11 replies to this topic

[Almira]

Security Tool installed itself on my computer a few days ago. I finally succeeded in installing Malwarebytes in safe mode after many, many tries. The scan I ran in safe mode, for some reason is not in the Mbam log, I don't know why, but judging by how my computer behaved afterward I believe it was successful.

I did, however, jot down the malware it removed on a piece of paper and these were as follows:

Trojan Vundo
Rogue Multiple H
Adware MyWebSearch
Disabled.Security
Trojan.Agent

After rebooting, I ran Malwarebytes again in regular mode (connected to the internet) and this time it only found 1 infection: Adware MyWebSearch (again!).

Next I ran Combo Fix and here is the log:


ComboFix 09-10-08.04 - All Users 10/12/2009 19:02.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.179 [GMT -4:00]
Running from: c:\documents and settings\All Users.D45FSP61\Desktop\winerv.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\goyolafi.dll
c:\windows\system32\hemeyore.dll
c:\windows\system32\pazoyoli.dll
c:\windows\system32\yivivaso.dll
c:\windows\system32\zohihele.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-12 21:38 . 2009-10-12 21:38 -------- d-----w- c:\program files\Trend Micro
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 18:41 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes' Anti-Malware
2009-10-12 18:41 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 18:35 . 2009-10-12 18:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-10-10 12:05 . 2009-10-10 15:21 -------- d-----w- c:\program files\bites
2009-10-10 11:55 . 2009-10-10 11:55 4045528 ----a-w- c:\documents and settings\Administrator\pic.pif.exe
2009-10-10 02:30 . 2009-10-10 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-10 02:28 . 2009-10-10 02:28 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-10 02:28 . 2009-10-10 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-10 02:28 . 2009-10-10 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 01:06 . 2009-10-10 01:06 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\AVG8
2009-10-09 16:13 . 2009-10-09 16:13 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\Malwarebytes
2009-10-09 16:09 . 2009-10-12 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 13:33 . 2009-10-10 00:17 -------- d-----w- c:\documents and settings\bites
2009-10-09 03:18 . 2009-10-09 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 01:09 . 2009-10-09 01:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-09 01:07 . 2009-10-09 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-09 01:07 . 2009-10-09 01:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-08 23:11 . 2009-10-08 23:11 83968 --sh--w- c:\windows\system32\pehowapa.dll
2009-10-08 23:11 . 2009-10-08 23:11 61440 --sh--w- c:\windows\system32\vajolefa.dll
2009-10-08 23:11 . 2009-10-08 23:11 169472 --sh--w- c:\windows\system32\dometubi.dll
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\FastStone
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\program files\FastStone Capture

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 02:58 . 2008-02-18 02:57 -------- d-----w- c:\program files\America Online 9.0
2009-09-21 20:37 . 2009-05-19 17:43 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\V505 Series
2009-08-27 15:46 . 2005-01-30 20:12 37560 -c--a-w- c:\documents and settings\All Users.D45FSP61\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 07:06 . 2009-08-22 07:06 -------- d-----w- c:\program files\MSBuild
2009-08-22 07:06 . 2009-08-22 07:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2004-08-04 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-01-30 15:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 11:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 11:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-12-02 03:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-04 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 02:30 . 2009-07-12 02:30 1050147 --sha-w- c:\windows\SYSTEM32\bebewute.exe
2009-07-10 02:29 . 2009-07-10 02:29 1050659 --sha-w- c:\windows\SYSTEM32\famatoge.exe
2009-07-10 14:29 . 2009-07-10 14:29 1050147 --sha-w- c:\windows\SYSTEM32\jomibeyo.exe
2009-07-08 23:09 . 2009-07-08 23:09 1011755 --sha-w- c:\windows\SYSTEM32\kogukuzu.exe
2009-07-09 14:30 . 2009-07-09 14:30 1050659 --sha-w- c:\windows\SYSTEM32\nowikuje.exe
2009-07-11 14:30 . 2009-07-11 14:30 1050147 --sha-w- c:\windows\SYSTEM32\perisevi.exe
2009-07-10 14:29 . 2009-07-10 14:29 88576 --sha-w- c:\windows\SYSTEM32\pujawewo.dll
2009-07-12 14:30 . 2009-07-12 14:30 1050659 --sha-w- c:\windows\SYSTEM32\rufebapu.exe
2009-07-11 02:29 . 2009-07-11 02:29 1050147 --sha-w- c:\windows\SYSTEM32\tefujuwu.exe
2009-07-11 02:29 . 2009-07-11 02:29 87552 --sha-w- c:\windows\SYSTEM32\viniyare.dll
2009-07-08 23:03 . 2009-07-08 23:03 112128 --sha-w- c:\windows\SYSTEM32\vuwizehe.dll.tmp
2009-07-11 14:30 . 2009-07-11 14:30 88064 --sha-w- c:\windows\SYSTEM32\wewomesu.dll
2009-07-12 02:30 . 2009-07-12 02:30 87552 --sha-w- c:\windows\SYSTEM32\yedopiji.dll
2009-07-08 23:03 . 2009-07-08 23:03 112128 --sha-w- c:\windows\SYSTEM32\yuyopigo.dll.tmp
2009-07-08 23:03 . 2009-07-08 23:03 112128 --sha-w- c:\windows\SYSTEM32\zabotepi.dll.tmp
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\BROWSER.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\CRYPTSVC.DLL

