Win32/nuqel.E / bankerfox.a / Antivirus system pro. problem

ComboFix 09-10-24.01 - Chris 10/24/2009 18:10.1.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2037.797 [GMT -5:00]
Running from: c:\users\Chris\Desktop\commy.exe
Command switches used :: /stepdel
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3325274441-2933238227-355094248-500
c:\$recycle.bin\S-1-5-21-3325274441-2933238227-355094248-500\desktop.ini
c:\programdata\ntuser.dat{e5811f88-c762-11db-a035-00a0d1df235d}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{e5811f98-c762-11db-a035-00a0d1df235d}.TMContainer00000000000000000001.regtrans-ms

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 23:23 . 2009-10-24 23:29 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-10-24 23:23 . 2009-10-24 23:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-24 22:31 . 2009-10-24 22:33 -------- d-----w- C:\commy
2009-10-24 03:09 . 2009-10-24 19:21 -------- d-----w- c:\windows\BDOSCAN8
2009-10-24 01:18 . 2009-10-24 01:18 -------- d-----w- c:\programdata\WindowsSearch
2009-10-23 22:36 . 2009-10-23 22:36 -------- d-----w- c:\windows\Sun
2009-10-23 19:36 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-23 05:06 . 2009-10-23 05:06 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 04:31 . 2009-10-23 04:31 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 04:15 . 2009-10-24 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 04:15 . 2009-10-23 04:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 23:16 . 2009-10-22 23:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-22 03:58 . 2009-10-22 03:58 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-22 01:27 . 2009-10-23 03:45 -------- d-----w- c:\programdata\puleluro
2009-10-22 01:27 . 2009-10-24 17:26 -------- d-----w- c:\programdata\safevayi
2009-10-22 01:27 . 2009-10-23 19:17 -------- d-----w- c:\programdata\simipari
2009-10-22 01:27 . 2009-10-23 03:45 -------- d-----w- c:\programdata\sufohuwe
2009-10-22 01:20 . 2009-10-24 04:32 -------- d-----w- c:\programdata\somotiye
2009-10-22 01:20 . 2009-10-24 02:58 -------- d-----w- c:\programdata\miriniwi
2009-10-22 01:20 . 2009-10-22 01:20 -------- d-----w- c:\programdata\ladowozi
2009-10-19 23:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-19 23:37 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-19 23:37 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-19 23:37 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 23:36 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-19 23:36 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-19 23:36 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 23:35 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 23:35 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-16 20:17 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 20:17 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 20:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 20:17 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-16 20:15 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 20:15 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 20:15 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-04 16:15 . 2009-10-04 16:15 127872 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\uninstall.exe
2009-10-04 16:15 . 2009-10-04 16:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Move Networks
2009-10-02 19:22 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 21:14 . 2009-09-29 21:14 -------- d-----w- c:\programdata\SiteAdvisor
2009-09-27 21:47 . 2006-03-03 13:07 143360 ----a-w- c:\windows\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 19:35 . 2007-02-28 20:29 -------- d-----w- c:\program files\McAfee
2009-10-22 03:58 . 2009-07-15 02:08 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2009-10-19 03:43 . 2009-07-27 03:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Skype
2009-10-19 03:27 . 2009-07-27 03:12 -------- d-----w- c:\users\Chris\AppData\Roaming\skypePM
2009-10-17 06:12 . 2007-03-20 21:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-17 06:08 . 2007-03-20 21:09 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 20:11 . 2007-02-28 20:29 -------- d-----w- c:\programdata\McAfee
2009-10-04 16:15 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-10-02 01:35 . 2009-06-24 01:52 -------- d-----w- c:\program files\Microsoft
2009-09-28 01:09 . 2007-02-28 20:29 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-22 00:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-22 00:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-16 15:22 . 2007-02-28 20:29 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2007-02-28 20:29 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 01:32 . 2009-09-16 01:32 -------- d-----w- c:\program files\MATLAB
2009-09-10 04:44 . 2009-06-25 04:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-27 05:17 . 2009-10-16 20:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 20:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 20:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:25 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:25 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:25 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-30 14:38 . 2009-08-16 01:25 5173960 ----a-w- c:\windows\BAA Screensaver.scr
2009-07-27 03:12 . 2009-07-27 03:12 56 ---ha-w- c:\programdata\ezsidmv.dat
2004-03-15 23:51 . 2004-03-15 23:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 16:32 . 2006-01-23 16:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 16:48 . 2007-02-08 16:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 01:03 . 2007-07-25 01:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-07-23 19:18 . 2009-07-23 19:18 16384 --sha-w- c:\windows\System32\buhedina.exe
2009-07-22 23:10 . 2009-07-22 23:10 16384 --sha-w- c:\windows\System32\davozido.exe
2009-07-24 00:19 . 2009-07-24 00:19 69632 --sha-w- c:\windows\System32\vukolosu.exe
2009-07-23 20:18 . 2009-07-23 20:18 75776 --sha-w- c:\windows\System32\wimoroka.exe
2009-07-23 23:18 . 2009-07-23 23:18 81920 --sha-w- c:\windows\System32\wogutopa.exe
2009-07-23 20:18 . 2009-07-23 20:18 32768 --sha-w- c:\windows\System32\zarajubo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-28 220160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-05 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Citi Virtual Account Numbers"="c:\progra~1\VIRTUA~1\CitiVAN.exe" [2007-12-07 270336]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,16,9e,46,1c,3b,ca,01

