No desktop icons or windows toolbar available

Hello,

I have downloaded a virus disguised as an anti-virus named Protection systems. I can only access my programs through task manager except for windows explorer. I have downloaded Anti-Malware but it will not run and I have downloaded HijackThis but it will not install. Please help!!!

Hi

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Here are the results from Download Mirror:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:49 on 20/09/2009 by Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [02:24 02/09/2008] [07:56 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [11:02 21/03/2005] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [20:43 16/07/2003] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [02:24 02/09/2008] [07:56 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [11:01 21/03/2005] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [20:38 16/07/2003] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [02:24 02/09/2008] [07:56 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [11:01 21/03/2005] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 62464 bytes [20:28 16/07/2003] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "winlogon.exe"
C:\Documents and Settings\Owner\Local Settings\Temp\winlogon.exe ---h-- 22532 bytes [22:49 06/09/2009] [22:49 06/09/2009] 51863B836BF6DF1D8ED7DAF0632E43C4
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe -----c 502272 bytes [02:24 02/09/2008] [07:56 04/08/2004] 01C3346C241652F43AED8E2149881BFE
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe ------ 507904 bytes [11:02 21/03/2005] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a--- 507904 bytes [20:51 16/07/2003] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E

Searching for "comres.dll"
C:\WINDOWS\$NtServicePackUninstall$\comres.dll -----c 792064 bytes [02:25 02/09/2008] [07:56 04/08/2004] 6728270CB7DBB776ED086F5AC4C82310
C:\WINDOWS\ServicePackFiles\i386\comres.dll ------ 792064 bytes [11:00 21/03/2005] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D
C:\WINDOWS\system32\comres.dll --a--- 792064 bytes [20:25 16/07/2003] [00:11 14/04/2008] 1280A158C722FA95A80FB7AEBE78FA7D

Searching for "crypt32.dll"
C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll -----c 597504 bytes [02:25 02/09/2008] [07:56 04/08/2004] EFC958396A7A7EF7E6D4A52B97512E18
C:\WINDOWS\ServicePackFiles\i386\crypt32.dll ------ 599040 bytes [11:01 21/03/2005] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77
C:\WINDOWS\system32\crypt32.dll --a--- 599040 bytes [21:18 20/03/2003] [00:11 14/04/2008] BDAAF79DD63F194434D31A74B9BB8B77

Searching for "gpedit.dll"
No files found.

Searching for "rundll32.exe"
C:\WINDOWS\$NtServicePackUninstall$\rundll32.exe -----c 33280 bytes [02:24 02/09/2008] [07:56 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------ 33280 bytes [11:02 21/03/2005] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [20:43 16/07/2003] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6

Searching for "sfc.dll"
C:\WINDOWS\$NtServicePackUninstall$\sfc.dll -----c 5120 bytes [02:24 02/09/2008] [07:56 04/08/2004] E8A12A12EA9088B4327D49EDCA3ADD3E
C:\WINDOWS\ServicePackFiles\i386\sfc.dll ------ 5120 bytes [11:02 21/03/2005] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3
C:\WINDOWS\system32\sfc.dll --a--- 5120 bytes [20:44 16/07/2003] [00:12 14/04/2008] 96E1C926F22EE1BFBAE82901A35F6BF3

Searching for "svchost.exe"
C:\WINDOWS\$NtServicePackUninstall$\svchost.exe -----c 14336 bytes [02:24 02/09/2008] [07:56 04/08/2004] 8F078AE4ED187AAABC0A305146DE6716
C:\WINDOWS\ServicePackFiles\i386\svchost.exe ------ 14336 bytes [11:02 21/03/2005] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\svchost.exe --a--- 14336 bytes [20:47 16/07/2003] [00:12 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

-=End Of File=-

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

==

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

==

Please post the log from The Avenger and the Malwarebytes log in your next reply.

Two issues:

1. I was able to get Avenger to run but there is no text file in the folder after I executed and reboot.

2. I was able to install Malwarebytes Anti-Malware but it will not run.

Hi

!! NOTICE: This instruction is for this user only. If you are a lurker reading this, do not attempt it. !!

Please navigate to C:\Program Files\Malwarebytes' Anti-Malware and attempt to rename it to iexplore.exe
Then, double-click that to launch MBAM. Attempt to run a scan, and post the results in your next reply. If you cannot run the scan, please let me know.