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ASYNCMAC.SYS

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\KBDCLASS.SYS

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\NDIS.SYS

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\IMM32.DLL

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\LPK.DLL
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\LSASS.EXE

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\NETLOGON.DLL

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\POWRPROF.DLL

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\QMGR.DLL

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SCECLI.DLL

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SFC.DLL

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SVCHOST.EXE

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\USERINIT.EXE

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WINLOGON.EXE

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WS2_32.DLL

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\MSVCRT.DLL
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SRSVC.DLL

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WSCNTFY.EXE
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\XMLPROV.DLL

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\EVENTLOG.DLL

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SFCFILES.DLL

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\CTFMON.EXE

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\REGSVC.DLL
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SCHEDSVC.DLL

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SSDPSRV.DLL

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\TERMSRV.DLL

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\AGP440.SYS

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\IP6FW.SYS

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\MSGSVC.DLL

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\NTMSSVC.DLL
.
((((((((((((((((((((((((((((( SnapShot@2009-10-09_23.40.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-12 23:10 . 2009-10-12 23:10 16384 c:\windows\temp\Perflib_Perfdata_3b8.dat
+ 2009-02-25 16:38 . 2009-10-10 02:28 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2009-02-25 16:38 . 2009-02-26 04:25 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-15 3092480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 139264]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-24 98304]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 180224]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-05-25 393216]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2005-04-23 397312]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"dldwmon.exe"="c:\program files\Dell V505\dldwmon.exe" [2008-10-02 677104]
"dldwamon"="c:\program files\Dell V505\dldwamon.exe" [2008-10-02 16624]
"Dell V505 Fax Server"="c:\program files\Dell V505\fm3032.exe" [2008-10-02 312560]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 169984]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Administrator\Application Data\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-1-24 156784]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-3 54776]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\SYSTEM32\\dldwcoms.exe"=
"c:\\Program Files\\Dell V505\\dldwamon.exe"=
"c:\\Program Files\\Dell V505\\frun.exe"=
"c:\\Program Files\\Dell V505\\dldwfax.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\REGSVR32.EXE"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\Residence.exe"=
"c:\\Program Files\\Dell AIO Printer A920\\dlbkbmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=
"c:\\WINDOWS\\SYSTEM32\\TASKMGR.EXE"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\ymetray.exe"=
"c:\\Program Files\\NETGEAR\\WG311T\\wlancfg5.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=

R2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [10/31/2005 11:40 PM 9049]
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [1/24/2005 11:49 AM 23296]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [10/31/2005 11:40 PM 115008]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (D45FSP61-All Users).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2005-01-24 21:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\
FF - component: c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{414397d6-aca7-4d4c-9087-e95979cb0464} - jotejiho.dll
SharedTaskScheduler-{a7f959eb-0229-48d6-8eb4-7911dbfeb3dc} - c:\windows\system32\yudegoku.dll
SSODL-sipeguraz-{a7f959eb-0229-48d6-8eb4-7911dbfeb3dc} - c:\windows\system32\yudegoku.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c6,f8,6a,84,cd,e4,4d,84,a2,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c6,f8,6a,84,cd,e4,4d,84,a2,25,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\windows\SYSTEM32\dldwcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\progra~1\McAfee.com\Shared\mghtml.exe
c:\program files\Dell V505\dldwmsdmon.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\windows\SYSTEM32\FXSSVC.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-10-12 19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 23:17
ComboFix2.txt 2009-10-09 23:46

Pre-Run: 17,688,707,072 bytes free
Post-Run: 17,647,153,152 bytes free

325 --- E O F --- 2009-09-10 07:03


Finally Here is the HJ scan log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:57 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\acs.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\dldwcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell V505\dldwmon.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell V505\dldwMsdMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dldwmon.exe] "C:\Program Files\Dell V505\dldwmon.exe"
O4 - HKLM\..\Run: [dldwamon] "C:\Program Files\Dell V505\dldwamon.exe"
O4 - HKLM\..\Run: [Dell V505 Fax Server] "C:\Program Files\Dell V505\fm3032.exe" /s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\Administrator\Application Data\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.co...inAxControl.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\SYSTEM32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: dldw_device - - C:\WINDOWS\system32\dldwcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 11545 bytes



My computer is currently acting okay, however, if someone could please take a look at these logs (I have no idea how to read them) and let me know if I there is anything still lurking. P.S. I did not delete/fix anything from the HJ scan.

