I just got everything clean on this system recently. I've got Avast! running and just scanned with AdAware and Spybot with AdAware finding only cookies. But when I scanned with Malwarebytes Anti-Malware it found 2 registry key entries for "Rogue.WinAntiVirus". I let it delete them but since I thought I had been cautious, I was surprised to see these 2 things turn up. Is this something I need to address further?

Here's the Malwarebytes log:

Malwarebytes' Anti-Malware 1.38
Database version: 2373
Windows 5.1.2600 Service Pack 3

7/14/2009 9:12:46 PM
mbam-log-2009-07-14 (21-12-46).txt

Scan type: Quick Scan
Objects scanned: 120013
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000162-9980-0010-8000-00aa00389b71} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.
• When the tool is finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Here are the logs.

ComboFix 09-07-14.08 - Randy Williams 07/16/2009 12:26.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.263 [GMT -4:00]
Running from: c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1482476501-602609370-725345543-1003
c:\windows\Installer\49e3d.msp
c:\windows\Installer\49e53.msp
c:\windows\Installer\49e6d.msp
c:\windows\Installer\49efe.msp
c:\windows\Installer\49f14.msp
c:\windows\Installer\49f2a.msp
c:\windows\Installer\49f40.msp
c:\windows\Installer\49f5e.msp
c:\windows\Installer\49f74.msp
c:\windows\Installer\49f8b.msp
c:\windows\Installer\49fa1.msp
c:\windows\Installer\49fb8.msp
c:\windows\Installer\49fcf.msp
c:\windows\Installer\49fe5.msp
c:\windows\Installer\49ffc.msp
c:\windows\Installer\4a012.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 01:45 . 2009-07-16 01:45 -------- d-----w- c:\windows\LastGood
2009-07-15 07:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-15 07:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-13 23:31 . 2009-07-13 23:31 -------- d-----w- c:\program files\CDisplay
2009-07-13 21:00 . 2009-07-13 23:21 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-13 20:55 . 2009-07-13 20:55 -------- d-----w- c:\program files\AC3Filter
2009-07-11 20:06 . 2009-07-11 20:06 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\dvdcss
2009-07-07 22:07 . 2009-07-07 22:07 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Forte
2009-07-07 22:07 . 2009-07-09 23:40 -------- d-----w- c:\program files\Agent
2009-07-05 19:14 . 2009-07-05 19:14 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Symantec_Corporation
2009-07-05 16:57 . 2007-03-29 00:12 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-05 16:57 . 2007-03-29 00:12 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-05 16:57 . 2007-03-29 00:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-05 16:57 . 2007-03-29 00:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-07-05 16:57 . 2007-03-29 00:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-07-05 16:57 . 2007-03-29 00:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-07-05 16:56 . 2009-07-05 16:56 -------- d-----w- c:\program files\Norton Ghost
2009-07-05 16:55 . 2009-07-05 16:55 -------- d-----w- c:\program files\Symantec
2009-07-04 19:39 . 2008-08-18 20:25 40464 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-07-04 19:39 . 2009-07-04 19:39 -------- d-----w- c:\program files\Paragon Software
2009-07-03 18:33 . 2000-06-23 21:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-07-03 18:33 . 2000-06-22 20:09 56320 ------w- c:\windows\system32\iyvu9_32.dll
2009-07-03 18:33 . 2009-07-03 18:33 -------- d-----w- c:\program files\Ligos
2009-07-03 07:09 . 2007-04-17 09:32 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-07-03 07:09 . 2008-10-16 20:24 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 07:09 . 2008-10-16 20:24 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 07:09 . 2008-10-16 20:24 267776 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 07:09 . 2008-10-16 20:24 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-07-03 07:09 . 2008-10-16 12:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-07-03 07:09 . 2008-10-16 20:24 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-07-03 07:09 . 2008-10-16 20:24 6068224 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-02 18:46 . 2009-07-02 18:46 -------- d-----w- c:\windows\Sun
2009-07-02 18:45 . 2009-07-02 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 18:45 . 2009-07-02 18:45 -------- d-----w- c:\program files\Java
2009-07-02 18:44 . 2009-07-02 18:44 152576 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-02 04:58 . 2009-07-02 04:58 -------- d-----w- c:\program files\Trend Micro
2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\program files\Common Files\wsm
2009-07-02 00:46 . 2009-07-02 01:54 -------- d-----w- c:\program files\Kate's Video Joiner
2009-07-01 23:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-01 23:24 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-01 21:37 . 2007-03-04 11:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2009-07-01 21:37 . 2007-03-04 11:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2009-07-01 21:29 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-01 21:29 . 2009-07-01 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-01 21:04 . 2009-07-01 21:06 -------- d-----w- c:\program files\VideoLAN
2009-07-01 20:58 . 2009-07-01 21:01 -------- d-----w- c:\program files\ESTsoft
2009-07-01 20:58 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-07-01 20:58 . 2008-05-09 10:53 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll
2009-07-01 20:58 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-07-01 20:58 . 2008-05-09 10:53 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-07-01 20:58 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-07-01 20:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-07-01 20:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-07-01 20:43 . 2009-07-01 21:36 737280 ----a-w- c:\windows\iun6002.exe
2009-07-01 20:42 . 2009-07-02 00:26 -------- d-----w- c:\program files\Replay Converter
2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Malwarebytes
2009-07-01 20:31 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-01 20:31 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 18:50 . 2009-07-01 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-01 18:48 . 2009-07-01 18:36 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-01 18:35 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-----w- c:\program files\Lavasoft