Thanks that worked. Here are the results from MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 2797
Windows 5.1.2600 Service Pack 3

9/28/2009 9:12:26 PM
mbam-log-2009-09-28 (21-12-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 291898
Time elapsed: 2 hour(s), 1 minute(s), 3 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 11
Registry Data Items Infected: 8
Folders Infected: 3
Files Infected: 53

Memory Processes Infected:
C:\WINDOWS\svchasts.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e2121ee-0300-11d4-8d3b-444553540000} (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\cleanup (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5e2121ee-0300-11d4-8d3b-444553540000} (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ytuxasewisura (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: fipwis40.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\fipwis40.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\svchasts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dddesot.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\awdym.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\bfcxn.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\kfuiw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Avenger\eventlog.dll (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1244894202.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1486205876.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\2FE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\msupd_2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ueja73hkjd.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\winlogon.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zoe A. Jones\Desktop\CursorManiaSetup2.3.50.45.ZCman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zoe A. Jones\Desktop\MyFunCardsSetup2.3.50.45.ZUman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zoe A. Jones\Desktop\ZwinkySetup2.2.60.6.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Zoe A. Jones\Desktop\ZwinkySetup2.3.50.45.ZJman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\psystem.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-57989841-606747145-725345543-1003\Dc4.exe (Antivirus2009) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-57989841-606747145-725345543-1003\Dc5\tmp\dbsinit.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tapi.nfo (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wingenocx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\blacklist.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\core.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\coreext.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\firewall.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\help.ico (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Program Files\Protection System\uninstall.exe (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\desote.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\atozibecerisuba.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Hi

Your logs reveal an information stealing trojan. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation as soon as possible.

If you do not have access to a known clean computer, you will still need to change your passwords, and all other sensitive information, but only once your system is deemed clean.

==

Please download ComboFix by sUBs
Link 1: Forospyware.com or Link 2: BleepingComputer.com

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  
• It is important to rename ComboFix before the download.
  
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
  
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
  

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
  
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" in your next reply.
  

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

I followed the steps and ran ComboFix. The PC rebooted but I cannot find the text file in the path C:\Combo-Fix.txt

Restore Permissions for explorer.exe

Please download Inherit by sUBs

1. Drag and drop explorer.exe onto Inherit
   
2. This shall restore permissions to the application
   
3. The application should now run normally
   

Please indicate in your next post if this was successful.

**Do not run explorer.exe unless I have directed you to do so**

I have downloaded the Inherit program. I followed your instructions and I can now see the icon for explorer.exe and the "my computer" icon is visible.

I have since rebooted my PC and my desktop icons have reappeared. Combo Fix ran automatically and it asked me to select "Normal Starup" instead of "Selective Startup". Please let me know what to do next.

Thanks for your help in this journey.

Hi

Can you find the log for ComboFix?

If so, please post it in your next reply.

Please download SpiderKill and save it to your Desktop.

• Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
  
• Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
  
• Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

Here is the Combo Fix log

ComboFix 09-09-28.01 - Owner 09/28/2009 23:11.1.1 - NTFSx86
Running from: c:\documents and settings\Owner\My Documents\Downloads\svchost.exe.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1001829228
C:\cleanup.exe
c:\docume~1\Owner\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\All Users\Application Data\aqypomepu.dll
c:\documents and settings\All Users\Application Data\badegiwir.bin
c:\documents and settings\All Users\Application Data\jecicekube.exe
c:\documents and settings\All Users\Documents\arus.reg
c:\documents and settings\All Users\Documents\fupy.exe
c:\documents and settings\Owner\Application Data\gulehe._dl
c:\documents and settings\Owner\Cookies\ladibi.pif
c:\documents and settings\Owner\Cookies\udymowupy.lib
c:\documents and settings\Owner\Local Settings\Application Data\eqazupizit.dl
c:\documents and settings\Owner\Local Settings\Application Data\gijisec.dl
c:\documents and settings\Owner\Local Settings\Application Data\ufowigov.bin
c:\documents and settings\Owner\Local Settings\Application Data\zipiq.exe
C:\p2hhr.bat
c:\program files\Common Files\gibib.bin
c:\program files\Common Files\iwohit.pif
c:\program files\Common Files\otobykage.ban
c:\program files\Common Files\uvanoxaz.bin
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Installer\2d7b60f8.msi
c:\windows\Installer\2d7b60fe.msi
c:\windows\Installer\2d7b6104.msi
c:\windows\Installer\4b143ae.msi
c:\windows\odihywuhat.reg
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\UACyirrnkvevu.sys
c:\windows\system32\UACbovbakwtoi.dll
c:\windows\system32\UACdbyletqxyv.dll
c:\windows\system32\UACjjmnpadtak.dat
c:\windows\system32\UACosccdatnam.dll
c:\windows\system32\UACslaryhiyen.dll
c:\windows\system32\ufaxu.bin
c:\windows\system32\umuzu.bat
c:\windows\system32\uqumygabev.bin
c:\windows\xidaqom.bat
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACd.sys
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-02 18:44 . 2009-10-02 18:40 85504 ----a-w- c:\windows\Inherit.exe
2009-09-28 23:09 . 2009-09-28 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-28 00:53 . 2009-09-28 00:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2009-09-28 00:39 . 2009-09-28 00:39 574 -c--a-w- C:\cleanup.bat
2009-09-28 00:39 . 2009-09-28 00:39 135168 -c--a-w- C:\zip.exe
2009-09-28 00:32 . 2009-09-28 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-09-28 00:32 . 2009-09-28 00:32 -------- d-----w- c:\program files\Uniblue
2009-09-28 00:32 . 2009-09-28 00:32 -------- dc----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-12 17:04 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 17:04 . 2009-09-28 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 17:04 . 2009-09-12 17:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-12 17:04 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 18:04 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-05 18:04 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-09-05 18:04 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-05 18:04 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-09-05 18:04 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-09-05 18:04 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-09-05 18:04 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-09-05 18:04 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-09-05 00:25 . 2009-09-05 22:26 120 ----a-w- c:\windows\Fqazoheseweri.dat
2009-09-05 00:24 . 2009-09-05 00:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{885FC7B8-059C-4211-8791-C5C3BA65AFCC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 23:54 . 2009-06-30 03:15 256 ----a-w- c:\windows\system32\pool.bin
2009-09-06 22:52 . 2009-09-06 22:52 17936 -c--a-w- c:\documents and settings\All Users\Application Data\qimakub.dat
2009-09-06 22:49 . 2005-12-13 03:39 -------- d-----w- c:\program files\Plaxo
2009-09-05 00:04 . 2008-02-17 02:10 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-09-03 19:39 . 2007-12-18 23:50 -------- d-----w- c:\documents and settings\Zoe A. Jones\Application Data\HPAppData
2009-08-20 03:53 . 2006-09-05 22:38 -------- d-----w- c:\program files\PartyGaming.Net
2009-08-08 20:48 . 2009-06-07 18:08 664 ----a-w- c:\documents and settings\Zoe A. Jones\Local Settings\Application Data\d3d9caps.tmp
2009-08-05 09:01 . 2005-03-21 05:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2005-01-28 18:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 22:58 . 2008-12-29 23:21 64392 ----a-w- c:\documents and settings\Zoe A. Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------