[sUBs]

Delete your current copy of ComboFix. Then visit this webpage for instructions for downloading a fresh copy:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix when you've accomplished that.

[Almira]

Thank You!

Deleted ComboFix and re-installed fresh version. After it scanned and created a log, I lost internet connection and had to re-start the computer (don't know if this is important). That is, usually, in the past, ComboFix automatically reboots the computer and then generates a log but this time it generated a log without an automatic reboot.

This were the results:

ComboFix 09-10-14.09 - All Users 10/15/2009 10:36.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.192 [GMT -4:00]
Running from: c:\documents and settings\All Users.D45FSP61\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pehowapa.dll
c:\windows\system32\pujawewo.dll
c:\windows\system32\vajolefa.dll
c:\windows\system32\viniyare.dll
c:\windows\system32\vuwizehe.dll.tmp
c:\windows\system32\wewomesu.dll
c:\windows\system32\yedopiji.dll
c:\windows\system32\yuyopigo.dll.tmp
c:\windows\system32\zabotepi.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 01:11 . 2009-10-15 01:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt
2009-10-14 22:52 . 2009-08-11 00:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-10-14 22:52 . 2009-05-13 21:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-10-14 22:37 . 2009-10-14 22:37 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\Sunbelt
2009-10-14 22:37 . 2009-10-14 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-10-14 22:31 . 2009-07-15 13:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-10-12 21:38 . 2009-10-12 21:38 -------- d-----w- c:\program files\Trend Micro
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 18:41 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes' Anti-Malware
2009-10-12 18:41 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 18:35 . 2009-10-12 18:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-10-10 12:05 . 2009-10-10 15:21 -------- d-----w- c:\program files\bites
2009-10-10 11:55 . 2009-10-10 11:55 4045528 ----a-w- c:\documents and settings\Administrator\pic.pif.exe
2009-10-10 02:30 . 2009-10-10 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-10 02:28 . 2009-10-10 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-10 02:28 . 2009-10-10 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 01:06 . 2009-10-10 01:06 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\AVG8
2009-10-09 16:13 . 2009-10-09 16:13 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\Malwarebytes
2009-10-09 16:09 . 2009-10-12 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 13:33 . 2009-10-10 00:17 -------- d-----w- c:\documents and settings\bites
2009-10-09 03:18 . 2009-10-09 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 01:09 . 2009-10-09 01:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-09 01:07 . 2009-10-09 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-09 01:07 . 2009-10-09 01:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-08 23:11 . 2009-10-08 23:11 169472 --sh--w- c:\windows\system32\dometubi.dll
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\FastStone
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\program files\FastStone Capture

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 22:31 . 2005-02-02 03:25 -------- d-----w- c:\program files\Sunbelt Software
2009-10-09 02:58 . 2008-02-18 02:57 -------- d-----w- c:\program files\America Online 9.0
2009-09-21 20:37 . 2009-05-19 17:43 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\V505 Series
2009-09-07 18:02 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2009-08-27 15:46 . 2005-01-30 20:12 37560 -c--a-w- c:\documents and settings\All Users.D45FSP61\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 07:06 . 2009-08-22 07:06 -------- d-----w- c:\program files\MSBuild
2009-08-22 07:06 . 2009-08-22 07:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2004-08-04 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-01-30 15:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 11:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 11:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-12-02 03:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-04 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 19:58 . 2009-08-05 19:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-08-05 09:11 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 18:55 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\BROWSER.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\CRYPTSVC.DLL

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ASYNCMAC.SYS

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\KBDCLASS.SYS

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\NDIS.SYS

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\IMM32.DLL

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\LPK.DLL
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\LSASS.EXE

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\NETLOGON.DLL

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\POWRPROF.DLL

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\QMGR.DLL

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SCECLI.DLL

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SFC.DLL

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SVCHOST.EXE

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\USERINIT.EXE

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WINLOGON.EXE

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WS2_32.DLL

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\MSVCRT.DLL
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SRSVC.DLL

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WSCNTFY.EXE
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\XMLPROV.DLL

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\EVENTLOG.DLL

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SFCFILES.DLL

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\CTFMON.EXE

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\REGSVC.DLL
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SCHEDSVC.DLL

