windows antivirus pro & home antivirus 2010 REMOVAL

I have done what you told me, I have a report, What do you want me to do with it? It is all over? the inernet explorer icon is not working, I have to use Mozilla firefox.

should I install the Malwarebytes AntiMalware and run it? What Shouls I do?

Post the report here please.

The report is to big therefore I have to send it in two parts, here is the first part:

ComboFix 09-08-04.01 - Rocio 08/04/2009 16:03.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2340 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\asikuzexit.bat
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\avon.db
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\divano.dl
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\fasogogo.bin
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\oxisu.dll
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\paqypi.exe
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\rirotili.pif
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\teqewep.bin
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\texanemeh.dat
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\ucukyriw.vbs
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\uwip.scr
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\ykyvuzima.scr
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\zexozato.dll
C:\p2hhr.bat
C:\phdtsk.exe
c:\program files\INSTALL.LOG
c:\program files\Microsoft Office\WINWORD.EXE
c:\windows\braviax.exe
c:\windows\Installer\31bf4f.msi
c:\windows\Installer\3a21477.msp
c:\windows\Installer\3a21478.msp
c:\windows\Installer\3a21479.msp
c:\windows\Installer\3a2147a.msp
c:\windows\Installer\3a2147b.msp
c:\windows\Installer\3a2147c.msp
c:\windows\Installer\3a2147d.msp
c:\windows\Installer\3a2147e.msp
c:\windows\Installer\3a2147f.msp
c:\windows\Installer\8c849a6.msp
c:\windows\Installer\8c849a7.msp
c:\windows\Installer\8c849a8.msp
c:\windows\Installer\8c849a9.msp
c:\windows\Installer\8c849aa.msp
c:\windows\Installer\8c849ab.msp
c:\windows\Installer\8c849ac.msp
c:\windows\Installer\8c849ad.msp
c:\windows\Installer\8c849ae.msp
c:\windows\Installer\b9018.msp
c:\windows\Installer\b9020.msp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\xidbbfyz.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ghaf8jkdfd.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

Infected copy of c:\windows\system32\netlogon.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netlogon.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:43 . 2009-08-04 14:43 12212 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
2009-08-04 14:43 . 2009-08-04 14:43 10093 ----a-w- c:\windows\system32\akeveloh.bin
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-03 12:41 . 2009-08-03 12:41 10323 ----a-w- c:\windows\nuperyvy.dll
2009-08-03 12:41 . 2009-08-03 12:41 15552 ----a-w- c:\windows\cacegyna.dll
2009-08-03 12:41 . 2009-08-03 12:41 11595 ----a-w- c:\documents and settings\All Users\Application Data\vytyx.bat
2009-08-03 12:41 . 2009-08-03 12:41 11461 ----a-w- c:\windows\system32\azymydo.reg
2009-08-03 12:41 . 2009-08-03 12:41 10086 ----a-w- c:\windows\zawe.dll
2009-08-02 12:58 . 2009-08-02 12:58 19443 ----a-w- c:\windows\system32\jecu.bat
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 16241 ----a-w- c:\documents and settings\All Users\Application Data\nejyfazado.scr
2009-08-02 12:58 . 2009-08-02 12:58 16036 ----a-w- c:\windows\system32\zudi.vbs
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-02 12:58 . 2009-08-02 12:58 12402 ----a-w- c:\windows\rufofukuhi.dll
2009-08-02 12:58 . 2009-08-02 12:58 11399 ----a-w- c:\windows\system32\punece.scr
2009-08-02 12:58 . 2009-08-02 12:58 11376 ----a-w- c:\windows\cydule.sys
2009-08-02 12:58 . 2009-08-02 12:58 10065 ----a-w- c:\program files\Common Files\sorylawa.dll
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-01 14:12 . 2009-08-01 14:12 19839 ----a-w- c:\windows\system32\sudypy.bat
2009-08-01 14:12 . 2009-08-01 14:12 18418 ----a-w- c:\windows\ywodi.pif
2009-08-01 14:12 . 2009-08-01 14:12 17126 ----a-w- c:\windows\syguki.pif
2009-08-01 14:12 . 2009-08-01 14:12 15956 ----a-w- c:\windows\jiqowomyki.com
2009-08-01 14:12 . 2009-08-01 14:12 15856 ----a-w- c:\documents and settings\Rocio\Application Data\bimynano.com
2009-08-01 14:12 . 2009-08-01 14:12 14930 ----a-w- c:\windows\gynupasiq.sys
2009-08-01 14:12 . 2009-08-01 14:12 14032 ----a-w- c:\windows\ecenuqaje.vbs
2009-08-01 14:12 . 2009-08-01 14:12 13653 ----a-w- c:\windows\xironyg.dat
2009-07-31 18:43 . 2009-07-31 19:06 65536 ----a-w- c:\windows\system32\desot.exe
2009-07-31 18:43 . 2009-07-31 19:06 64 ----a-w- c:\windows\ppp4.dat
2009-07-31 18:43 . 2009-07-31 19:06 2 ----a-w- c:\windows\ppp3.dat
2009-07-31 18:43 . 2009-07-31 19:04 827392 ----a-w- c:\windows\system32\dddesot.dll
2009-07-31 18:43 . 2009-07-31 18:43 36 ----a-w- c:\windows\system32\sysnet.dat
2009-07-31 18:43 . 2009-07-31 18:43 176128 ----a-w- c:\windows\svchast.exe
2009-07-31 18:38 . 2009-07-31 18:38 69640 ----a-w- C:\abgcty.exe
2009-07-31 18:38 . 2009-07-31 18:38 12288 ----a-w- C:\jeooxqma.exe
2009-07-31 18:38 . 2009-07-31 18:38 22016 ----a-w- C:\cpakfja.exe
2009-07-31 18:38 . 2009-07-31 18:38 19456 ----a-w- C:\njeoahhq.exe
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-06 15:42 . 2009-08-03 12:45 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 20:00 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 19:42 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-08-01 14:12 . 2009-08-01 14:12 18848 ----a-w- c:\program files\Common Files\sogety.inf
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 14:32 . 2009-07-01 18:30 -------- d-----w- c:\program files\drv
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-26 18:58 . 2009-06-26 18:58 -------- d-----w- c:\documents and settings\Rocio\Application Data\rfeshmqh
2009-06-22 15:51 . 2009-06-22 15:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\rfeshmqh
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-07 15:32 . 2004-08-10 16:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-02 19:54 . 2009-01-02 19:54 21747397 ----a-w- c:\program files\sw65demo.exe
2009-07-30 11:26 . 2009-08-04 18:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