[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\drivers\beep.sys ... is missing !!
c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"PlaxoUpdate"="c:\program files\Plaxo\3.22.0.7\PlaxoHelper_en.exe" [2009-07-10 378951]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"PlaxoSysTray"="c:\program files\Plaxo\3.22.0.7\PlaxoSysTray.exe" [2009-07-10 20480]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-27 133104]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-10 1885464]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-07 144792]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-12 11776]
"HostManager"="c:\program files\Common Files\AOL\1134444950\ee\AOLSoftware.exe" [2006-05-10 50760]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-07-07 3871744]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-03 29744]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\iexplore.exe.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-25 525640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134444950\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134444950\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;c:\windows\system32\drivers\SSFS041A.sys [7/28/2006 11:31 AM 13824]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/2/2008 8:12 PM 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-09-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-07-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-07-16 00:12]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-606747145-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 01:14]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-606747145-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 01:14]

2009-09-20 c:\windows\Tasks\wrSpySweeper20060304144544.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-07-28 21:16]

2009-09-20 c:\windows\Tasks\wrSpySweeper20060304144544.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2006-07-28 21:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: campbellsoup.com\workplacena
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-ThreadingModel - (no file)
SafeBoot-svcWRSSSDK
AddRemove-HijackThis - c:\documents and settings\Owner\My Documents\Downloads\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{860F37D0-88B9-EAFE-0DA223FC9F2D4B17}\{92B5FDE0-C227-B1B3-6D9FE8922DCBDAED}\{28D3DA4D-49F1-E4D4-1516D5318029455A}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,22,57,c3,
44,66,0c,cb,2a,bd,c4,33,a7,4b,f4,ac,37,f4,d1,3f,b7,41,3c,2b,d1,cb,7a,7f,8d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91EC4B89-4AF2-1685-8B077627C8A43419}\{2EE609D8-52A7-5ABD-6D921F70AFC106D5}\{F0CB3253-4F19-C88D-A2C81B3BBC751916}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93E6CEFD-CA56-59D1-C6A1E22689695F47}\{E62B984B-3624-15D7-6BC3102B23FA8A76}\{D0F98AA7-EDD9-94A9-9F817DE029F1BE16}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D96284CB-92E6-3E1E-196BB0273B005327}\{BCF0CDFC-4A0B-26E5-259182A4D665E8F2}\{6E248836-421D-F84C-CF6B8AC08EBF0D43}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,22,57,c3,
44,66,0c,cb,2a,bd,c4,33,a7,4b,f4,ac,37,f4,d1,3f,b7,41,3c,2b,d1,cb,7a,7f,8d,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(2056)
c:\windows\system32\WININET.dll
c:\program files\Plaxo\3.22.0.7\plx_hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Webroot\Spy Sweeper\ssu.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\HP\HP Software Update\HPWUCli.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\system32\msiexec.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-10-02 15:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 19:14