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SSDPSRV.DLL

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\TERMSRV.DLL

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\AGP440.SYS

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\IP6FW.SYS

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\MSGSVC.DLL

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\NTMSSVC.DLL
.
((((((((((((((((((((((((((((( SnapShot@2009-10-09_23.40.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 16:38 . 2009-10-10 02:28 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2009-02-25 16:38 . 2009-02-26 04:25 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2007-01-10 21:03 . 2007-01-10 21:03 493400 c:\windows\SYSTEM32\XceedZip.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-14 22:31 . 2009-10-14 22:31 345432 c:\windows\Installer\{72373D02-7E80-4261-91B7-E6F38541D629}\NewShortcut21_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2009-10-14 22:31 . 2009-10-14 22:31 345432 c:\windows\Installer\{72373D02-7E80-4261-91B7-E6F38541D629}\NewShortcut2_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2009-10-14 22:31 . 2009-10-14 22:31 345432 c:\windows\Installer\{72373D02-7E80-4261-91B7-E6F38541D629}\ARPPRODUCTICON.exe
+ 2007-11-15 14:23 . 2007-11-15 14:23 136744 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_wificfg.exe
+ 2007-11-15 14:23 . 2007-11-15 14:23 185896 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_tgshell.exe
+ 2007-11-15 14:24 . 2007-11-15 14:24 579112 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_tgctlsr.dll
+ 2007-11-15 14:24 . 2007-11-15 14:24 370216 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_sdcnetcheck.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-10-14 22:31 . 2009-10-14 22:31 3380224 c:\windows\Installer\a14f22e.msi
+ 2009-05-26 15:10 . 2009-05-26 15:10 3479552 c:\windows\Installer\9b5de5b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-15 3092480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-24 98304]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-05-25 393216]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2005-04-23 397312]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dldwmon.exe"="c:\program files\Dell V505\dldwmon.exe" [2008-10-02 677104]
"dldwamon"="c:\program files\Dell V505\dldwamon.exe" [2008-10-02 16624]
"Dell V505 Fax Server"="c:\program files\Dell V505\fm3032.exe" [2008-10-02 312560]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Administrator\Application Data\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-09-07 959784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-1-24 156784]
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-3 54776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\SYSTEM32\\dldwcoms.exe"=
"c:\\Program Files\\Dell V505\\dldwamon.exe"=
"c:\\Program Files\\Dell V505\\frun.exe"=
"c:\\Program Files\\Dell V505\\dldwfax.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\REGSVR32.EXE"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\Residence.exe"=
"c:\\Program Files\\Dell AIO Printer A920\\dlbkbmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=
"c:\\WINDOWS\\SYSTEM32\\TASKMGR.EXE"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\ymetray.exe"=
"c:\\Program Files\\NETGEAR\\WG311T\\wlancfg5.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=

R1 sbaphd;sbaphd;c:\windows\SYSTEM32\DRIVERS\sbaphd.sys [10/14/2009 6:52 PM 13360]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [8/5/2009 3:58 PM 93872]
R1 sbtis;sbtis;c:\windows\SYSTEM32\DRIVERS\sbtis.sys [10/14/2009 6:31 PM 203056]
R2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/7/2009 2:02 PM 1012040]
R2 sbapifs;sbapifs;c:\windows\SYSTEM32\DRIVERS\sbapifs.sys [10/14/2009 6:52 PM 69936]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [10/31/2005 11:40 PM 9049]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [10/31/2005 11:40 PM 115008]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\
FF - component: c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 10:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c6,f8,6a,84,cd,e4,4d,84,a2,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c6,f8,6a,84,cd,e4,4d,84,a2,25,\
.
Completion time: 2009-10-15 10:46
ComboFix-quarantined-files.txt 2009-10-15 14:46

Pre-Run: 17,428,189,184 bytes free
Post-Run: 17,386,491,904 bytes free

289 --- E O F --- 2009-09-10 07:03

[sUBs]

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@ECHO OFF
(
SWSC QUERYEX CRYPTSVC
SWSC QC CRYPTSVC
SWREG QUERY HKLM\SYSTEM\CurrentControlSet\Services\Cryptsvc /S 
)>Logit.txt
START Logit.txt
DEL %0

Save this as check.bat Choose to "Save type as - All Files"
It should look like this:
Double click on check.bat & allow it to run

Post back to tell me what it says

[sUBs]

c:\documents and settings\bites
C:\program files\bites

Are the above folders created by you? Or do you have any idea what created them? If unsure, take a quick peek in them and tell me what's within

[Almira]

The 'bites' files were created by me. I was trying to be sneaky and download malwarebytes into a folder named something other than 'malwarebytes' cause it kept getting deleted or moved, I really don't know but every time I would finish installing it, I'd get an error box and a message saying mbam.exe could not be found. Anyway, I finally did get it installed and running.

