Computer Keeps Crashing Please Help

[delmarbd]

Hi SuperDave,
Computer running much faster and smoother now since deleting those all those old picture files that were hogging up all the memory.   No shut downs either today and used it for work today with several windows running abd streaming data with an application.

Here is the new Combo log:

ComboFix 11-04-08.02 - Glenda Pagan 04/09/2011   0:49.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1280.676 [GMT -4:00]
Running from: c:\documents and settings\Glenda Pagan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Glenda Pagan\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-09 to 2011-04-09  )))))))))))))))))))))))))))))))
.
.
2011-04-09 04:41 . 2011-04-09 04:45   --------   dc----r-   C:\32788R22FWJFW
2011-04-04 03:07 . 2011-04-04 03:07   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-03 18:48 . 2008-02-04 05:10   237776   ----a-w-   c:\windows\system32\tpuninst.exe
2011-04-03 05:47 . 2011-04-03 17:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-03 05:47 . 2011-04-03 05:47   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\OnlineArmor
2011-04-03 05:46 . 2011-03-30 23:32   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-03 05:46 . 2011-03-30 23:32   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-03 05:46 . 2011-03-30 23:32   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-03 05:46 . 2011-03-30 23:32   205992   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-03 02:26 . 2011-04-03 02:26   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\SUPERAntiSpyware.com
2011-04-03 01:14 . 2011-04-03 01:14   --------   d-----w-   c:\documents and settings\Glenda Pagan\Application Data\ErrorExpert
2011-04-03 00:25 . 2011-04-03 00:25   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-04-01 21:57 . 2011-04-01 21:57   --------   d-----w-   c:\program files\AMD APP
2011-03-21 23:56 . 2011-03-21 23:56   59904   ----a-w-   c:\windows\system32\OVDecode.dll
2011-03-21 23:55 . 2011-03-21 23:55   12385792   ----a-w-   c:\windows\system32\amdocl.dll
2011-03-13 18:40 . 2010-10-11 14:59   45568   -c----w-   c:\windows\system32\dllcache\wab.exe
2011-03-13 18:36 . 2011-03-13 18:36   --------   d-----w-   c:\program files\Common Files\Java
2011-03-13 18:31 . 2011-03-13 18:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\McAfee
2011-03-11 20:14 . 2011-02-23 14:56   371544   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-23 15:04 . 2010-10-15 23:28   40648   ----a-w-   c:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-22 00:18   190016   ----a-w-   c:\windows\system32\aswBoot.exe
2011-02-23 14:56 . 2010-03-22 00:19   301528   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-22 00:19   49240   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-22 00:19   102232   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2011-02-23 14:55 . 2010-03-22 00:19   96344   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2011-02-23 14:55 . 2010-03-22 00:19   25432   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:54 . 2010-03-22 00:19   30680   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2011-02-23 14:54 . 2010-03-22 00:19   19544   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2002-12-19 15:32   270848   ------w-   c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2002-12-19 15:32   186880   ------w-   c:\windows\system32\encdec.dll
2011-02-03 01:40 . 2010-11-24 21:04   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-02-02 23:19 . 2009-02-22 14:59   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2002-12-19 15:32   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2002-12-19 15:32   677888   ------w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2002-12-19 15:33   439296   ------w-   c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-04_21.28.13   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-08 13:01 . 2011-04-08 13:01   16384              c:\windows\Temp\Perflib_Perfdata_7c4.dat
+ 2011-04-05 15:17 . 2004-11-05 20:35   13104              c:\windows\system32\ReinstallBackups\0018\DriverFiles\L8042Kbd.sys
+ 2011-04-05 15:17 . 2008-04-13 19:39   24576              c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\kbdclass.sys
+ 2011-04-05 15:17 . 2004-08-04 06:14   52736              c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\i8042prt.sys
- 2010-05-26 18:36 . 2004-08-04 06:14   52736              c:\windows\system32\ReinstallBackups\0018\DriverFiles\i386\i8042prt.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   23040              c:\windows\system32\drivers\mouclass.sys
+ 2001-08-17 13:47 . 2004-08-04 05:58   23040              c:\windows\system32\drivers\mouclass.sys
+ 2001-08-17 13:47 . 2008-04-13 18:39   24576              c:\windows\system32\drivers\kbdclass.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   24576              c:\windows\system32\drivers\kbdclass.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   23040              c:\windows\system32\dllcache\mouclass.sys
+ 2001-08-17 13:47 . 2004-08-04 05:58   23040              c:\windows\system32\dllcache\mouclass.sys
- 2001-08-17 13:47 . 2008-04-13 19:39   24576              c:\windows\system32\dllcache\kbdclass.sys
+ 2001-08-17 13:47 . 2008-04-13 18:39   24576              c:\windows\system32\dllcache\kbdclass.sys
+ 2002-12-19 15:33 . 2008-04-14 00:12   7168              c:\windows\system32\dllcache\sensapi.dll
+ 2010-03-14 19:02 . 2011-04-08 20:26   2644              c:\windows\system32\d3d9caps.dat
- 2010-03-14 19:02 . 2011-04-03 05:36   2644              c:\windows\system32\d3d9caps.dat