Pre-Run: 3,420,540,928 bytes free
Post-Run: 6,767,796,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

304 --- E O F --- 2009-10-02 18:38

Here is the info from Spiderkill:

SpiderKill by DragonMaster Jay ( Oct 2009 )


Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************


Volume in drive C is Local Disk
Volume Serial Number is C449-4C94

Directory of C:\Windows\System32\Drivers

10/02/2009 04:02 PM .
10/02/2009 04:02 PM ..
10/08/2003 11:11 AM 11,831 a302.sys
10/08/2003 11:11 AM 29,751 a303.sys
10/08/2003 11:11 AM 46,647 a304.sys
10/08/2003 11:11 AM 12,855 a305.sys
10/08/2003 11:11 AM 16,951 a306.sys
10/08/2003 11:11 AM 21,559 a307.sys
10/08/2003 11:11 AM 11,319 a308.sys
10/08/2003 11:11 AM 26,167 a309.sys
10/08/2003 11:12 AM 33,335 a310.sys
10/08/2003 11:12 AM 33,335 a311.sys
10/08/2003 11:12 AM 37,431 a313.sys
10/08/2003 11:12 AM 11,319 a314.sys
04/13/2008 02:36 PM 187,776 acpi.sys
07/16/2003 04:23 PM 11,648 acpiec.sys
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/01/2002 02:15 PM 4,816 aeaudio.sys
04/13/2008 12:39 PM 142,592 aec.sys
08/14/2008 06:04 AM 138,496 afd.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:40 PM 96,512 atapi.sys
08/04/2004 01:29 AM 56,623 ati1btxx.sys
08/04/2004 01:29 AM 11,615 ati1mdxx.sys
08/04/2004 01:29 AM 12,047 ati1pdxx.sys
08/04/2004 01:29 AM 30,671 ati1raxx.sys
08/04/2004 01:29 AM 63,663 ati1rvxx.sys
08/04/2004 01:29 AM 26,367 ati1snxx.sys
08/04/2004 01:29 AM 21,343 ati1ttxx.sys
08/04/2004 01:29 AM 36,463 ati1tuxx.sys
08/04/2004 01:29 AM 29,455 ati1xbxx.sys
08/04/2004 01:29 AM 34,735 ati1xsxx.sys
08/04/2004 01:29 AM 327,040 ati2mtaa.sys
08/04/2004 01:29 AM 701,440 ati2mtag.sys
08/04/2004 01:29 AM 57,856 atinbtxx.sys
08/04/2004 01:29 AM 13,824 atinmdxx.sys
08/04/2004 01:29 AM 14,336 atinpdxx.sys
08/04/2004 01:29 AM 52,224 atinraxx.sys
08/04/2004 01:29 AM 104,960 atinrvxx.sys
08/04/2004 01:29 AM 28,672 atinsnxx.sys
08/04/2004 01:29 AM 13,824 atinttxx.sys
08/04/2004 01:29 AM 73,216 atintuxx.sys
08/04/2004 01:29 AM 31,744 atinxbxx.sys
08/04/2004 01:29 AM 63,488 atinxsxx.sys
07/17/2004 02:36 PM 64,352 ativmc20.cod
04/13/2008 02:51 PM 59,904 atmarpc.sys
07/16/2003 04:24 PM 31,360 atmepvc.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
07/16/2003 04:24 PM 352,256 atmuni.sys
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
08/17/2001 09:59 AM 3,072 audstub.sys
10/02/2009 06:53 PM Avg
10/02/2009 04:01 PM 335,240 avgldx86.sys
10/02/2009 04:01 PM 27,784 avgmfx86.sys
10/02/2009 04:02 PM 108,552 avgtdix.sys
06/30/2003 07:11 PM 43,136 bcm4sbxp.sys
04/13/2008 02:46 PM 11,776 bdasup.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
06/13/2008 07:05 AM 272,128 bthport.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
07/16/2003 04:25 PM 13,952 cbidf2k.sys
04/13/2008 02:46 PM 17,024 ccdecode.sys
07/16/2003 04:27 PM 18,688 cdaudio.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
02/02/2007 04:00 AM 9,336 cdr4_xp.sys
02/02/2007 04:00 AM 9,464 cdralw2k.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
07/16/2003 04:27 PM 262,528 cinemst2.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
07/16/2003 04:27 PM 11,776 cpqdap01.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
07/18/2004 01:55 AM 129,045 cxthsfs2.cty
09/05/2009 07:44 PM disdn
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:44 PM 153,344 dmio.sys
07/16/2003 04:27 PM 5,888 dmload.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
07/16/2003 04:27 PM 10,496 dxapi.sys
04/13/2008 02:38 PM 71,168 dxg.sys
07/16/2003 04:27 PM 3,328 dxgthk.sys
10/02/2009 03:00 PM etc
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
07/16/2003 04:27 PM 12,160 fsvga.sys
07/16/2003 04:28 PM 7,936 fs_rec.sys
07/16/2003 04:28 PM 125,056 ftdisk.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
03/19/2009 04:32 PM 23,400 GEARAspiWDM.sys
07/16/2003 04:28 PM 3,440,660 gm.dls
07/16/2003 04:28 PM 646 gmreadme.txt
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
03/08/2007 12:20 AM 49,920 HPZid412.sys
03/08/2007 12:20 AM 16,496 HPZipr12.sys
03/08/2007 12:20 AM 21,568 HPZius12.sys
08/04/2004 01:41 AM 220,032 hsfbs2s2.sys
08/04/2004 01:41 AM 685,056 hsfcxts2.sys
08/04/2004 01:41 AM 1,041,536 hsfdpsp2.sys
04/13/2008 02:53 PM 264,832 http.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
10/08/2003 11:12 AM 98,842 ialmkchw.sys
10/19/2005 08:59 AM 807,998 ialmnt5.sys
10/08/2003 11:12 AM 120,830 ialmsbw.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
07/16/2003 04:30 PM 32,896 ipfltdrv.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 03:16 PM 141,056 ks.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
09/10/2009 02:53 PM 19,160 mbam.sys
09/10/2009 02:54 PM 38,224 mbamswissarmy.sys
07/16/2003 04:32 PM 7,680 mcd.sys
08/04/2004 01:41 AM 11,868 mdmxsdk.sys