The bites in documents and settings is empty. The one in program files has malwarebytes files/components.

Here are the results of check.bat


SERVICE_NAME: cryptsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 1936
FLAGS :

SERVICE_NAME: CRYPTSVC
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : CryptSvc
DEPENDENCIES : RpcSs
SERVICE_START_NAME : LocalSystem

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc
DependOnService REG_MULTI_SZ RpcSs\0\0
Description REG_SZ Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
DisplayName REG_SZ CryptSvc
ErrorControl REG_DWORD 1 (0x1)
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
ObjectName REG_SZ LocalSystem
Start REG_DWORD 2 (0x2)
Type REG_DWORD 32 (0x20)

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Security
Security REG_BINARY 00000e0001

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cryptsvc\Enum
0 REG_SZ Root\LEGACY_CRYPTSVC\0000
Count REG_DWORD 1 (0x1)
NextInstance REG_DWORD 1 (0x1)

[sUBs]

Open NOTEPAD and copy/paste the text in the quotebox below into it:

http://www.malwarebytes.org/forums/index.php?showtopic=27637&st=0&gopid=143624&#entry143624
COLLECT::
c:\documents and settings\Administrator\pic.pif.exe
c:\windows\system32\dometubi.dll
FOLDER::
c:\documents and settings\bites
C:\program files\bites

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save Report As... button.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

---------------


In your next post, please include fresh logs from:

• Online scan
  
• ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[Almira]

Ten seconds or so into the ComboFix scan I got disconnected from the internet. The scan continued to run and completed. However, a box popped up requesting an internet connection so that that the the malware files could be submitted for further analysis.

I tried clicking 'repair' and "connect" but the only thing that happened was a pop up box stating I had to disable the wireless network first. Except I can't. I get the following message.

Not possible to disable. The connection may be using one or more protocols that do not support Plug and Play or it may have been initiated by another used on the system account.

I disabled/and enabled Netgear through the Device Manager but it was no good. This time I got a 'connection failed' notice when I tried to re-connect to the internet. In the end, I had to reboot to get back on.

This is the log:

ComboFix 09-10-14.09 - All Users 10/15/2009 18:43.6.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.193 [GMT -4:00]
Running from: c:\documents and settings\All Users.D45FSP61\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\All Users.D45FSP61\Desktop\CFScript.txt
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: McAfee Personal Firewall Plus *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