2009-07-01 17:20 . 2009-07-01 20:51 -------- d-----w- c:\program files\Media Player Classic
2009-07-01 17:19 . 2009-07-13 23:33 -------- d-----w- c:\program files\Software (Uninstalled)
2009-07-01 17:18 . 2009-07-01 17:18 -------- d-----w- c:\program files\SmartPar
2009-07-01 04:18 . 2009-07-15 20:53 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\dwhelper
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\scripting
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\en
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\bits
2009-07-01 01:13 . 2009-07-01 01:16 -------- d-----w- c:\windows\ServicePackFiles
2009-07-01 00:29 . 2009-07-01 00:29 -------- d-----w- c:\program files\MSXML 4.0
2009-07-01 00:29 . 2007-08-11 03:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-01 00:16 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-01 00:16 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-01 00:16 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2009-07-01 00:16 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-07-01 00:16 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-07-01 00:16 . 2009-06-03 19:09 1291264 -c----w- c:\windows\system32\dllcache\quartz.dll
2009-07-01 00:16 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll
2009-07-01 00:16 . 2008-12-05 06:54 144896 -c----w- c:\windows\system32\dllcache\schannel.dll
2009-07-01 00:10 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-07-01 00:09 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-01 00:08 . 2008-04-14 00:11 48640 ------w- c:\windows\system32\dhcpqec.dll
2009-07-01 00:07 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-06-30 22:19 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-30 19:10 . 2009-06-30 19:10 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Help
2009-06-30 19:06 . 2009-06-30 19:10 -------- d-----w- c:\program files\yProxy
2009-06-30 19:05 . 2009-06-30 19:05 -------- d-----w- c:\program files\MasterSplitter
2009-06-30 19:01 . 2009-06-30 19:01 87608 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ezpinst.exe
2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\pcouffin.sys
2009-06-30 19:01 . 2009-06-30 19:01 -------- d-----w- c:\program files\vso
2009-06-30 18:46 . 2009-06-30 18:46 -------- d-----w- c:\program files\Ahead
2009-06-30 06:59 . 2009-07-01 02:18 -------- d-----w- c:\program files\Unlocker
2009-06-30 06:56 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\WinZip
2009-06-30 06:55 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-06-30 06:29 . 2009-06-30 07:28 -------- d-----w- c:\program files\Collectorz.com
2009-06-30 06:17 . 2009-06-30 06:17 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Collectorz.com
2009-06-30 03:22 . 2009-06-30 03:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft
2009-06-30 03:20 . 2009-06-30 06:21 -------- d-----w- c:\program files\SlySoft
2009-06-30 02:12 . 2009-06-30 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Elaborate Bytes
2009-06-30 02:08 . 2009-06-30 06:21 -------- d-----w- c:\program files\Elaborate Bytes
2009-06-30 02:06 . 2004-03-22 18:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-30 01:51 . 2009-06-30 01:51 -------- d-----w- c:\program files\Nero
2009-06-30 01:41 . 2009-06-30 01:41 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\AdobeUM
2009-06-30 01:27 . 2009-06-30 01:27 -------- d-----w- c:\program files\Macromedia
2009-06-30 00:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-30 00:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-30 00:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-30 00:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-30 00:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-30 00:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-30 00:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-30 00:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-30 00:09 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-30 00:09 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-30 00:09 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-06-30 00:09 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-06-29 23:56 . 2009-06-29 23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-29 01:06 . 2009-06-29 01:06 -------- d-----w- c:\program files\MSXML 6.0
2009-06-29 00:57 . 2009-07-16 01:49 -------- d-----w- c:\windows\$hf_mig$
2009-06-28 02:33 . 2009-06-28 02:33 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ESTSoft
2009-06-27 23:52 . 2009-06-27 23:52 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 01:18 . 2009-06-27 02:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 02:11 . 2009-06-30 02:09 48 --sha-w- c:\windows\S96F82252.tmp
2009-06-27 03:13 . 2009-06-27 03:13 184 ----a-w- c:\windows\system32\e000001.dat
2009-06-27 02:54 . 2009-06-25 06:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-25 06:56 . 2009-06-25 06:56 -------- d-----w- c:\program files\microsoft frontpage
2009-06-16 14:36 . 2007-09-20 05:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-09-20 05:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2009-07-15 07:32 1291264 ----a-w- c:\windows\system32\SET5F8.tmp
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-03 03:00 . 2009-06-30 00:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-30 5828608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-29 2037352]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-29 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-25 113664]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]
yProxy.lnk - c:\program files\yProxy\yProxy.exe [2009-6-30 514560]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [7/4/2009 3:39 PM 40464]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/1/2009 2:36 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/29/2009 8:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2009 8:09 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:36]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Mozilla\Firefox\Profiles\lhbgqiib.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - msn.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 12:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-16 12:34
ComboFix-quarantined-files.txt 2009-07-16 16:33