04/13/2008 02:36 PM 63,744 mf.sys
07/16/2003 04:33 PM 4,224 mnmdd.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
07/16/2003 04:27 PM 12,160 mouhid.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:46 PM 15,232 mpe.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
10/24/2008 07:21 AM 455,296 mrxsmb.sys
04/13/2008 02:46 PM 51,200 msdv.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:39 PM 5,504 mstee.sys
08/04/2004 01:41 AM 126,686 mtlmnt5.sys
08/04/2004 01:41 AM 1,309,184 mtlstrm.sys
08/04/2004 01:29 AM 452,736 mtxparhm.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:46 PM 85,248 nabtsfec.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 02:46 PM 10,880 ndisip.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/15/2002 10:11 PM 67,866 netwlan5.img
04/13/2008 02:51 PM 61,824 nic1394.sys
07/16/2003 04:27 PM 12,032 nikedrv.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
08/04/2004 01:41 AM 180,360 ntmtlfax.sys
07/16/2003 04:40 PM 2,944 null.sys
08/04/2004 01:29 AM 1,897,408 nv4_mini.sys
07/16/2003 04:40 PM 12,416 nwlnkflt.sys
07/16/2003 04:40 PM 32,512 nwlnkfwd.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
07/16/2003 04:40 PM 63,232 nwlnknb.sys
07/16/2003 04:40 PM 55,936 nwlnkspx.sys
08/22/2001 09:42 AM 13,632 omci.sys
07/16/2003 04:40 PM 3,456 oprghdlr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
07/16/2003 04:41 PM 6,784 parvdm.sys
04/13/2008 02:36 PM 68,224 pci.sys
08/17/2001 02:51 PM 3,328 pciide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:56 PM 69,120 psched.sys
07/16/2003 04:42 PM 17,792 ptilink.sys
05/01/2007 03:00 AM 43,528 pxhelp20.sys
07/16/2003 04:42 PM 8,832 rasacd.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
07/16/2003 04:42 PM 16,512 raspti.sys
07/16/2003 04:42 PM 34,432 rawwan.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
07/16/2003 04:42 PM 4,224 rdpcdd.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
08/04/2004 01:41 AM 13,776 recagent.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
01/18/2007 10:24 AM 26,496 RimSerial.sys
05/31/2007 12:39 PM 22,656 RimUsb.sys
07/16/2003 04:27 PM 12,032 rio8drv.sys
07/16/2003 04:27 PM 12,032 riodrv.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
07/16/2003 04:43 PM 5,888 rootmdm.sys
11/08/2006 04:51 AM 62,336 rspndr.sys
08/04/2004 01:29 AM 166,912 s3gnbm.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
11/13/2007 06:25 AM 20,480 secdrv.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:46 PM 11,136 slip.sys
08/04/2004 01:41 AM 129,535 slnt7554.sys
08/04/2004 01:41 AM 404,990 slntamr.sys
08/04/2004 01:41 AM 95,424 slnthal.sys
08/04/2004 01:41 AM 13,240 slwdmsup.sys
04/13/2008 02:36 PM 5,888 smbali.sys
07/16/2003 04:45 PM 14,592 smclib.sys
04/08/2003 11:30 AM 3,744 smsens.sys
11/18/2003 12:38 PM 591,808 smwdm.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:36 PM 73,472 sr.sys
12/11/2008 06:57 AM 333,952 srv.sys
07/07/2006 04:41 PM 13,824 SSFS041A.sys
07/07/2006 04:41 PM 15,360 sshrmd.sys
07/07/2006 04:41 PM 117,248 ssidrv.sys
07/07/2006 04:41 PM 14,848 sskbfd.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:46 PM 15,232 streamip.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 02:40 PM 14,976 tape.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
06/20/2008 07:08 AM 225,856 tcpip6.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 40,840 termdd.sys
07/16/2003 04:27 PM 51,712 tosdvd.sys
07/16/2003 04:27 PM 21,376 tsbvcap.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:32 PM 66,048 udfs.sys
01/03/2007 12:55 AM UMDF
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
05/29/2009 01:36 PM 39,424 usbaapl.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
07/16/2003 04:49 PM 4,736 usbd.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:45 PM 15,104 usbscan.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
10/08/2003 11:12 AM 21,045 vch.sys
04/13/2008 08:12 PM 11,325 vchnt5.dll
07/16/2003 04:27 PM 58,112 vdmindvd.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
10/08/2003 11:11 AM 33,847 wa301a.sys
10/08/2003 11:11 AM 33,847 wa301b.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
08/04/2004 01:29 AM 11,807 wadv07nt.sys
08/04/2004 01:29 AM 11,295 wadv08nt.sys
08/04/2004 01:29 AM 11,871 wadv09nt.sys
08/04/2004 01:29 AM 11,935 wadv11nt.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
08/04/2004 01:29 AM 22,271 watv06nt.sys
08/04/2004 01:29 AM 25,471 watv10nt.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
07/16/2003 04:52 PM 4,352 wmilib.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
07/16/2003 04:53 PM 12,032 ws2ifsl.sys
04/13/2008 02:46 PM 19,200 wstcodec.sys
09/28/2006 07:55 PM 77,568 WudfPf.sys
09/28/2006 08:00 PM 82,944 WudfRd.sys
318 File(s) 29,276,298 bytes

