Windows System defender/ Antivirus Systems PRO

Windows System defender and Antivirus Systems PRO on my computer. Malwarebytes and Adware launch but quit after a short period of time. Spydoctor runs but then wants $$ to download program to delete viruses. Can't download HJ This either. When I try to run antivirus programs from icons, a message "Windows cannot access specfied device,file, path..." comes up. No idea how to proceed. Appreciate any assistance

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
cngaudit.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 18:19 on 27/10/2009 by Greg Parker (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -----c 180224 bytes [18:24 18/10/2008] [12:00 04/08/2004] 0F78E27F563F2AAF74B91A49E2ABF19A
C:\WINDOWS\ServicePackFiles\i386\scecli.dll ------ 181248 bytes [12:29 23/08/2008] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084
C:\WINDOWS\system32\scecli.dll --a--- 181248 bytes [12:00 04/08/2004] [00:12 14/04/2008] A86BB5E61BF3E39B62AB4C7E7085A084

Searching for "netlogon.dll"
C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -----c 407040 bytes [18:24 18/10/2008] [12:00 04/08/2004] 96353FCECBA774BB8DA74A1C6507015A
C:\WINDOWS\ServicePackFiles\i386\netlogon.dll ------ 407040 bytes [12:28 23/08/2008] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550
C:\WINDOWS\system32\netlogon.dll --a--- 407040 bytes [12:00 04/08/2004] [00:12 14/04/2008] 1B7F071C51B77C272875C3A23E1E4550

Searching for "eventlog.dll"
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -----c 55808 bytes [18:24 18/10/2008] [12:00 04/08/2004] 82B24CB70E5944E6E34662205A2A5B78
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll ------ 56320 bytes [12:27 23/08/2008] [00:11 14/04/2008] 6D4FEB43EE538FC5428CC7F0565AA656
C:\WINDOWS\system32\eventlog.dll --a--- 61952 bytes [12:00 04/08/2004] [00:11 14/04/2008] (Unable to calculate MD5)

Searching for "cngaudit.dll"
No files found.