Pre-Run: 145,206,476,800 bytes free
Post-Run: 146,139,303,936 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Windows XP/2003"

256 --- E O F --- 2009-07-16 01:49




-------------------------------------------------------------------------------------------------------------------------------------------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:03 PM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\yProxy\yProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: yProxy.lnk = C:\Program Files\yProxy\yProxy.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

--
End of file - 8602 bytes

STEP 01
Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines


Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

• Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
• Disconnect from the Internet.
• Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
• A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
• It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 02

Download and install CCleaner
• CCleaner
• Double-click on the downloaded file "ccsetup220_slim.exe" and install the application.
• Keep the default installation folder "C:\Program Files\CCleaner"
• Click finish when done and close ALL PROGRAMS
• Start the CCleaner program.
• Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
• Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
• Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
• Click on Run Cleaner button on the bottom right side of the program.
• Click OK to any prompts

STEP 03
Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply

Here's the ComboFix log.

ComboFix 09-07-14.08 - Randy Williams 07/17/2009 11:10.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.271 [GMT -4:00]
Running from: c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Desktop\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090716-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\yProxy.lnk"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\yProxy.lnk
c:\program files\yProxy
c:\program files\yProxy\INSTALL.LOG
c:\program files\yProxy\license.txt
c:\program files\yProxy\UNWISE.EXE
c:\program files\yProxy\yProxy.exe
c:\program files\yProxy\yProxy.GID
c:\program files\yProxy\yProxy.hlp