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [7/10/2007 9:08 PM 15448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2009 3:17 PM 210216]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\System32\drivers\NiViPxiKl.sys [7/19/2007 12:56 PM 11360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/16/2009 8:04 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/28/2007 3:00 PM 7168]
S3 nidimk;nidimk;c:\windows\System32\drivers\nidimkl.sys [7/12/2007 7:18 PM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\System32\drivers\nipalfwedl.sys [7/18/2007 10:11 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\System32\drivers\nipalusbedl.sys [7/18/2007 10:12 PM 11896]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\System32\drivers\NiViFWKl.sys [7/19/2007 12:48 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\System32\drivers\NiViPciKl.sys [7/19/2007 12:56 PM 11360]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 6:34 AM 122008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{D7724767-7F5C-499C-B4D0-65A7A70C97B9}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-lphcj4jj0e92o - c:\windows\system32\lphcj4jj0e92o.exe
HKCU-Run-dukogutel - c:\progra~2\simipari\simipari.dll
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
SharedTaskScheduler-{beeee39e-a28e-43b5-9408-ebb8ee69cf2c} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 18:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(172)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\National Instruments\MAX\nimxs.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\National Instruments\Shared\Tagger\tagsrv.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\commy29219c\CF30835.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\commy29219c\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 18:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-24 23:39