file zipped: c:\documents and settings\Administrator\pic.pif.exe
file zipped: c:\windows\system32\dometubi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\pic.pif.exe
c:\documents and settings\bites
c:\program files\bites
c:\program files\bites\changes.rtf
c:\program files\bites\Languages\albanian.lng
c:\program files\bites\Languages\arabic.lng
c:\program files\bites\Languages\bosnian.lng
c:\program files\bites\Languages\bulgarian.lng
c:\program files\bites\Languages\catalan.lng
c:\program files\bites\Languages\chineseSI.lng
c:\program files\bites\Languages\chineseTR.lng
c:\program files\bites\Languages\croatian.lng
c:\program files\bites\Languages\czech.lng
c:\program files\bites\Languages\danish.lng
c:\program files\bites\Languages\dutch.lng
c:\program files\bites\Languages\english.lng
c:\program files\bites\Languages\estonian.lng
c:\program files\bites\Languages\finnish.lng
c:\program files\bites\Languages\french.lng
c:\program files\bites\Languages\german.lng
c:\program files\bites\Languages\greek.lng
c:\program files\bites\Languages\hebrew.lng
c:\program files\bites\Languages\hungarian.lng
c:\program files\bites\Languages\italian.lng
c:\program files\bites\Languages\korean.lng
c:\program files\bites\Languages\latvian.lng
c:\program files\bites\Languages\macedonian.lng
c:\program files\bites\Languages\norwegian.lng
c:\program files\bites\Languages\polish.lng
c:\program files\bites\Languages\portugueseBR.lng
c:\program files\bites\Languages\portuguesePT.lng
c:\program files\bites\Languages\romanian.lng
c:\program files\bites\Languages\russian.lng
c:\program files\bites\Languages\serbian.lng
c:\program files\bites\Languages\slovak.lng
c:\program files\bites\Languages\slovenian.lng
c:\program files\bites\Languages\spanish.lng
c:\program files\bites\Languages\swedish.lng
c:\program files\bites\Languages\turkish.lng
c:\program files\bites\Languages\ukrainian.lng
c:\program files\bites\license.txt
c:\program files\bites\mbam.chm
c:\program files\bites\mbam.dll
c:\program files\bites\mbamext.dll
c:\program files\bites\mbamgui.exe
c:\program files\bites\mbamservice.exe
c:\program files\bites\ssubtmr6.dll
c:\program files\bites\unins000.dat
c:\program files\bites\unins000.exe
c:\program files\bites\unins000.msg
c:\program files\bites\vbalsgrid6.ocx
c:\program files\bites\zlib.dll
c:\windows\system32\dometubi.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 20:40 . 2009-10-15 20:40 -------- d-----w- c:\windows\LastGood
2009-10-15 01:11 . 2009-10-15 01:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sunbelt
2009-10-14 22:52 . 2009-08-11 00:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2009-10-14 22:52 . 2009-05-13 21:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2009-10-14 22:37 . 2009-10-14 22:37 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\Sunbelt
2009-10-14 22:37 . 2009-10-14 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-10-14 22:31 . 2009-07-15 13:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-10-12 21:38 . 2009-10-12 21:38 -------- d-----w- c:\program files\Trend Micro
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-12 18:41 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-12 18:41 . 2009-10-12 18:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes' Anti-Malware
2009-10-12 18:41 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-12 18:35 . 2009-10-12 18:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-10-10 02:30 . 2009-10-10 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-10 02:28 . 2009-10-10 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-10 02:28 . 2009-10-10 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 01:06 . 2009-10-10 01:06 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\AVG8
2009-10-09 16:13 . 2009-10-09 16:13 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\Malwarebytes
2009-10-09 16:09 . 2009-10-12 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-09 03:18 . 2009-10-09 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-09 01:09 . 2009-10-09 01:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-09 01:07 . 2009-10-09 01:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-10-09 01:07 . 2009-10-09 01:07 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 22:31 . 2005-02-02 03:25 -------- d-----w- c:\program files\Sunbelt Software
2009-10-09 02:58 . 2008-02-18 02:57 -------- d-----w- c:\program files\America Online 9.0
2009-09-21 20:37 . 2009-05-19 17:43 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\V505 Series
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\documents and settings\All Users.D45FSP61\Application Data\FastStone
2009-09-15 19:17 . 2009-09-15 19:17 -------- d-----w- c:\program files\FastStone Capture
2009-09-07 18:02 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe
2009-08-27 15:46 . 2005-01-30 20:12 37560 -c--a-w- c:\documents and settings\All Users.D45FSP61\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 07:06 . 2009-08-22 07:06 -------- d-----w- c:\program files\MSBuild
2009-08-22 07:06 . 2009-08-22 07:06 -------- d-----w- c:\program files\Reference Assemblies
2009-08-06 23:24 . 2004-08-04 11:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 11:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-01-30 15:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 11:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 11:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-12-02 03:58 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-04 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 19:58 . 2009-08-05 19:58 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-08-05 09:11 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\BROWSER.DLL

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\CRYPTSVC.DLL

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ASYNCMAC.SYS

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\BEEP.SYS

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\KBDCLASS.SYS

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\NDIS.SYS

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\NULL.SYS

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\IMM32.DLL

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\LPK.DLL
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\LSASS.EXE

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\fbdd9f75315c1cf9ff63f37aaca267d3\sp2qfe\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\NETLOGON.DLL

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\POWRPROF.DLL

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\QMGR.DLL

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SCECLI.DLL

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SFC.DLL

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SVCHOST.EXE

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\USERINIT.EXE

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WINLOGON.EXE

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WS2_32.DLL

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\SYSTEM32\MSVCRT.DLL
[-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\MSVCRT.DLL
[-] 2004-08-04 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\MSVCRT.DLL

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SRSVC.DLL

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\WSCNTFY.EXE
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\XMLPROV.DLL

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\EVENTLOG.DLL

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SFCFILES.DLL

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\CTFMON.EXE

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\REGSVC.DLL
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DLLCACHE\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SCHEDSVC.DLL