Directory of C:\Windows\System32\Drivers\Avg

10/02/2009 06:53 PM .
10/02/2009 06:53 PM ..
10/02/2009 04:01 PM 6,061,540 avi7.avg
10/02/2009 06:53 PM 42,186,641 incavi.avm
10/02/2009 04:01 PM 4,566 microavi.avg
10/02/2009 04:01 PM 492,629 miniavi.avg
4 File(s) 48,745,376 bytes

Directory of C:\Windows\System32\Drivers\disdn

09/05/2009 07:44 PM .
09/05/2009 07:44 PM ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

10/02/2009 03:00 PM .
10/02/2009 03:00 PM ..
10/02/2009 03:00 PM 27 hosts
03/21/2005 02:05 AM 439 hosts.ics
07/16/2003 04:29 PM 734 hosts.msn
07/16/2003 04:32 PM 3,683 lmhosts.sam
07/16/2003 04:38 PM 407 networks
07/16/2003 04:42 PM 799 protocol
07/16/2003 04:44 PM 7,116 services
7 File(s) 13,205 bytes

Directory of C:\Windows\System32\Drivers\UMDF

01/03/2007 12:55 AM .
01/03/2007 12:55 AM ..
10/18/2006 10:47 PM 671,232 wpdmtpdr.dll
1 File(s) 671,232 bytes

Total Files Listed:
330 File(s) 78,706,111 bytes
14 Dir(s) 6,433,112,064 bytes free


***********************Hidden Drivers********************
Volume in drive C is Local Disk
Volume Serial Number is C449-4C94

Directory of C:\Windows\System32\Drivers



*********************Processes*******************







******************************************
EOF

Hi

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\windows\Fqazoheseweri.dat
   c:\documents and settings\All Users\Application Data\qimakub.dat
   
   FCopy::
   c:\windows\ServicePackFiles\i386\eventlog.dll | C:\WINDOWS\system32\eventlog.dll
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

==

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Please post the Malwarebytes and ComboFix logs in your next reply. Also, please tell me how your computer is running.