Pre-Run: 63,233,265,664 bytes free
Post-Run: 65,183,571,968 bytes free

- - End Of File - - 9AC10F27839C2D82B6F44000C6CDC8F7

µTorrent
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AutoUpdate
BAA Screensaver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DivX Codec
DivX Player
DivX Web Player
DVD MovieFactory for TOSHIBA
GOM Player
Google Desktop
Google Toolbar for Internet Explorer
GRE POWERPREP
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfraRecorder
Intel(R) Graphics Media Accelerator Driver
Internet Offers
iPod for Windows 2005-11-17
iTunes
IVI Shared Component
IVI Shared Components
Java(TM) SE Runtime Environment 6
JEOPARDY
JMP 6
Junk Mail filter update
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Mathcad 8 Explorer
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Move Media Player
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
National Instruments Software
NI-DAQmx - LabVIEW shared documentation
NI-DIM 1.7.0f0
NI-IVI Provider for MAX
NI-ORB 1.7.0f0
NI-PAL 2.1.0f1
NI-RPC 3.4.0f1
NI-RPC 3.4.0f1 for Phar Lap ETS
NI-VISA Runtime 4.2
NI AFW Channel Configuration Tool
NI Assistant Framework
NI Assistant Framework LabVIEW Code Generator 6.1
NI Assistant Framework LabVIEW Code Generator 7.0
NI Assistant Framework LabVIEW Code Generator 7.1
NI Assistant Framework LabVIEW Code Generator 8.0
NI Assistant Framework LabVIEW Code Generator 8.2
NI Assistant Framework LabVIEW Code Generator 8.5
NI Certificates Deployment Support
NI Circuit Design Suite 10 Core
NI Circuit Design Suite 10 Educational
NI Circuit Design Suite Support and Upgrade Utility
NI Control Design Mathscript VIs
NI Control Design Shared VIs
NI DataSocket 4.5.0
NI DN 2.0 installer
NI EULA Depot
NI Example Finder 8.5
NI Help Assistant
NI Instrument IO Assistant for LabVIEW 8.5
NI IVI Class Driver LabVIEW 8.5 Support
NI IVI Class Drivers
NI IVI Class Simulation Drivers
NI IVI Compliance Package 3.1
NI IVI Engine
NI IVI Online Help
NI LabVIEW 8.5
NI LabVIEW 8.5 Applibs
NI LabVIEW 8.5 CINtools
NI LabVIEW 8.5 Control Design and Simulation Module - Control Design Support
NI LabVIEW 8.5 Control Design and Simulation Module - Simulation Support
NI LabVIEW 8.5 Device Detection and Deployment Support
NI LabVIEW 8.5 Examples
NI LabVIEW 8.5 gMath
NI LabVIEW 8.5 Help
NI LabVIEW 8.5 Help File
NI LabVIEW 8.5 iMath
NI LabVIEW 8.5 Instr.lib
NI LabVIEW 8.5 License
NI LabVIEW 8.5 Manuals
NI LabVIEW 8.5 MeasAppChm File
NI LabVIEW 8.5 Menus
NI LabVIEW 8.5 Project
NI LabVIEW 8.5 Resource
NI LabVIEW 8.5 Simulation
NI LabVIEW 8.5 Templates
NI LabVIEW 8.5 User.lib
NI LabVIEW 8.5 VI.lib
NI LabVIEW 8.5 WWW
NI LabVIEW Analog Modulation Toolkit 4.0
NI LabVIEW Broker
NI LabVIEW C Interface
NI LabVIEW Deployable License 8.5.0
NI LabVIEW Digital Filter Design Toolkit 8.2.1
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 8.5.0
NI LabVIEW Modulation Toolkit 4.0
NI LabVIEW Real-Time Error Dialog
NI LabVIEW Real-Time FIFO for Runtime
NI LabVIEW Run-Time Engine 7.1.1
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2.1
NI LabVIEW Run-Time Engine 8.5
NI LabVIEW SignalExpress 2.5
NI LabVIEW SignalExpress 2.5 Core
NI LabVIEW SignalExpress 2.5 Core LabVIEW Support
NI LabVIEW SignalExpress 2.5 Datatypes
NI LabVIEW SignalExpress 2.5 LabVIEW Support
NI LabVIEW SignalExpress 2.5 Licenses
NI LabVIEW SignalExpress 2.5 Steps
NI LabVIEW SignalExpress 2.5 Tools
NI LabVIEW SimControl Shared Help Files
NI LabVIEW Simulation Module Converter
NI LabVIEW Simulation Module Optimization
NI LabVIEW Simulation Module Shared Files
NI LabVIEW System Identification 3.0 Assistant
NI LabVIEW System Identification 3.0 Toolkit VIs
NI LabVIEW System Identification Toolkit 3.0.1
NI LabWindows/CVI 8.1.1 Run-Time Engine
NI LabWindows/CVI Code Generator
NI License Manager
NI Logos 4.9
NI Logos LabVIEW 8.5 Support
NI Logos XT Support
NI LVBrokerAux 8.2.1
NI LVBrokerAux 8.5.0
NI LVBrokerAux71
NI LVBrokerAux8.0
NI Math Kernel Libraries
NI MAX LabVIEW Support
NI MDF Support
NI Measurement & Automation Explorer 4.3
NI Measurement Studio 8.1 Enterprise RunTime for VS2005
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
NI Measurement Studio Recipe Processor
NI MXS
NI OPC Support
NI Portable Configuration
NI Registration Wizard
NI Remote Provider for MAX
NI Remote PXI Provider for MAX
NI Service Locator
NI Session Manager 3.5
NI Software Provider for MAX
NI Sound and Vibration Frequency Analysis 5.0
NI System Identification Assistant LabVIEW Support
NI TDMS
NI Uninstaller
NI USI 1.5.0
NI Variable Engine
NI Variable Engine LabVIEW 8.5 Support
NI Variable Manager
NI VC2005MSMs x86
NI Web Pipeline
Penguins!
Polar Bowler
Polar Golfer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
RoboWorks Demo 3.0
SCRABBLE
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
Skype web features
Skype 4.1
SolidWorks 2008 SP0
Symantec AntiVirus
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB974810)
Virtual Account Numbers
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
WinDVD for TOSHIBA
WinRAR archiver
World of Warcraft

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight µTorrent and Java(TM) SE Runtime Environment 6
  
• Click on the Uninstall/Change button at the top.
  