-=End Of File=-

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Tried to download last night to no avail. Couldn't extract file. Windows icon warning displayed. File displays on desktop but when tried to extract, indicate no file to extract.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-10-28.08 - Greg Parker 10/29/2009 18:49.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.286 [GMT -4:00]
Running from: c:\documents and settings\Greg Parker\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFR1.tmp
c:\documents and settings\Administrator\Application Data\aduxeso._dl
c:\documents and settings\Administrator\Application Data\kekogamypy.dll
c:\documents and settings\Administrator\Application Data\tabuse.com
c:\documents and settings\Administrator\Cookies\qavy.bat
c:\documents and settings\Administrator\Cookies\sohykiroqi.vbs
c:\documents and settings\Administrator\Local Settings\Application Data\kore.reg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\cuqe.reg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fobeho.pif
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ijawan.inf
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\loho.db
c:\documents and settings\All Users\Application Data\atic._dl
c:\documents and settings\All Users\Application Data\awefalubof._sy
c:\documents and settings\All Users\Application Data\elaqyno.dll
c:\documents and settings\All Users\Application Data\idexave.vbs
c:\documents and settings\All Users\Application Data\ijyvyv.dl
c:\documents and settings\All Users\Application Data\jahezo.inf
c:\documents and settings\All Users\Application Data\judibamo.scr
c:\documents and settings\All Users\Application Data\ojul.com
c:\documents and settings\All Users\Application Data\puzusukot.sys
c:\documents and settings\All Users\Application Data\qykamul.dll
c:\documents and settings\All Users\Application Data\ryxe.pif
c:\documents and settings\All Users\Application Data\upodityji.com
c:\documents and settings\All Users\Application Data\xaqewabo.lib
c:\documents and settings\All Users\Application Data\ydisi.exe
c:\documents and settings\All Users\Documents\agysacyxov.pif
c:\documents and settings\All Users\Documents\fijym._sy
c:\documents and settings\All Users\Documents\gohaf.pif
c:\documents and settings\All Users\Documents\ifaminam.reg
c:\documents and settings\All Users\Documents\ifux.inf
c:\documents and settings\All Users\Documents\jisakino.dl
c:\documents and settings\All Users\Documents\nuwa._dl
c:\documents and settings\All Users\Documents\sakyhuhizy._sy
c:\documents and settings\All Users\Documents\syracynek.inf
c:\documents and settings\All Users\Documents\vojema.dl
c:\documents and settings\All Users\Documents\xiji._sy
c:\documents and settings\All Users\Documents\ybebosofi._dl
c:\documents and settings\All Users\Documents\ymysuzuluz.reg
c:\documents and settings\All Users\Documents\yqepe.dl
c:\documents and settings\Greg Parker\Application Data\acapugyva.dl
c:\documents and settings\Greg Parker\Application Data\firybuhip.scr
c:\documents and settings\Greg Parker\Application Data\idex.pif
c:\documents and settings\Greg Parker\Application Data\iniasd.txt
c:\documents and settings\Greg Parker\Application Data\ivare.bat
c:\documents and settings\Greg Parker\Application Data\ligyroho.com
c:\documents and settings\Greg Parker\Application Data\nizaton._sy
c:\documents and settings\Greg Parker\Application Data\ozaxiwek.exe
c:\documents and settings\Greg Parker\Application Data\ucirag.dll
c:\documents and settings\Greg Parker\Application Data\ufomelahis.ban
c:\documents and settings\Greg Parker\Application Data\utotonera.lib
c:\documents and settings\Greg Parker\Application Data\xovepola.com
c:\documents and settings\Greg Parker\Cookies\ajelymojac.reg
c:\documents and settings\Greg Parker\Cookies\devuzol._sy
c:\documents and settings\Greg Parker\Cookies\ezymun.com