This is the second part of the report:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
""=
"8085:TCP"= 8085:TCP:drv

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S1 is-HVF13drv;is-HVF13drv;c:\windows\system32\DRIVERS\90736237.sys --> c:\windows\system32\DRIVERS\90736237.sys [?]
S1 is-N9611drv;is-N9611drv;c:\windows\system32\DRIVERS\92592820.sys --> c:\windows\system32\DRIVERS\92592820.sys [?]
S1 is-UC7V3drv;is-UC7V3drv;c:\windows\system32\DRIVERS\30970194.sys --> c:\windows\system32\DRIVERS\30970194.sys [?]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 FLDNRUYYPGBPE;FLDNRUYYPGBPE;c:\docume~1\Rocio\LOCALS~1\Temp\FLDNRUYYPGBPE.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\FLDNRUYYPGBPE.exe [?]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]
S3 KLWCEKNLF;KLWCEKNLF;c:\docume~1\Rocio\LOCALS~1\Temp\KLWCEKNLF.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\KLWCEKNLF.exe [?]
S3 KN;KN;c:\docume~1\Rocio\LOCALS~1\Temp\KN.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\KN.exe [?]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rvprkney

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-04 16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 20:13

Pre-Run: 163,002,667,008 bytes free
Post-Run: 163,818,901,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

381 --- E O F --- 2009-07-31 21:22

I have ran the Malwarebytes AntiMalware and detected 15 viruses and got read of them. I guess this is over, and my computer is working fine, except for the internet explorer.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
c:\windows\system32\akeveloh.bin
c:\windows\nuperyvy.dll
c:\windows\cacegyna.dll
c:\documents and settings\All Users\Application Data\vytyx.bat
c:\windows\system32\azymydo.reg
c:\windows\zawe.dll
c:\windows\system32\jecu.bat
c:\documents and settings\All Users\Application Data\nejyfazado.scr
c:\windows\system32\zudi.vbs
c:\windows\rufofukuhi.dll
c:\windows\system32\punece.scr
c:\windows\cydule.sys
c:\program files\Common Files\sorylawa.dll
c:\windows\system32\sudypy.bat
c:\windows\ywodi.pif
c:\windows\syguki.pif
c:\windows\jiqowomyki.com
c:\documents and settings\Rocio\Application Data\bimynano.com
c:\windows\gynupasiq.sys
c:\windows\ecenuqaje.vbs
c:\windows\xironyg.dat
c:\windows\system32\desot.exe
c:\windows\ppp4.dat
c:\windows\ppp3.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\sysnet.dat
c:\windows\svchast.exe
C:\abgcty.exe
C:\jeooxqma.exe
C:\cpakfja.exe
C:\njeoahhq.exe
c:\program files\Common Files\sogety.inf
c:\program files\sw65demo.exe