.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-15 07:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-15 07:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-13 23:31 . 2009-07-13 23:31 -------- d-----w- c:\program files\CDisplay
2009-07-13 21:00 . 2009-07-13 23:21 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-13 20:55 . 2009-07-13 20:55 -------- d-----w- c:\program files\AC3Filter
2009-07-11 20:06 . 2009-07-11 20:06 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\dvdcss
2009-07-07 22:07 . 2009-07-07 22:07 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Forte
2009-07-07 22:07 . 2009-07-09 23:40 -------- d-----w- c:\program files\Agent
2009-07-05 19:14 . 2009-07-05 19:14 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Symantec_Corporation
2009-07-05 16:57 . 2007-03-29 00:12 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-05 16:57 . 2007-03-29 00:12 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-05 16:57 . 2007-03-29 00:49 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-05 16:57 . 2007-03-29 00:23 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-07-05 16:57 . 2007-03-29 00:29 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-07-05 16:57 . 2007-03-29 00:29 131944 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-07-05 16:56 . 2009-07-05 16:56 -------- d-----w- c:\program files\Norton Ghost
2009-07-05 16:55 . 2009-07-05 16:55 -------- d-----w- c:\program files\Symantec
2009-07-04 19:39 . 2008-08-18 20:25 40464 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2009-07-04 19:39 . 2009-07-04 19:39 -------- d-----w- c:\program files\Paragon Software
2009-07-03 18:33 . 2000-06-23 21:05 136704 ----a-w- c:\windows\system32\iacenc.dll
2009-07-03 18:33 . 2000-06-22 20:09 56320 ------w- c:\windows\system32\iyvu9_32.dll
2009-07-03 18:33 . 2009-07-03 18:33 -------- d-----w- c:\program files\Ligos
2009-07-03 07:09 . 2007-04-17 09:32 2455488 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-07-03 07:09 . 2008-10-16 20:24 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 07:09 . 2008-10-16 20:24 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 07:09 . 2008-10-16 20:24 267776 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 07:09 . 2008-10-16 20:24 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-07-03 07:09 . 2008-10-16 12:46 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-07-03 07:09 . 2008-10-16 20:24 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-07-03 07:09 . 2008-10-16 20:24 6068224 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-02 18:46 . 2009-07-02 18:46 -------- d-----w- c:\windows\Sun
2009-07-02 18:45 . 2009-07-02 18:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 18:45 . 2009-07-02 18:45 -------- d-----w- c:\program files\Java
2009-07-02 18:44 . 2009-07-02 18:44 152576 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-02 04:58 . 2009-07-02 04:58 -------- d-----w- c:\program files\Trend Micro
2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\program files\Common Files\wsm
2009-07-02 00:46 . 2009-07-02 01:54 -------- d-----w- c:\program files\Kate's Video Joiner
2009-07-01 23:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-07-01 23:24 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-07-01 21:37 . 2007-03-04 11:55 1936528 ----a-w- c:\windows\system32\ltmm15.dll
2009-07-01 21:37 . 2007-03-04 11:55 135168 ----a-w- c:\windows\system32\DSKernel2.dll
2009-07-01 21:29 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-07-01 21:29 . 2009-07-01 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-01 21:04 . 2009-07-01 21:06 -------- d-----w- c:\program files\VideoLAN
2009-07-01 20:58 . 2009-07-01 21:01 -------- d-----w- c:\program files\ESTsoft
2009-07-01 20:58 . 2008-05-09 10:53 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2009-07-01 20:58 . 2008-05-09 10:53 430080 -c----w- c:\windows\system32\dllcache\vbscript.dll
2009-07-01 20:58 . 2008-05-09 10:53 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2009-07-01 20:58 . 2008-05-09 10:53 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-07-01 20:58 . 2008-05-09 10:53 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2009-07-01 20:58 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2009-07-01 20:58 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2009-07-01 20:43 . 2009-07-01 21:36 737280 ----a-w- c:\windows\iun6002.exe
2009-07-01 20:42 . 2009-07-02 00:26 -------- d-----w- c:\program files\Replay Converter
2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Malwarebytes
2009-07-01 20:31 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-07-01 20:31 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 20:31 . 2009-07-01 20:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 18:50 . 2009-07-01 18:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-01 18:48 . 2009-07-01 18:36 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-01 18:35 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-01 18:35 . 2009-07-01 18:35 -------- d-----w- c:\program files\Lavasoft
2009-07-01 17:20 . 2009-07-01 20:51 -------- d-----w- c:\program files\Media Player Classic
2009-07-01 17:19 . 2009-07-13 23:33 -------- d-----w- c:\program files\Software (Uninstalled)
2009-07-01 17:18 . 2009-07-01 17:18 -------- d-----w- c:\program files\SmartPar
2009-07-01 04:18 . 2009-07-15 20:53 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\dwhelper
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\scripting
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\en
2009-07-01 01:16 . 2009-07-01 01:16 -------- d-----w- c:\windows\system32\bits
2009-07-01 01:13 . 2009-07-01 01:16 -------- d-----w- c:\windows\ServicePackFiles
2009-07-01 00:29 . 2009-07-01 00:29 -------- d-----w- c:\program files\MSXML 4.0
2009-07-01 00:29 . 2007-08-11 03:46 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-01 00:16 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-01 00:16 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-01 00:16 . 2008-06-24 16:43 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2009-07-01 00:16 . 2009-03-21 14:06 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-07-01 00:16 . 2009-02-03 19:59 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-07-01 00:16 . 2009-06-03 19:09 1291264 -c----w- c:\windows\system32\dllcache\quartz.dll