Here is the data from Combo Fix:

ComboFix 09-10-01.05 - Owner 10/03/2009 8:32.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.553 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\combofix.exe.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-03 to 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 12:32 . 2008-04-14 00:11 56320 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-10-03 12:32 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-10-03 12:27 . 2009-10-03 12:27 -------- dc----w- C:\combofix.exe
2009-10-03 00:05 . 2009-10-03 03:47 -------- dc----w- C:\$AVG8.VAULT$
2009-10-02 20:02 . 2009-10-02 20:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-02 20:02 . 2009-10-02 20:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-02 20:01 . 2009-10-02 20:01 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-02 20:01 . 2009-10-02 20:01 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-02 20:01 . 2009-10-02 22:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-02 20:01 . 2009-10-02 20:01 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-02 20:00 . 2009-10-02 20:00 -------- d-----w- c:\program files\AVG
2009-10-02 20:00 . 2009-10-02 20:00 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-02 19:49 . 2009-10-02 19:49 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-10-02 18:44 . 2009-10-02 18:40 85504 ----a-w- c:\windows\Inherit.exe
2009-09-28 23:09 . 2009-09-28 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-28 00:53 . 2009-09-28 00:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WinZip
2009-09-28 00:39 . 2009-09-28 00:39 574 -c--a-w- C:\cleanup.bat
2009-09-28 00:39 . 2009-09-28 00:39 135168 -c--a-w- C:\zip.exe
2009-09-28 00:32 . 2009-09-28 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-09-28 00:32 . 2009-09-28 00:32 -------- d-----w- c:\program files\Uniblue
2009-09-28 00:32 . 2009-09-28 00:32 -------- dc----w- c:\documents and settings\All Users\Application Data\WinZip
2009-09-12 17:04 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 17:04 . 2009-09-28 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 17:04 . 2009-09-12 17:04 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-12 17:04 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 18:04 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-05 18:04 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-09-05 18:04 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-05 18:04 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-09-05 18:04 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-09-05 18:04 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-09-05 18:04 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-09-05 18:04 . 2008-04-14 00:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-09-05 18:04 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-09-05 00:25 . 2009-09-05 22:26 120 ----a-w- c:\windows\Fqazoheseweri.dat
2009-09-05 00:24 . 2009-09-05 00:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{885FC7B8-059C-4211-8791-C5C3BA65AFCC}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 02:01 . 2009-06-30 03:15 256 ----a-w- c:\windows\system32\pool.bin
2009-10-02 22:47 . 2005-12-13 03:39 -------- d-----w- c:\program files\Plaxo
2009-10-02 20:01 . 2005-03-21 05:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-06 22:52 . 2009-09-06 22:52 17936 -c--a-w- c:\documents and settings\All Users\Application Data\qimakub.dat
2009-09-05 00:04 . 2008-02-17 02:10 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-09-03 19:39 . 2007-12-18 23:50 -------- d-----w- c:\documents and settings\Zoe A. Jones\Application Data\HPAppData
2009-08-20 03:53 . 2006-09-05 22:38 -------- d-----w- c:\program files\PartyGaming.Net
2009-08-08 20:48 . 2009-06-07 18:08 664 ----a-w- c:\documents and settings\Zoe A. Jones\Local Settings\Application Data\d3d9caps.tmp
2009-08-05 09:01 . 2005-03-21 05:30 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-07-16 20:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2005-01-28 18:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 22:58 . 2008-12-29 23:21 64392 ----a-w- c:\documents and settings\Zoe A. Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-10-02_19.00.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 04:46 . 2006-12-02 04:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-10-02 20:00 . 2009-10-02 20:00 337408 c:\windows\Installer\37c964.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"PlaxoUpdate"="c:\program files\Plaxo\3.22.0.7\PlaxoHelper_en.exe" [2009-07-10 378951]
"PhotoShow Deluxe Media Manager"="c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-22 163840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-01 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"PlaxoSysTray"="c:\program files\Plaxo\3.22.0.7\PlaxoSysTray.exe" [2009-07-10 20480]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-27 133104]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-10 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-07 144792]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2005-03-12 11776]
"HostManager"="c:\program files\Common Files\AOL\1134444950\ee\AOLSoftware.exe" [2006-05-10 50760]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-07-07 3871744]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-03 29744]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\iexplore.exe.exe" [2009-09-10 1312080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-02 2007832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-25 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-02 20:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134444950\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134444950\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SSFS041A;Spy Sweeper File System Filer Driver: 041A;c:\windows\system32\drivers\SSFS041A.sys [7/28/2006 11:31 AM 13824]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/2/2009 4:01 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/2/2009 4:02 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/2/2009 4:00 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 7:22 PM 24652]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/2/2008 8:12 PM 29744]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 9:33 PM 116464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-09-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-07-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-07-16 00:12]