c:\documents and settings\Greg Parker\Cookies\ihisitu.bin
c:\documents and settings\Greg Parker\Cookies\iryrigyqix.pif
c:\documents and settings\Greg Parker\Cookies\pyhura.sys
c:\documents and settings\Greg Parker\Cookies\qoryn.reg
c:\documents and settings\Greg Parker\Cookies\tuzixudaf.dat
c:\documents and settings\Greg Parker\Cookies\vimusyzaza.vbs
c:\documents and settings\Greg Parker\Cookies\ypuqokunuk.bin
c:\documents and settings\Greg Parker\Cookies\yrybel.dat
c:\documents and settings\Greg Parker\Local Settings\Application Data\akepeg.inf
c:\documents and settings\Greg Parker\Local Settings\Application Data\awosawoquq.bin
c:\documents and settings\Greg Parker\Local Settings\Application Data\cuvogybuxa.scr
c:\documents and settings\Greg Parker\Local Settings\Application Data\ekif.vbs
c:\documents and settings\Greg Parker\Local Settings\Application Data\epan.dll
c:\documents and settings\Greg Parker\Local Settings\Application Data\equjidyc.dll
c:\documents and settings\Greg Parker\Local Settings\Application Data\ibofumam.ban
c:\documents and settings\Greg Parker\Local Settings\Application Data\mogy.inf
c:\documents and settings\Greg Parker\Local Settings\Application Data\ubyrogo.exe
c:\documents and settings\Greg Parker\Local Settings\Application Data\uhakyped.reg
c:\documents and settings\Greg Parker\Local Settings\Application Data\uropyzovic.dll
c:\documents and settings\Greg Parker\Local Settings\Application Data\uvixovugok.sys
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\aqafuwo.dl
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\edotocuzic.reg
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\efatic.dll
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\ikocudexow.ban
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\ixaloxe.bin
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\lefekineme.lib
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\musyg._sy
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\ocar.bat
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\ojyc._dl
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\owilo.scr
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\ugofaf.vbs
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\uqaqecerew._dl
c:\documents and settings\Greg Parker\Local Settings\Temporary Internet Files\vawujin.lib
c:\program files\Common Files\ageciqa.exe
c:\program files\Common Files\awanagyk.sys
c:\program files\Common Files\bubiky.inf
c:\program files\Common Files\esukakomif._sy
c:\program files\Common Files\jotez.sys
c:\program files\Common Files\mufa.bin
c:\program files\Common Files\nybipise.dll
c:\program files\Common Files\ogokoxejaj.reg
c:\program files\Common Files\tiwuwesen.exe
c:\program files\Common Files\xuxo.sys
c:\windows\agasosuvu.bin
c:\windows\betexab.reg
c:\windows\cevatud._dl
c:\windows\ekaqocexyn._dl
c:\windows\fani.dll
c:\windows\hyfip.scr
c:\windows\igyxarim.vbs
c:\windows\itusij.bin
c:\windows\odobeqizev.pif
c:\windows\oxakozefub.sys
c:\windows\puxu.dl
c:\windows\qezopy.exe
c:\windows\system32\~.exe
c:\windows\system32\awxcguc.dll
c:\windows\system32\bawuwiruz.vbs
c:\windows\system32\bete.sys
c:\windows\system32\drivers\noittukv.sys
c:\windows\system32\drivers\zkbumuea.sys
c:\windows\system32\fadyjy.bat
c:\windows\system32\gijy.exe
c:\windows\system32\grpqtgk.dll
c:\windows\system32\ijiho.bat
c:\windows\system32\kamugoxys.pif
c:\windows\system32\labiwux.pif
c:\windows\system32\ojukaqilaz.sys
c:\windows\system32\udyfyvyt.bat
c:\windows\system32\ukizihuc.bat
c:\windows\system32\uwyduwalos.exe
c:\windows\system32\xihoc.vbs
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\ubuku._sy
c:\windows\ufopog.pif
c:\windows\upobaz.dl
c:\windows\xaxonyrop.scr
c:\windows\xulaky.pif
c:\windows\yxamopalon.bat
c:\windows\zusup.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NOITTUKV
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_noittukv