2009-07-01 00:16 . 2008-07-07 20:26 253952 -c----w- c:\windows\system32\dllcache\es.dll
2009-07-01 00:16 . 2008-12-05 06:54 144896 -c----w- c:\windows\system32\dllcache\schannel.dll
2009-07-01 00:10 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-07-01 00:09 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-01 00:08 . 2008-04-14 00:11 48640 ------w- c:\windows\system32\dhcpqec.dll
2009-07-01 00:07 . 2008-06-17 19:02 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2009-06-30 22:19 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-30 19:10 . 2009-06-30 19:10 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Help
2009-06-30 19:05 . 2009-06-30 19:05 -------- d-----w- c:\program files\MasterSplitter
2009-06-30 19:01 . 2009-06-30 19:01 87608 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ezpinst.exe
2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-30 19:01 . 2009-06-30 19:01 47360 ----a-w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\pcouffin.sys
2009-06-30 19:01 . 2009-06-30 19:01 -------- d-----w- c:\program files\vso
2009-06-30 18:46 . 2009-06-30 18:46 -------- d-----w- c:\program files\Ahead
2009-06-30 06:59 . 2009-07-01 02:18 -------- d-----w- c:\program files\Unlocker
2009-06-30 06:56 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\WinZip
2009-06-30 06:55 . 2009-06-30 06:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-06-30 06:29 . 2009-06-30 07:28 -------- d-----w- c:\program files\Collectorz.com
2009-06-30 06:17 . 2009-06-30 06:17 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Local Settings\Application Data\Collectorz.com
2009-06-30 03:22 . 2009-06-30 03:22 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SlySoft
2009-06-30 03:20 . 2009-06-30 06:21 -------- d-----w- c:\program files\SlySoft
2009-06-30 02:12 . 2009-06-30 02:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Elaborate Bytes
2009-06-30 02:08 . 2009-06-30 06:21 -------- d-----w- c:\program files\Elaborate Bytes
2009-06-30 02:06 . 2004-03-22 18:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-06-30 01:51 . 2009-06-30 01:51 -------- d-----w- c:\program files\Nero
2009-06-30 01:41 . 2009-06-30 01:41 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\AdobeUM
2009-06-30 01:27 . 2009-06-30 01:27 -------- d-----w- c:\program files\Macromedia
2009-06-30 00:09 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-30 00:09 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-30 00:09 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-30 00:09 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-30 00:09 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-30 00:09 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-30 00:09 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-30 00:09 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-30 00:09 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-30 00:09 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-30 00:09 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-06-30 00:09 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-06-29 23:56 . 2009-06-29 23:56 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-29 01:06 . 2009-06-29 01:06 -------- d-----w- c:\program files\MSXML 6.0
2009-06-29 00:57 . 2009-07-16 01:49 -------- d-----w- c:\windows\$hf_mig$
2009-06-28 02:33 . 2009-06-28 02:33 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\ESTSoft
2009-06-27 23:52 . 2009-06-27 23:52 -------- d-----w- c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Symantec
2009-06-27 23:32 . 2009-07-05 16:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 23:32 . 2009-07-05 16:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 01:18 . 2009-06-27 02:58 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-30 02:11 . 2009-06-30 02:09 48 --sha-w- c:\windows\S96F82252.tmp
2009-06-27 03:13 . 2009-06-27 03:13 184 ----a-w- c:\windows\system32\e000001.dat
2009-06-27 02:54 . 2009-06-25 06:51 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-25 06:56 . 2009-06-25 06:56 -------- d-----w- c:\program files\microsoft frontpage
2009-06-16 14:36 . 2007-09-20 05:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2007-09-20 05:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2007-09-20 05:17 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-03 03:00 . 2009-06-30 00:59 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_16.31.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-17 15:17 . 2009-07-17 15:17 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-07-17 15:17 . 2009-07-17 15:17 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
+ 2009-07-17 01:13 . 2009-07-17 01:13 16384 c:\windows\Temp\Perflib_Perfdata_544.dat
+ 2009-07-17 15:17 . 2009-07-17 15:17 16384 c:\windows\Temp\Perflib_Perfdata_4f8.dat
+ 2004-08-04 12:00 . 2009-07-17 01:17 77316 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-07-13 18:27 77316 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-07-17 01:17 473296 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-07-13 18:27 473296 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-30 5828608]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]
"Norton Ghost 12.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2007-03-29 2037352]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-6-29 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-25 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [7/4/2009 3:39 PM 40464]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/1/2009 2:36 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/29/2009 8:09 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/29/2009 8:09 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:36]
.
.
------- Supplementary Scan -------
.
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\Randy Williams.RANDYSCOMPUTER\Application Data\Mozilla\Firefox\Profiles\lhbgqiib.default\
FF - prefs.js: browser.search.selectedEngine - qtl
FF - prefs.js: browser.startup.homepage - msn.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 11:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2608)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-17 11:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-17 15:30
ComboFix2.txt 2009-07-16 16:34