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-606747145-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 01:14]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-606747145-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-27 01:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: campbellsoup.com\workplacena
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 08:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{860F37D0-88B9-EAFE-0DA223FC9F2D4B17}\{92B5FDE0-C227-B1B3-6D9FE8922DCBDAED}\{28D3DA4D-49F1-E4D4-1516D5318029455A}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,22,57,c3,
44,66,0c,cb,2a,bd,c4,33,a7,4b,f4,ac,37,f4,d1,3f,b7,41,3c,2b,d1,cb,7a,7f,8d,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{91EC4B89-4AF2-1685-8B077627C8A43419}\{2EE609D8-52A7-5ABD-6D921F70AFC106D5}\{F0CB3253-4F19-C88D-A2C81B3BBC751916}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{93E6CEFD-CA56-59D1-C6A1E22689695F47}\{E62B984B-3624-15D7-6BC3102B23FA8A76}\{D0F98AA7-EDD9-94A9-9F817DE029F1BE16}*]
"RA4KGUJC6T6LBNJRIDQ63C2L6C1"=hex:01,00,01,00,00,00,00,00,f7,8a,3d,85,55,45,07,
82,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D96284CB-92E6-3E1E-196BB0273B005327}\{BCF0CDFC-4A0B-26E5-259182A4D665E8F2}\{6E248836-421D-F84C-CF6B8AC08EBF0D43}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,22,57,c3,
44,66,0c,cb,2a,bd,c4,33,a7,4b,f4,ac,37,f4,d1,3f,b7,41,3c,2b,d1,cb,7a,7f,8d,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(4736)
c:\windows\system32\WININET.dll
c:\program files\Plaxo\3.22.0.7\plx_hook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-03 8:50
ComboFix-quarantined-files.txt 2009-10-03 12:49
ComboFix2.txt 2009-10-02 19:16

Pre-Run: 6,366,179,328 bytes free
Post-Run: 6,519,443,456 bytes free

246 --- E O F --- 2009-10-03 01:00

Here is the data from MBAM:

Malwarebytes' Anti-Malware 1.41
Database version: 2899
Windows 5.1.2600 Service Pack 3

10/3/2009 1:22:47 PM
mbam-log-2009-10-03 (13-22-42).txt

Scan type: Quick Scan
Objects scanned: 136817
Time elapsed: 1 hour(s), 50 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\My Documents\downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> No action taken.

My PC has been performing a lot better since the icons reappeared.

Hi

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

Here is the data from F Secure:

Scanning Report

Saturday, October 3, 2009 19:59:49 - 22:55:29

Computer name: FAMILYDESKTOP
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ H:\

8 malware found

TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
Adware:W32/GameVance.gen!C (spyware)
System (Disinfected)
TrackingCookie.Zanox (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
Adware:W32/GameVance (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
Statistics

Scanned:
Files: 99166
System: 4524
Not scanned: 14
Actions:
Disinfected: 8
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\MRT.EXE
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\C263092DCCC247F68A43CFEE93ECC72D\UPDATE\UPDATE.EXE
C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\3F62DB0DD41DE1740F8ADDCE0CC500EC\UPDATE\UPDATE.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPSVC.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DOSCAN.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\DOWNLOADS\WINLOGON.SCR
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\~ROMFN_000006B0
Options

Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics
Copyright 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in reƖ to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Hi

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 8.5
Symantec AntiVirus
``````````````````````````````
Anti-malware/Other Utilities Check:
Spy Sweeper
Java(TM) 6 Update 10
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.1
Korean Fonts Support For Adobe Reader 8
Japanese Fonts Support For Adobe Reader 8
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Hi

I notice that you are using more than one antivirus program.

• Symantec Antivirus
  
• AVG Free 8.5
  

This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through.
It is important that only ONE antivirus program is running realtime protection.
I strongly suggest you either (1) uninstall all but one antivirus program through Control Panel->Add or remove Programs,
OR (2) keep the programs, but leave all but one of them disabled most of the time.
You can still use them for scanning your computer.

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thanks for your assistance in this matter. For some reason I cannot remove Symantec AV but I disabled it completely and installed AVG Free.

I will update my programs per your suggestion and hopefully keep my computer free of any future issues.

Thanks again!!!

You are welcome

FYI I have been using Google Chrome as my web browser. I need to uninstall IE becuase my children use this PC as well and always default to IE for web browsing.

What you could do to hide Internet Explorer (since IE is the default and most supported), is go in to Google Chrome, and do the following:

Go in to the tools menu (wrench icon) and click Options. Click the Basics tab, if needed, and click "Make Google Chrome my default browser."

Then, delete any shortcuts on all Desktops that refer to Internet Explorer. Also, delete any entries in the Start Menu that refer to Internet Explorer. Which means, the only way to access IE, is C:\Program Files\Internet Explorer\iexplore.exe

If you want to force the usage of Google Chrome, make shortcuts to the program on the Desktops. It will probably be in the Start Menu as well.

Does this seem suitable?