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-29 22:56 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-27 00:36 . 2009-10-27 00:36 -------- d-----w- c:\program files\Trend Micro
2009-10-26 01:13 . 2009-10-26 01:13 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-26 01:13 . 2009-10-26 01:13 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-26 01:12 . 2009-10-29 22:48 0 ----a-w- c:\windows\win32k.sys
2009-10-26 01:09 . 2009-10-26 01:09 -------- d-----w- c:\program files\Lavasoft
2009-10-25 21:52 . 2009-10-25 21:52 -------- d-----w- c:\program files\Common Files\iS3
2009-10-25 21:52 . 2009-10-26 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-25 12:25 . 2009-10-25 12:26 31232 ----a-w- C:\dsiqvib.exe
2009-10-15 07:58 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-15 07:58 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-13 00:20 . 2009-10-13 00:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 13:18 . 2009-10-12 13:18 19679 ----a-w- c:\windows\system32\hacohekosy.dat
2009-10-12 04:38 . 2009-09-16 14:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-12 04:38 . 2009-09-16 14:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-12 04:38 . 2009-09-16 14:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-12 04:38 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-12 04:37 . 2009-10-12 04:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-12 04:37 . 2009-10-12 04:37 -------- d-----w- c:\program files\McAfee.com
2009-10-12 04:36 . 2009-10-29 21:15 -------- d-----w- c:\program files\McAfee
2009-10-12 04:25 . 2009-09-16 14:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-10 01:56 . 2009-10-10 04:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 00:08 . 2009-10-08 00:08 18432 ----a-w- C:\tixqapi.exe
2009-10-08 00:07 . 2009-10-08 00:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-08 00:06 . 2009-10-08 00:06 72704 ----a-w- c:\windows\system32\drivers\jqvgqsbpxthqoidx.sys
2009-10-08 00:05 . 2009-10-08 00:05 72704 ----a-w- c:\windows\system32\drivers\xynevjikbccxnmei.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 22:26 . 2009-08-16 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 22:26 . 2009-10-26 01:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-27 00:40 . 2009-08-16 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-27 00:40 . 2009-10-25 22:40 -------- d-----w- c:\program files\Spyware Doctor
2009-10-27 00:40 . 2009-10-25 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-26 01:09 . 2009-10-25 21:52 -------- d-----w- c:\program files\STOPzilla!
2009-10-26 01:09 . 2009-08-16 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-26 01:09 . 2009-10-25 22:10 -------- d-----w- c:\program files\XoftSpySE6
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\program files\Common Files\XoftSpySE
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-25 21:53 . 2009-10-25 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-24 19:11 . 2008-04-29 23:59 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-16 12:42 . 2008-09-09 14:38 -------- d-----w- c:\documents and settings\Greg Parker\Application Data\LimeWire
2009-10-16 07:08 . 2008-07-01 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 00:19 . 2008-09-09 14:37 -------- d-----w- c:\program files\Java
2009-10-12 18:53 . 2008-04-29 23:53 84744 ----a-w- c:\documents and settings\Greg Parker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 04:46 . 2008-07-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-08 15:31 . 2009-10-25 22:45 767952 ----a-w- c:\windows\BDTSupport(2).dll
2009-10-02 18:19 . 2009-10-25 22:45 1152470 ----a-w- c:\windows\UDB.zip
2009-09-29 07:07 . 2008-07-01 22:01 -------- d-----w- c:\program files\Microsoft Works
2009-09-21 20:06 . 2009-08-16 20:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-16 14:22 . 2009-07-08 17:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-13 21:46 . 2009-09-13 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:17 . 2009-04-03 20:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2009-08-16 13:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-16 13:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2007-04-16 20:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2007-04-16 20:38 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2008-04-29 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-04-29 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-04-29 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-04-16 20:38 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-04-29 23:34 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2007-04-16 20:36 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-04-29 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-05-02 22:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-29 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2007-04-16 20:37 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2007-04-16 20:38 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2007-02-28 07:15 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-18 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HDAShCut.exe [2007-04-16 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/16/2009 4:06 PM 64160]
S2 0010391256613338mcinstcleanup;McAfee Application Installer Cleanup (0010391256613338);c:\windows\TEMP\001039~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001039~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\DRIVERS\SCR131C.sys --> c:\windows\system32\DRIVERS\SCR131C.sys [?]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys --> c:\windows\system32\DRIVERS\SCR33X2K.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0010391256613338MCINSTCLEANUP
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - NOITTUKV
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - noittukv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fcqwhxik
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 16:22]