Folder::
c:\program files\drv
c:\documents and settings\Rocio\Application Data\rfeshmqh
c:\documents and settings\NetworkService\Application Data\rfeshmqh

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

Driver::
is-HVF13drv
is-N9611drv
is-UC7V3drv
FLDNRUYYPGBPE
KLWCEKNLF
KN
yeddef

NetSvcs::
rvprkney

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Again, the report is too big and I need to send it in two parts:

ComboFix 09-08-04.04 - Rocio 08/06/2009 9:45.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2314 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rocio\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
* Created a new restore point

FILE ::
"C:\abgcty.exe"
"C:\cpakfja.exe"
"c:\documents and settings\All Users\Application Data\nejyfazado.scr"
"c:\documents and settings\All Users\Application Data\vytyx.bat"
"c:\documents and settings\Rocio\Application Data\bimynano.com"
"c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin"
"C:\jeooxqma.exe"
"C:\njeoahhq.exe"
"c:\program files\Common Files\sogety.inf"
"c:\program files\Common Files\sorylawa.dll"
"c:\program files\sw65demo.exe"
"c:\windows\cacegyna.dll"
"c:\windows\cydule.sys"
"c:\windows\ecenuqaje.vbs"
"c:\windows\gynupasiq.sys"
"c:\windows\jiqowomyki.com"
"c:\windows\nuperyvy.dll"
"c:\windows\ppp3.dat"
"c:\windows\ppp4.dat"
"c:\windows\rufofukuhi.dll"
"c:\windows\svchast.exe"
"c:\windows\syguki.pif"
"c:\windows\system32\akeveloh.bin"
"c:\windows\system32\azymydo.reg"
"c:\windows\system32\dddesot.dll"
"c:\windows\system32\desot.exe"
"c:\windows\system32\jecu.bat"
"c:\windows\system32\punece.scr"
"c:\windows\system32\sudypy.bat"
"c:\windows\system32\sysnet.dat"
"c:\windows\system32\zudi.vbs"
"c:\windows\xironyg.dat"
"c:\windows\ywodi.pif"
"c:\windows\zawe.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\nejyfazado.scr
c:\documents and settings\All Users\Application Data\vytyx.bat
c:\documents and settings\NetworkService\Application Data\rfeshmqh
c:\documents and settings\NetworkService\Application Data\rfeshmqh\profiles.ini
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\cert8.db
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\key3.db
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\prefs.js
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\secmod.db
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\rfeshmqh\Profiles\bmpmagkd.default\xpti.dat
c:\documents and settings\Rocio\Application Data\bimynano.com
c:\documents and settings\Rocio\Application Data\rfeshmqh
c:\documents and settings\Rocio\Application Data\rfeshmqh\profiles.ini
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\cert8.db
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\compatibility.ini
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\compreg.dat
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\cookies.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\formhistory.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\key3.db
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\localstore.rdf
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\permissions.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\places.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\pluginreg.dat
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\prefs.js
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\secmod.db
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\webappsstore.sqlite
c:\documents and settings\Rocio\Application Data\rfeshmqh\Profiles\fs04dwsg.default\xpti.dat
c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
c:\program files\Common Files\sogety.inf
c:\program files\Common Files\sorylawa.dll
c:\program files\drv
c:\program files\sw65demo.exe
c:\windows\cacegyna.dll
c:\windows\cydule.sys
c:\windows\ecenuqaje.vbs
c:\windows\gynupasiq.sys
c:\windows\jiqowomyki.com
c:\windows\nuperyvy.dll
c:\windows\rufofukuhi.dll
c:\windows\syguki.pif
c:\windows\system32\akeveloh.bin
c:\windows\system32\azymydo.reg
c:\windows\system32\jecu.bat
c:\windows\system32\punece.scr
c:\windows\system32\sudypy.bat
c:\windows\system32\zudi.vbs
c:\windows\xironyg.dat
c:\windows\ywodi.pif
c:\windows\zawe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FLDNRUYYPGBPE
-------\Legacy_IS-HVF13DRV
-------\Legacy_IS-N9611DRV
-------\Legacy_IS-UC7V3DRV
-------\Legacy_KLWCEKNLF
-------\Legacy_KN
-------\Service_FLDNRUYYPGBPE
-------\Service_is-HVF13drv
-------\Service_is-N9611drv
-------\Service_is-UC7V3drv
-------\Service_KLWCEKNLF
-------\Service_KN
-------\Service_yeddef