Pre-Run: 146,900,692,992 bytes free
Post-Run: 146,861,903,872 bytes free

274 --- E O F --- 2009-07-16 01:49



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------



Here's the Malwarebytes log.

Malwarebytes' Anti-Malware 1.38
Database version: 2373
Windows 5.1.2600 Service Pack 3

7/17/2009 11:57:24 AM
mbam-log-2009-07-17 (11-57-24).txt

Scan type: Quick Scan
Objects scanned: 110771
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

YOUR VERSION
Malwarebytes' Anti-Malware 1.38
Database version: 2373

CURRENT VERSION
Malwarebytes' Anti-Malware 1.39
Database version: 2452

Please UPDATE MBAM and do another Quick Scan

Update and Scan with Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
• Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
  
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
• When the update is complete, select the Scanner tab
• Select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Then post back the MBAM log on your next reply.

Here it is:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/17/2009 6:29:25 PM
mbam-log-2009-07-17 (18-29-25).txt

Scan type: Quick Scan
Objects scanned: 82762
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Getting closer. You got the Engine updated but the defs are still a bit behind.


YOUR VERSION
Malwarebytes' Anti-Malware 1.39
Database version: 2421


CURRENT VERSION
Malwarebytes' Anti-Malware 1.39
Database version: 2453

Please check for updates again and the DB should update to that version, if not then let me know.