2009-10-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.usatoday.com/
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Greg Parker\Application Data\Mozilla\Firefox\Profiles\g68a2i10.default\
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

Toolbar-{472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll
WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll
HKLM-Run-XoftSpySE - c:\program files\XoftSpySE6\XoftSpySE.exe
SharedTaskScheduler-{e47186b8-2bd3-40de-871a-76adbcd23b82} - (no file)
SSODL-piyahizal-{e47186b8-2bd3-40de-871a-76adbcd23b82} - (no file)
AddRemove-Browser Defender_is1 - c:\program files\Spyware Doctor\BDT\unins000.exe
AddRemove-Spyware Doctor - c:\program files\Spyware Doctor\unins000.exe
AddRemove-{4BB05099-1963-4268-A3BB-9153964750ED} - c:\program files\XoftSpySE6\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 19:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1796)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-29 19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 23:07

Pre-Run: 83,163,820,032 bytes free
Post-Run: 85,527,011,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 736B843BAE5CDFF8843035D1BAE636BF

ComboFix 09-10-28.08 - Greg Parker 10/29/2009 22:50.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.276 [GMT -4:00]
Running from: c:\documents and settings\Greg Parker\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Greg Parker\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\dsiqvib.exe"
"C:\tixqapi.exe"
"c:\windows\system32\drivers\jqvgqsbpxthqoidx.sys"
"c:\windows\system32\drivers\xynevjikbccxnmei.sys"
"c:\windows\win32k.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\dsiqvib.exe
C:\tixqapi.exe
c:\windows\system32\drivers\jqvgqsbpxthqoidx.sys
c:\windows\system32\drivers\xynevjikbccxnmei.sys
c:\windows\win32k.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-29 22:56 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-27 00:36 . 2009-10-27 00:36 -------- d-----w- c:\program files\Trend Micro
2009-10-26 01:13 . 2009-10-26 01:13 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-26 01:13 . 2009-10-26 01:13 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-26 01:09 . 2009-10-26 01:09 -------- d-----w- c:\program files\Lavasoft
2009-10-25 21:52 . 2009-10-25 21:52 -------- d-----w- c:\program files\Common Files\iS3
2009-10-25 21:52 . 2009-10-26 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-10-15 07:58 . 2009-07-17 16:22 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-10-15 07:58 . 2009-09-04 21:03 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-10-13 00:20 . 2009-10-13 00:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 13:18 . 2009-10-12 13:18 19679 ----a-w- c:\windows\system32\hacohekosy.dat
2009-10-12 04:38 . 2009-09-16 14:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-12 04:38 . 2009-09-16 14:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-12 04:38 . 2009-09-16 14:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-12 04:38 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-12 04:37 . 2009-10-12 04:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-12 04:37 . 2009-10-12 04:37 -------- d-----w- c:\program files\McAfee.com
2009-10-12 04:36 . 2009-10-29 21:15 -------- d-----w- c:\program files\McAfee
2009-10-12 04:25 . 2009-09-16 14:22 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-10 01:56 . 2009-10-10 04:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-08 00:07 . 2009-10-08 00:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-27 22:26 . 2009-08-16 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 22:26 . 2009-10-26 01:09 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-10-27 00:40 . 2009-08-16 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-27 00:40 . 2009-10-25 22:40 -------- d-----w- c:\program files\Spyware Doctor
2009-10-27 00:40 . 2009-10-25 22:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-26 01:09 . 2009-10-25 21:52 -------- d-----w- c:\program files\STOPzilla!
2009-10-26 01:09 . 2009-08-16 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-26 01:09 . 2009-10-25 22:10 -------- d-----w- c:\program files\XoftSpySE6
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\program files\Common Files\XoftSpySE
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2009-10-25 21:53 . 2009-10-25 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-10-24 19:11 . 2008-04-29 23:59 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-10-16 12:42 . 2008-09-09 14:38 -------- d-----w- c:\documents and settings\Greg Parker\Application Data\LimeWire
2009-10-16 07:08 . 2008-07-01 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-13 00:19 . 2008-09-09 14:37 -------- d-----w- c:\program files\Java
2009-10-12 18:53 . 2008-04-29 23:53 84744 ----a-w- c:\documents and settings\Greg Parker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 04:46 . 2008-07-02 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-08 15:31 . 2009-10-25 22:45 767952 ----a-w- c:\windows\BDTSupport(2).dll
2009-10-02 18:19 . 2009-10-25 22:45 1152470 ----a-w- c:\windows\UDB.zip
2009-09-29 07:07 . 2008-07-01 22:01 -------- d-----w- c:\program files\Microsoft Works
2009-09-21 20:06 . 2009-08-16 20:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-16 14:22 . 2009-07-08 17:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-13 21:46 . 2009-09-13 21:46 0 ----a-w- c:\windows\nsreg.dat
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:17 . 2009-04-03 20:08 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:54 . 2009-08-16 13:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-08-16 13:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2007-04-16 20:38 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2007-04-16 20:38 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 23:24 . 2008-04-29 23:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2008-04-29 23:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2008-04-29 23:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-04-16 20:38 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2008-04-29 23:34 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2007-04-16 20:36 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2008-04-29 23:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2008-05-02 22:29 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2008-04-29 23:34 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2007-04-16 20:37 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2007-04-16 20:38 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2007-02-28 07:15 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-29_23.00.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-29 23:42 . 2009-10-29 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-29 23:42 . 2009-10-30 01:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-30 01:44 . 2009-10-30 01:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-04-29 23:42 . 2009-10-29 21:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-18 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 1052672]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HDAShCut.exe [2007-04-16 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcmscsvc.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/16/2009 4:06 PM 64160]
S2 0010391256613338mcinstcleanup;McAfee Application Installer Cleanup (0010391256613338);c:\windows\TEMP\001039~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\001039~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\DRIVERS\SCR131C.sys --> c:\windows\system32\DRIVERS\SCR131C.sys [?]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys --> c:\windows\system32\DRIVERS\SCR33X2K.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0010391256613338MCINSTCLEANUP
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*NewlyCreated* - NOITTUKV
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - noittukv
.
Contents of the 'Scheduled Tasks' folder

2009-10-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 16:22]

2009-10-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-12 16:22]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Greg Parker\Application Data\Mozilla\Firefox\Profiles\g68a2i10.default\
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-10-30 23:03
ComboFix-quarantined-files.txt 2009-10-30 03:03
ComboFix2.txt 2009-10-29 23:07

Pre-Run: 85,463,883,776 bytes free
Post-Run: 85,472,649,216 bytes free

- - End Of File - - 9E5083AB4BDBA10ACAB33DC49E1379C2

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 3058
Windows 5.1.2600 Service Pack 3

10/29/2009 11:37:32 PM
mbam-log-2009-10-29 (23-37-32).txt

Scan type: Quick Scan
Objects scanned: 111127
Time elapsed: 12 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

great, thanks for much for your assistance...

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.