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\SSDPSRV.DLL

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\TERMSRV.DLL

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\AGP440.SYS

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\ACPIEC.SYS

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\IP6FW.SYS

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\MSGSVC.DLL

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 11:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\NTMSSVC.DLL
.
((((((((((((((((((((((((((((( SnapShot@2009-10-09_23.40.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-25 16:38 . 2009-10-10 02:28 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2009-02-25 16:38 . 2009-02-26 04:25 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2007-01-10 21:03 . 2007-01-10 21:03 493400 c:\windows\SYSTEM32\XceedZip.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-10-14 22:31 . 2009-10-14 22:31 345432 c:\windows\Installer\{72373D02-7E80-4261-91B7-E6F38541D629}\NewShortcut21_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2009-10-14 22:31 . 2009-10-14 22:31 345432 c:\windows\Installer\{72373D02-7E80-4261-91B7-E6F38541D629}\NewShortcut2_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2009-10-14 22:31 . 2009-10-14 22:31 345432 c:\windows\Installer\{72373D02-7E80-4261-91B7-E6F38541D629}\ARPPRODUCTICON.exe
+ 2007-11-15 14:23 . 2007-11-15 14:23 136744 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_wificfg.exe
+ 2007-11-15 14:23 . 2007-11-15 14:23 185896 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_tgshell.exe
+ 2007-11-15 14:24 . 2007-11-15 14:24 579112 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_tgctlsr.dll
+ 2007-11-15 14:24 . 2007-11-15 14:24 370216 c:\windows\Installer\$PatchCache$\Managed\55EEFB3E2E930EB49B6698EF8583221C\2.0.7311\file_sdcnetcheck.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-10-14 22:31 . 2009-10-14 22:31 3380224 c:\windows\Installer\a14f22e.msi
+ 2009-05-26 15:10 . 2009-05-26 15:10 3479552 c:\windows\Installer\9b5de5b.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-15 3092480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-23 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-01-24 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-24 98304]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 57344]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"2wSysTray"="c:\program files\2Wire\2PortalMon.exe" [2004-05-25 393216]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-12 1005096]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2005-04-23 397312]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dldwmon.exe"="c:\program files\Dell V505\dldwmon.exe" [2008-10-02 677104]
"dldwamon"="c:\program files\Dell V505\dldwamon.exe" [2008-10-02 16624]
"Dell V505 Fax Server"="c:\program files\Dell V505\fm3032.exe" [2008-10-02 312560]
"Malwarebytes Anti-Malware (reboot)"="c:\documents and settings\Administrator\Application Data\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-09-07 959784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-1-24 156784]
NETGEAR WG311T Smart Wizard.lnk - c:\program files\NETGEAR\WG311T\wlancfg5.exe [2006-2-22 1486848]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-3 54776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\SYSTEM32\\dldwcoms.exe"=
"c:\\Program Files\\Dell V505\\dldwamon.exe"=
"c:\\Program Files\\Dell V505\\frun.exe"=
"c:\\Program Files\\Dell V505\\dldwfax.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\WINDOWS\\SYSTEM32\\REGSVR32.EXE"=
"c:\\Program Files\\Sony Corporation\\Picture Package\\Picture Package Applications\\Residence.exe"=
"c:\\Program Files\\Dell AIO Printer A920\\dlbkbmon.exe"=
"c:\\WINDOWS\\SYSTEM32\\hkcmd.exe"=
"c:\\WINDOWS\\SYSTEM32\\TASKMGR.EXE"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\ymetray.exe"=
"c:\\Program Files\\NETGEAR\\WG311T\\wlancfg5.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ycommon.exe"=

R1 sbaphd;sbaphd;c:\windows\SYSTEM32\DRIVERS\sbaphd.sys [10/14/2009 6:52 PM 13360]
R1 SBRE;SBRE;c:\windows\SYSTEM32\DRIVERS\SBREDrv.sys [8/5/2009 3:58 PM 93872]
R1 sbtis;sbtis;c:\windows\SYSTEM32\DRIVERS\sbtis.sys [10/14/2009 6:31 PM 203056]
R2 dldw_device;dldw_device;c:\windows\system32\dldwcoms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/7/2009 2:02 PM 1012040]
R2 sbapifs;sbapifs;c:\windows\SYSTEM32\DRIVERS\sbapifs.sys [10/14/2009 6:52 PM 69936]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [10/31/2005 11:40 PM 9049]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [10/31/2005 11:40 PM 115008]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\
FF - component: c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: c:\documents and settings\All Users.D45FSP61\Application Data\Mozilla\Firefox\Profiles\tv9tmlhi.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 18:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c6,f8,6a,84,cd,e4,4d,84,a2,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,c6,f8,6a,84,cd,e4,4d,84,a2,25,\
.
Completion time: 2009-10-15 18:53
ComboFix-quarantined-files.txt 2009-10-15 22:53
ComboFix2.txt 2009-10-15 14:46

Pre-Run: 17,256,165,376 bytes free
Post-Run: 17,208,250,368 bytes free

334 --- E O F --- 2009-09-10 07:03


Was unable to get kapersky to run. I updated Java and made sure that my anti-virus active protection was off but the 'accept' box remained grayed out.