Sorry about that. Here it is:

Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/17/2009 7:18:20 PM
mbam-log-2009-07-17 (19-18-20).txt

Scan type: Quick Scan
Objects scanned: 83799
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Looks good. How is the computer running now?
Are there still any signs of an infection?

Please run the following and then update your Anti-Virus and scan with it too.


STEP A

Uninstall ComboFix.exe

• Click START then RUN
• Now type Combofix /u (if you renamed Combofix.exe use that name instead) in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

• 

• When shown the disclaimer, Select "2"

Remove this folder C:\QooBox if the uninstall instructions don't work and delete Combofix.exe AND check your system time and reset if needed

I had already moved the ComboFix icon to the trash and emptied so the command prompt didn't find it. I deleted the QooBox folder.

Avast! was up to date. I scanned and found nothing.

I am not experiencing any odd behavior and was not before I posted. It was just that when I scanned with Malwarebytes Anti-Malware and it found 2 registry key entries for "Rogue.WinAntiVirus" that I became concerned. Those are now gone, of course.

Since you had me run a ComboFix file that got rid of the yProxy program, was the "Rogue.WinAntiVirus" something that came with my recent re- installation of yProxy? Or are the two unrelated? If unrelated, what was the problem that you saw with yProxy that made you to think it should be deleted?

Thanks for the help in solving my issue.

Some sites reported that it came with unwanted stuff so I had you remove it. Now that you're clean if you want to put it back that's up to you.

Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Remove all but the most recent Restore Point on Windows XP

You should Create a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• If the shortcut is missing you can also click on START > RUN > and type in %SystemRoot%\system32\restore\rstrui.exe and click OK
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
• Give the new Restore Point a name, then click "Create".
• The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use the Disk Cleanup to remove all but the most recently created Restore Point.
• Go to Start > Run and type: Cleanmgr.exe
• Select the drive where Windows is installed and click "Ok". Disk Cleanup will scan your files for several minutes, then open.
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
• Click Yes, then click Ok.
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
• Disk Cleanup will remove the files and close automatically.
• On the Disk Cleanup tab, if the System Restore: Obsolete Data Stores entry is available remove them also.
• These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.

Additional information
Microsoft KB article: How to turn off and turn on System Restore in Windows XP
Bert Kinney's site: All about Windows System Restore

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install hpHosts
Download it from here
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,
tracking and malicious websites. This prevents your computer from connecting to these untrusted sites
by redirecting them to 127.0.0.1 which is your own local computer.
hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.
I recommend Online Armor Free

A little outdated but good reading on how to prevent Malware

Keep safe online and happy surfing.



Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org

I just downloaded WinPatrol. When I installed it Spybot gave me an alert which said:

Spybot has encountered and terminated a process that is listed as part of a malicious software.

ProcessID: 2844
Filename: wpsetup.exe
Found in: c:\Documents and Settings...
Identified as: Win32.Agent.ju

If Spybot encounters this process again...

*Inform me again (I left this option checked)

I said OK to a checked box labeled 'Delete the associated file'.



Is this Spybot recognizing WinPatrol and erroneously thinking it is malicious? Or has something bad come along with the WinPatrol install?

It's Spybot trying to make sure nothing gets on. You need to tell Spybot it's okay if you want to run WinPatrol, though some of the features of WinPatrol may conflict with Spybot so you may have to fine tune the both of them to play well with each other.

In Spybot on the 'Ignore products' list, I do not find WinPatrol. I do find Win32.Agent.ju on the list (categorized as a Trojan), which is what Spybot identified when I installed WinPatrol. Should I tell Spybot to ignore Win32.Agent by checking its box on the 'Ignore products' list or will doing so make me vulnerable to Trojans with that designation that are not associated with WinPatrol?

Wish I could be more help on that but I don't use Spybot myself. You might be able to get some assistance either from the Spybot or the WinPatrol site. These two products seem to cross boundaries on offering some of the same features and that's probably whats causing the issue.

Okay. Thanks again.