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Folder::
   c:\programdata\puleluro
   c:\programdata\safevayi
   c:\programdata\simipari
   c:\programdata\sufohuwe
   c:\programdata\somotiye
   c:\programdata\miriniwi
   c:\programdata\ladowozi
   
   File::
   c:\windows\System32\buhedina.exe
   c:\windows\System32\davozido.exe
   c:\windows\System32\vukolosu.exe
   c:\windows\System32\wimoroka.exe
   c:\windows\System32\wogutopa.exe
   c:\windows\System32\zarajubo.dll
   
   DDS::
   uStart Page = about:blank
   
   RegLock::
   [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 09-10-25.02 - Chris 10/25/2009 20:47.3.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2037.795 [GMT -5:00]
Running from: c:\users\Chris\Desktop\commy.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active


FILE ::
"c:\windows\System32\buhedina.exe"
"c:\windows\System32\davozido.exe"
"c:\windows\System32\vukolosu.exe"
"c:\windows\System32\wimoroka.exe"
"c:\windows\System32\wogutopa.exe"
"c:\windows\System32\zarajubo.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\ladowozi
c:\programdata\ladowozi\ladowozi.dll
c:\programdata\miriniwi
c:\programdata\puleluro
c:\programdata\safevayi
c:\programdata\simipari
c:\programdata\somotiye
c:\programdata\sufohuwe
c:\windows\System32\buhedina.exe
c:\windows\System32\davozido.exe
c:\windows\System32\vukolosu.exe
c:\windows\System32\wimoroka.exe
c:\windows\System32\wogutopa.exe
c:\windows\System32\zarajubo.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 02:03 . 2009-10-26 02:05 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-10-26 02:03 . 2009-10-26 02:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-26 02:03 . 2009-10-26 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-24 22:31 . 2009-10-24 22:33 -------- d-----w- C:\commy
2009-10-24 03:09 . 2009-10-24 19:21 -------- d-----w- c:\windows\BDOSCAN8
2009-10-24 01:18 . 2009-10-24 01:18 -------- d-----w- c:\programdata\WindowsSearch
2009-10-23 22:36 . 2009-10-23 22:36 -------- d-----w- c:\windows\Sun
2009-10-23 19:36 . 2009-09-16 15:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-10-23 05:06 . 2009-10-23 05:06 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 04:31 . 2009-10-23 04:31 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 04:15 . 2009-10-24 21:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 04:15 . 2009-10-23 04:15 -------- d-----w- c:\programdata\Malwarebytes
2009-10-23 04:15 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 23:16 . 2009-10-22 23:16 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-22 03:58 . 2009-10-22 03:58 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-19 23:38 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-19 23:37 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-19 23:37 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-19 23:37 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-19 23:36 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-19 23:36 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-19 23:36 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-19 23:35 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-19 23:35 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-16 20:17 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 20:17 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 20:17 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 20:17 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-16 20:15 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 20:15 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 20:15 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-04 16:15 . 2009-10-04 16:15 127872 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\uninstall.exe
2009-10-04 16:15 . 2009-10-04 16:15 -------- d-----w- c:\users\Chris\AppData\Roaming\Move Networks
2009-10-02 19:22 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-29 21:14 . 2009-09-29 21:14 -------- d-----w- c:\programdata\SiteAdvisor
2009-09-27 21:47 . 2006-03-03 13:07 143360 ----a-w- c:\windows\system32\dunzip32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 01:30 . 2009-07-15 02:08 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2009-10-23 19:35 . 2007-02-28 20:29 -------- d-----w- c:\program files\McAfee
2009-10-19 03:43 . 2009-07-27 03:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Skype
2009-10-19 03:27 . 2009-07-27 03:12 -------- d-----w- c:\users\Chris\AppData\Roaming\skypePM
2009-10-17 06:12 . 2007-03-20 21:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-17 06:08 . 2007-03-20 21:09 -------- d-----w- c:\program files\Microsoft Works
2009-10-05 20:11 . 2007-02-28 20:29 -------- d-----w- c:\programdata\McAfee
2009-10-04 16:15 . 2009-06-16 06:35 4183416 ----a-w- c:\users\Chris\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
2009-10-02 01:35 . 2009-06-24 01:52 -------- d-----w- c:\program files\Microsoft
2009-09-28 01:09 . 2007-02-28 20:29 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-22 00:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-22 00:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-22 00:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-16 15:22 . 2007-02-28 20:29 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2007-02-28 20:29 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2007-02-28 20:29 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-16 01:32 . 2009-09-16 01:32 -------- d-----w- c:\program files\MATLAB
2009-09-10 04:44 . 2009-06-25 04:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-27 05:17 . 2009-10-16 20:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 20:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 20:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:25 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:25 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:25 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:25 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:25 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-07-30 14:38 . 2009-08-16 01:25 5173960 ----a-w- c:\windows\BAA Screensaver.scr
2004-03-15 23:51 . 2004-03-15 23:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 16:32 . 2006-01-23 16:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 16:48 . 2007-02-08 16:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-25 01:03 . 2007-07-25 01:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-24_23.29.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 20:52 . 2009-10-24 22:44 85102 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-02-28 20:52 . 2009-10-25 16:27 85102 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-10-24 23:30 70052 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-26 01:36 70052 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-06-25 05:08 . 2009-10-24 23:30 20054 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3325274441-2933238227-355094248-1000_UserData.bin
+ 2007-06-25 05:08 . 2009-10-26 01:36 20054 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3325274441-2933238227-355094248-1000_UserData.bin
- 2007-03-20 20:42 . 2009-10-24 23:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-03-20 20:42 . 2009-10-26 02:05 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-03-20 20:42 . 2009-10-24 23:29 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-03-20 20:42 . 2009-10-26 02:05 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-26 01:37 . 2009-10-26 01:37 6130 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\EB5AF50E0B263C13B3D628ADA3AC42B02C51003D\Data.dat
- 2009-10-24 22:25 . 2009-10-24 22:25 4962 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\Data.dat
+ 2009-10-26 01:05 . 2009-10-26 01:05 4962 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\B7B77EFB009E907FCA5AED9F5CD78AF3EC2558D6\Data.dat
+ 2009-10-26 01:12 . 2009-10-26 01:12 5756 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\Data.dat
- 2009-10-24 21:50 . 2009-10-24 21:50 5756 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\41F1CD21CD05A267CEDD8C0E1104AD4C595D6FA2\Data.dat
- 2009-10-24 22:00 . 2009-10-24 22:00 5988 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2009-10-26 01:39 . 2009-10-26 01:39 5988 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\3A3C5F7CC9415160B34912634CB95978E99A7DDE\3A3C5F7CC9415160B34912634CB95978E99A7DDE\Data.dat
+ 2009-10-26 01:05 . 2009-10-26 01:05 6158 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\217C5A9988F137C191AB2A26D7B4807D49DFC2EC\217C5A9988F137C191AB2A26D7B4807D49DFC2EC\Data.dat
+ 2009-10-26 01:37 . 2009-10-26 01:37 5866 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\0FAD3B8C5C374914520A72A77FB0B694C13391B5\0FAD3B8C5C374914520A72A77FB0B694C13391B5\Data.dat
+ 2009-10-25 16:25 . 2009-10-26 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-24 23:28 . 2009-10-24 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-24 23:28 . 2009-10-24 23:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-25 16:25 . 2009-10-26 01:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2007-03-20 20:42 . 2009-10-24 23:29 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-03-20 20:42 . 2009-10-26 02:05 311296 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 06:04 . 2009-10-25 06:04 2268008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-03-30 06:04 . 2009-10-24 23:26 2268008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-28 220160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-05 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Citi Virtual Account Numbers"="c:\progra~1\VIRTUA~1\CitiVAN.exe" [2007-12-07 270336]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-02-07 4374528]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2007-9-9 488728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):13,16,9e,46,1c,3b,ca,01