[sUBs]

Let's use a different scanner


ESET Online Scanner

• Please go to the following link ESET Online Scanner Link
  
• Tick the box YES, I accept the Terms Of Use
  
• Click the Start button
  
• Now click the Install button
  
• Click Start
  
  The scanner engine will initialise and update
  
  
• Do Not tick the box Remove found threats
  
• Click the Scan button
  
  The scan will now run, please be patient
  
  
• When the scan finishes click the Details tab
  
• Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.

[Almira]

Okay. The ESET worked much better!

On the first try, the scan stopped on its own after 31 minutes. (My screen went to power save, not sure if this was the cause.) I ran it again and this time ESET scanned all the way through. It didn't give me an automatic log in the Program Files but an option to save as a txt file which I did.

Results:

C:\Qoobox\Quarantine\[4]-Submit_2009-10-15_18.43.03.zip a variant of Win32/Kryptik.AVG trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gonaludu.dll.vir a variant of Win32/Adware.SuperJuan.F application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\goyolafi.dll.vir a variant of Win32/AntiAV.NCZ trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\hemeyore.dll.vir a variant of Win32/AntiAV.NCZ trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\lijaduhi.dll.vir a variant of Win32/AntiAV.NCZ trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pazoyoli.dll.vir a variant of Win32/AntiAV.NCZ trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\pujawewo.dll.vir a variant of Win32/Adware.Virtumonde.NFT application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\viniyare.dll.vir a variant of Win32/Adware.Virtumonde.NFT application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\wewomesu.dll.vir a variant of Win32/Adware.Virtumonde.NFT application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yedopiji.dll.vir a variant of Win32/Adware.Virtumonde.NFT application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yivivaso.dll.vir a variant of Win32/AntiAV.NCZ trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yotetefu.dll.vir a variant of Win32/Kryptik.AVG trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yudegoku.dll.vir a variant of Win32/Adware.Virtumonde.NFT application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zibuzuhu.dll.vir a variant of Win32/Adware.SuperJuan.F application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\zohihele.dll.vir a variant of Win32/AntiAV.NCZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1726\A0076487.exe a variant of Win32/Kryptik.ATL trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1726\A0076524.exe a variant of Win32/Kryptik.ATL trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1726\A0076596.exe a variant of Win32/Kryptik.ATL trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0076768.exe probably a variant of Win32/Adware.RogueApp application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0076798.dll a variant of Win32/Adware.SuperJuan.F application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0076799.dll a variant of Win32/Kryptik.AVG trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0076800.dll a variant of Win32/Adware.SuperJuan.F application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078301.exe a variant of Win32/Kryptik.AUB trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078303.exe a variant of Win32/Kryptik.AEA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078305.exe a variant of Win32/Kryptik.AEA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078307.exe a variant of Win32/Kryptik.AEA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078309.exe a variant of Win32/Kryptik.AEA trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078311.dll a variant of Win32/Adware.SuperJuan.F application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078312.dll a variant of Win32/Adware.SuperJuan.F application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078313.dll Win32/KillAV.NFO trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078315.dll a variant of Win32/Adware.Virtumonde.NFT application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078333.exe a variant of Win32/Kryptik.AUB trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078444.dll a variant of Win32/AntiAV.NCZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078445.dll a variant of Win32/AntiAV.NCZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078446.dll a variant of Win32/AntiAV.NCZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078447.dll a variant of Win32/AntiAV.NCZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1727\A0078448.dll a variant of Win32/AntiAV.NCZ trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1730\A0078951.dll a variant of Win32/Adware.Virtumonde.NFT application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1730\A0078953.dll a variant of Win32/Adware.Virtumonde.NFT application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1730\A0078954.dll a variant of Win32/Adware.Virtumonde.NFT application
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1730\A0078955.dll a variant of Win32/Adware.Virtumonde.NFT application

[sUBs]

Of the stuff found,

C:\QooBox is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while


----------------------


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

• Uninstall ComboFix ... do not skip this step
  This process will perform some post cleanup measures.
  Do this by going to to Start > Run & typing in ComboFix /u
  
  
  
  
• ANTIVIRUS SOFTWARE
  It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
  
  
• Microsoft Windows Update → http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
  
• http://www.mozilla.o...oducts/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
  
• http://www.aumha.org...erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywarein...showtopic=60955

After doing all these, your system will be optimised against future threats.
.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[Almira]

Alrighty roo. ComboFix is uninstalled. A check on Automated updates, Firefox, SunJava and I do have an anti-virus now (which I didn't before all this happened, sigh.)

I downloaded ERUNT and ran it (err, I hope that was what I was suppose to do and didn't get ahead of you) and it gave me a message about having created a back-up of the registry.

Thank so you much!!!!