 . 2010-03-11 16:16   163328   --sh--r-   c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-11 16:16   31232   --sh--r-   c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-11 16:16   216064   --sh--r-   c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-09-07 251336]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2005-12-02 1687552]
"awTray.exe"="c:\program files\Intel\IDU\awtray.exe" [2005-12-01 1305600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Bonham\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-5-2 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Bonham^Start Menu^Programs^Startup^[email protected]]
path=c:\documents and settings\Bonham\Start Menu\Programs\Startup\[email protected]
backup=c:\windows\pss\[email protected]

[HKLM\~\startupfolder\C:^Documents and Settings^Bonham^Start Menu^Programs^Startup^speedfan.lnk]
path=c:\documents and settings\Bonham\Start Menu\Programs\Startup\speedfan.lnk
backup=c:\windows\pss\speedfan.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:UDP"= 9999:UDP:IDU Service UDP Port
"2804:TCP"= 2804:TCP:IDU Service TCP Port

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/5/2009 10:28 AM 165456]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/30/2010 11:30 AM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/30/2010 11:30 AM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/30/2010 11:30 AM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/5/2009 10:28 AM 17744]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [11/15/2009 6:56 PM 91392]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/30/2010 11:30 AM 1284600]
R3 FVDSCSI;FVDSCSI;c:\windows\system32\drivers\fvdscsi.sys [9/19/2006 8:01 PM 72478]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/25/2010 8:33 PM 58600]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 8:35 PM 135664]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/30/2010 11:30 AM 3364856]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXP.sys [11/29/2005 7:07 AM 40448]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Bonham\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Bonham\Application Data\NVIDIA\HWAccess.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:35]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-21 01:35]

2010-08-30 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-04 17:57]

2010-08-23 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-08-16 17:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mymanitoba.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: uclickgames.com\www
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3912740996-3383120692-1400082210-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3912740996-3383120692-1400082210-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92268181-0295-BF26-2F3E-4FB8F46590D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oadhfdllpnncdggpgjgbnkconemonj"=hex:64,61,67,66,61,62,6e,6f,00,e0
"oahcgkkmfpfalamfmpkiiodoikgbfm"=hex:69,61,6f,67,6b,64,68,70,65,6c,61,69,6e,69,
   68,66,61,6d,00,00
"nabiekbojhpfnondicbhiabbjjlp"=hex:6a,61,67,66,6b,62,65,69,62,61,6b,6b,69,6c,
   6c,63,67,67,66,69,00,fd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(484)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-01  21:49:17
ComboFix-quarantined-files.txt  2010-09-02 02:49

Pre-Run: 204,928,028,672 bytes free
Post-Run: 204,930,916,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - DD18039B09210B0890A2C7774B007488

[SuperDave]

Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove. Ask.com
•Click Delete this entry
******************************
If that doesn't remove Ask, try this.

• Please download AskRemover from here[/URL]
  
• Extract the zip file to your Desktop, then run AskRemover.bat
  
• Allow it to run, and select yes to the registry merge warning.
  
• Copy and paste the resulting log in your next post.

*****************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
Trusted Zone: uclickgames.com\www

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
**********************************
* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

*********************************

[overthehill]

Log as directed. And thanks. overthehill

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/09/02 20:45
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB3A5A000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB8602000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xB8671000   Size: 1664   File Visible: No   Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB7D4A000   Size: 574976   File Visible: -   Signed: -
Status: Hidden from the Windows API!

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2EC9000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xB85AE000   Size: 5248   File Visible: No   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB3E18000   Size: 361600   File Visible: -   Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: c:\documents and settings\bonham\local settings\temp\~df4137.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bonham\local settings\temp\~df4ad1.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bonham\local settings\temp\~dfc118.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\bonham\local settings\temp\~dfcd4c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Bonham\My Documents\My Videos2\THESTA~1.FLV:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Bonham\Local Settings\Apps\2.0\2ZWH516J.NGT\1EHCELG2.P0R\manifests\ClickOnceDeploy.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Bonham\Local Settings\Apps\2.0\2ZWH516J.NGT\1EHCELG2.P0R\manifests\ClickOnceDeploy.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 017   Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c663e0

#: 019   Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c66c10

#: 025   Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6acd2

#: 031   Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c64300

#: 037   Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c73dd0

#: 041   Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6ab8e

#: 046   Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c63e40

#: 047   Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c60b80

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c60f90

#: 050   Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c60440

#: 053   Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c62480

#: 057   Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c630f0

#: 063   Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6b142

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6b06c

#: 068   Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6a764

#: 097   Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c65a00

#: 116   Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c74450

#: 119   Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6ac68

#: 122   Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6a6a4

#: 125   Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c60860

#: 128   Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6a708

#: 137   Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c66860

#: 145   Function Name: NtQueryDirectoryFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c65f80

#: 177   Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6ad88

#: 180   Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c66db0

#: 192   Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6b210

#: 199   Function Name: NtRequestPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c64f00

#: 200   Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c65500

#: 204   Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6ad48

#: 206   Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c638a0

#: 210   Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c646f0

#: 213   Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c62ed0

#: 240   Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c63290

#: 247   Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb3b6aec8

#: 249   Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c658e0

#: 253   Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c63a80

#: 254   Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c63690

#: 255   Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c634a0

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c621e0

#: 258   Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c62cc0

#: 262   Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c65d10

#: 277   Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xb3c66a30

==EOF==

[SuperDave]

Is your computer working any better?

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  ReglockDel::
  [HKEY_USERS\S-1-5-21-3912740996-3383120692-1400082210-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92268181-0295-BF26-2F3E-4FB8F46590D7}*]
  @Allowed: (Read) (RestrictedCode)
  @Allowed: (Read) (RestrictedCode)
  "oadhfdllpnncdggpgjgbnkconemonj"=hex:64,61,67,66,61,62,6e,6f,00,e0
  "oahcgkkmfpfalamfmpkiiodoikgbfm"=hex:69,61,6f,67,6b,64,68,70,65,6c,61,69,6e,69,
     68,66,61,6d,00,00
  "nabiekbojhpfnondicbhiabbjjlp"=hex:6a,61,67,66,6b,62,65,69,62,61,6b,6b,69,6c,
     6c,63,67,67,66,69,00,fd
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

[overthehill]

Well SuperDave thanks. But,this is all that it would produce.

ComboFix 10-09-01.02 - Bonham 09/03/2010  18:22:33.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2512 [GMT -5:00]
Running from: C:\Documents and Settings\Bonham\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bonham\Desktop\CFScript..txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

I followed your instructions, it ran thru 50 processes rebooted the PC and left this message: "Windows cannot access the specified device,path,permissions to access the item". Also MotoConnect.exe, I had to end process. PC locked up and I had to restart.

And no the PC is not running any better. But the PC never did run bad.
I was sent to this forum because I was told that my PC was infected and because I could not access my Removable Storage Drives. The drive icons are still greyed out with a red circle around and a red strike through.

Thanks,overthehill

[SuperDave]

MotoConnect.exe is a program related to Motorola phone or it could be a rogue infection. Do you have that on your computer?

[overthehill]

Yes SuperDave I do. overthehill