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [7/10/2007 9:08 PM 15448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2009 3:17 PM 210216]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\System32\drivers\NiViPxiKl.sys [7/19/2007 12:56 PM 11360]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/16/2009 8:04 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/28/2007 3:00 PM 7168]
S3 nidimk;nidimk;c:\windows\System32\drivers\nidimkl.sys [7/12/2007 7:18 PM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\System32\drivers\nipalfwedl.sys [7/18/2007 10:11 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\System32\drivers\nipalusbedl.sys [7/18/2007 10:12 PM 11896]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\System32\drivers\NiViFWKl.sys [7/19/2007 12:48 PM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\System32\drivers\NiViPciKl.sys [7/19/2007 12:56 PM 11360]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/28/2006 6:34 AM 122008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{D7724767-7F5C-499C-B4D0-65A7A70C97B9}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 21:05
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-26 21:09
ComboFix-quarantined-files.txt 2009-10-26 02:08
ComboFix2.txt 2009-10-24 23:40

Pre-Run: 63,628,644,352 bytes free
Post-Run: 63,607,091,200 bytes free

- - End Of File - - 4A429E1F218831BA2FA08E6FC6DB4D68

Bump...

or does that mean my computer is clean now?

hello?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

It's running good and haven't had any sign of viruses. DO you think it's good now? Any more suggestions/comments?

Yes, this looks fine now.