((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-04 20:48 . 2009-08-04 20:48 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 20:47 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 20:47 . 2009-08-04 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 20:47 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 13:56 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-06 13:56 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:45 . 2009-07-06 15:42 -------- d-----w- c:\program files\Trend Micro
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys

and the second part is:

((((((((((((((((((((((((((((( SnapShot@2009-08-04_20.09.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 13:52 . 2009-08-06 13:52 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
+ 2009-08-05 17:46 . 2009-08-05 17:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
""=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rvprkney

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(204)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-06 10:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 14:00
ComboFix2.txt 2009-08-04 20:13

Pre-Run: 163,780,640,768 bytes free
Post-Run: 163,705,524,224 bytes free

382 --- E O F --- 2009-07-31 21:22

should I keep all this report in my computer or I can delete them?

Hello.
Just one more script, then that should do it.

Now open a new notepad file.
Input this into the notepad file:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
""=-

NetSvc::
rvprkney

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Like before, I will send the report in two parts, here is the first:

ComboFix 09-08-04.04 - Rocio 08/06/2009 14:53.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2339 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Rocio\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-04 20:48 . 2009-08-04 20:48 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 20:47 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 20:47 . 2009-08-04 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-04 20:47 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 18:56 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-06 13:56 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:45 . 2009-07-06 15:42 -------- d-----w- c:\program files\Trend Micro
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-04_20.09.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-06 13:52 . 2009-08-06 13:52 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat
+ 2009-08-05 17:46 . 2009-08-05 17:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-12 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.

and the second part is:

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 14:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1076)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(584)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2009-08-06 14:58
ComboFix-quarantined-files.txt 2009-08-06 18:58
ComboFix2.txt 2009-08-06 14:00
ComboFix3.txt 2009-08-04 20:13

Pre-Run: 163,798,278,144 bytes free
Post-Run: 163,774,775,296 bytes free

255 --- E O F --- 2009-07-31 21:22

Hello.
Last few files to get rid of.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\documents and settings\All Users\Application Data\rotimaje.pif
  c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
  c:\program files\Common Files\zeba.sys
  c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
  c:\documents and settings\Rocio\Application Data\ytenuj.dat
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\documents and settings\All Users\Application Data\rotimaje.pif moved successfully.
c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg moved successfully.
c:\program files\Common Files\zeba.sys moved successfully.
c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat moved successfully.
c:\documents and settings\Rocio\Application Data\ytenuj.dat moved successfully.

OTM by OldTimer - Version 3.0.0.5 log created on 08062009_160634

What about my internet explores, it will work now or i should reinstall it?

Do the following:


Press Start > Run.
Type in cmd, then press enter.

At the DOS prompt execute the following commands, one by one.
Press the enter key after each entry.

regsvr32 urlmon.dll
regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Actxprxy.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll
regsvr32 Shell32.dll

Type Exit press enter to return the operating mode.

Reboot normally.

Is Internet Explorer available now?

I followed all your instructions, but the Msjava.dll failed (the message said: the specified module could not be found) and the Mshtml.dll ( was located but the DLL registry server entry point was not found. this file cannot be registered) and I don't have internet yet.

Does Internet Explorer work, just no connection?

I am using firefox now. Should I reinstall it? or what else should I do now? and thanks for all your help.

Yes, try re-installing it.

Thank you very much for all your time and help, but I tried to unistall the internet and I couldn't. Internet explorer is not in add or remove programas, I followed windows support and it does not work. Should I use the Mozilla or You can help to repair internet explorer?

Use Mozilla, lets not mess about with Internet Explorer.

One last question, should I keep all the downloads like Combo-fix, Otm, etc...?

No, delete them.