+ 2002-04-24 18:30 . 2001-08-18 12:00   163328              c:\windows\system32\dllcache\oleacc.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04   122512   ----a-w-   c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="d:\desktop messenger\8876480\Program\BackWeb-8876480.exe" [2005-07-03 20480]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe" [2006-04-06 102400]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-04-06 57344]
"SUPERAntiSpyware"="D:\SUPERAntiSpyware.exe" [2011-03-16 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-02 37888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2002-04-04 1417216]
"Net-It Launcher"="c:\windows\System32\NILaunch.exe" [1998-02-05 24576]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-11-08 684032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-16 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraMD.exe" [2003-09-16 364544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "d:\online armor\oaevent.dll" [2011-03-30 354720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   -c--a-w-   D:\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alarm Manager.LNK]
backup=c:\windows\pss\Alarm Manager.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk]
backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Glenda Pagan^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"LTSMMSG"=LTSMMSG.exe
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ScottradeELITE\\Scottrader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:ScottradeElite
"443:UDP"= 443:UDP:ScottradeElite
"27895:TCP"= 27895:TCP:Gnutella
"27895:UDP"= 27895:UDP:Gnutella
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:14 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/21/2010 8:19 PM 301528]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/3/2011 1:46 AM 205992]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/3/2011 1:46 AM 39048]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/3/2011 1:46 AM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/3/2011 1:46 AM 29464]
R1 SASDIFSV;SASDIFSV;D:\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;D:\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/21/2010 8:19 PM 19544]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [6/8/2000 2:15 PM 50176]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [4/25/2002 6:13 PM 34712]
R2 OAcat;Online Armor Helper Service;d:\online armor\oacat.exe [4/3/2011 1:46 AM 381512]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [7/24/2003 10:09 PM 9292]
R3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [5/26/2010 2:36 PM 22497]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/24/2002 2:30 PM 267136]
S3 ICDUSB;Sony IC Recorder;c:\windows\system32\drivers\ICDUSB.sys [4/16/2003 2:55 PM 26409]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [4/24/2002 2:31 PM 807917]
S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [4/24/2002 2:31 PM 594668]
S3 SvcOnlineArmor;Online Armor;d:\online armor\oasrv.exe [4/3/2011 1:46 AM 4325960]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
S4 CWShredder Service;CWShredder Service;c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service --> c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder[1].exe service [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-09 c:\windows\Tasks\User_Feed_Synchronization-{5B5D6917-909B-4733-9654-DF5E30BA0BE5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &4 - c:\windows\web\AOpenClient.htm
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-09 01:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
[1].exe service"
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CWShredder Service]
"ImagePath"="c:\docume~1\GLENDA~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\89U3SLMN\cwshredder
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(468)
D:\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'Explorer.EXE'(2684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
D:\SASSEH.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
D:\SASCTXMN.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\ATI Multimedia\mlibrary\MLShell.dll
c:\program files\ATI Multimedia\atisserv.dll
c:\program files\ATI Multimedia\mlibrary\mlenu.rsc
c:\windows\system32\btncopy.dll
c:\windows\system32\jscript.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
c:\windows\System32\inetres.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
.
Completion time: 2011-04-09  01:08:39
ComboFix-quarantined-files.txt  2011-04-09 05:08
ComboFix2.txt  2011-04-04 21:34
.
Pre-Run: 3,015,954,432 bytes free
Post-Run: 3,050,127,360 bytes free
.
- - End Of File - - 784B92D8EEB167CA42875F2D5502548A

[SuperDave]

P2P - I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program (LimeWire), it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[delmarbd]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=552b1b6b7c27394faa21791673faea1d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-09 09:47:35
# local_time=2011-04-09 05:47:35 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=770 16774141 100 100 1469628 237740808 0 0
# compatibility_mode=6401 16777214 66 100 0 763334 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=97586
# found=0
# cleaned=0
# scan_time=8005

[SuperDave]

That looks good. Are you still having problems with the computer?

[delmarbd]

Terrific.  It is running great.  Thank you so much!! Should I delete that quarantined file in SuperAntiSpyware?

[SuperDave]

Should I delete that quarantined file in SuperAntiSpyware?

Yes. Let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
******************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[delmarbd]

Thank you SuperDave.  My computer is running better than it has in a long, long time.

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.