Okay, here's the log from the combofix. I had to run combofix twice because the first time, the computer restarted on its own, and didn't produce anything at all. Plus, I don't know if this was supposed to happen, but now I can't open up my web browsers. It says, " Illegal operation attempted on a registry key that has been marked for deletion." I had to post this through a different computer.
ComboFix 09-10-30.01 - Owner 11/01/2009 13:24.2.2 - NTFSx86
Microsoft
Windows Vista
Home Premium 6.0.6001.1.1252.1.1033.18.3063.2033 [GMT -6:00]
Running from: c:\users\Owner\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2733014286-607279091-1391130181-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\AutoRun.inf
c:\windows\system32\logs
c:\windows\system32\logs\Settings.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-11-01 19:30 . 2009-11-01 19:33 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-11-01 19:30 . 2009-11-01 19:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-11-01 19:30 . 2009-11-01 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-01 19:24 . 2008-01-19 07:41 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-31 19:31 . 2009-10-31 19:31 -------- d-----w- c:\windows\McAfee.com
2009-10-31 19:03 . 2009-10-31 19:03 -------- d-----w- c:\users\Owner\AppData\Local\Deployment
2009-10-31 16:58 . 2009-10-31 16:58 -------- d-----w- C:\mfe
2009-10-31 16:47 . 2009-10-31 16:47 -------- d-----w- c:\programdata\Citrix
2009-10-31 16:36 . 2009-10-31 16:36 -------- d-----w- c:\program files\Citrix
2009-10-31 16:36 . 2009-10-31 16:36 -------- d-----w- c:\users\Owner\AppData\Local\Citrix
2009-10-31 16:36 . 2009-10-31 16:36 61224 ----a-w- c:\users\Owner\GoToAssistDownloadHelper.exe
2009-10-31 16:22 . 2009-10-31 16:22 -------- d-----w- c:\users\Owner\AppData\Roaming\McAfee
2009-10-29 13:28 . 2009-10-29 13:28 -------- d-----w- c:\windows\Sun
2009-10-29 13:21 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 13:21 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-29 13:21 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-29 13:21 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 13:20 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-29 13:20 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-29 13:20 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 13:20 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 13:20 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-29 04:47 . 2009-10-31 18:08 0 ----a-r- c:\windows\win32k.sys
2009-10-28 12:50 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 12:50 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 17:44 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-16 17:44 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 17:44 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 17:44 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-03 13:02 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 22:45 . 2007-08-25 17:17 -------- d-----w- c:\programdata\McAfee
2009-10-31 22:45 . 2009-05-17 15:54 -------- d-----w- c:\program files\McAfee
2009-10-29 20:48 . 2008-10-24 23:15 1356 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-10-27 02:56 . 2009-05-16 00:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2009-10-26 21:00 . 2009-05-16 00:54 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2009-10-17 08:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-17 08:05 . 2007-08-25 16:52 -------- d-----w- c:\programdata\Microsoft Help
2009-10-17 08:04 . 2007-08-25 16:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-11 13:16 . 2007-12-08 22:09 101856 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-26 03:08 . 2009-09-25 21:41 -------- d-----w- c:\program files\TS
2009-09-26 02:57 . 2009-09-26 02:57 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-09-26 02:57 . 2009-09-26 02:57 -------- d-----w- c:\programdata\Malwarebytes
2009-09-25 21:13 . 2008-04-05 16:01 -------- d-----w- c:\users\Owner\AppData\Roaming\Move Networks
2009-09-22 13:58 . 2009-09-22 13:51 -------- d-----w- c:\users\Owner\AppData\Roaming\HpUpdate
2009-09-22 13:58 . 2009-09-22 13:56 116839 ----a-w- c:\windows\hpqins00.dat
2009-09-16 15:22 . 2009-05-17 15:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-05-17 15:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-05-17 15:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-05-17 15:51 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 03:16 . 2009-03-14 01:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-16 17:45 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-31 13:55 . 2009-10-16 17:45 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-28 12:39 . 2009-09-02 22:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 22:38 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-16 17:45 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-16 17:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-16 17:45 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 14:11 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 14:11 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 14:11 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 14:11 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 14:11 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 14:11 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 14:11 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 14:11 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 14:11 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 14:11 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-16 17:45 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-16 17:45 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
.
------- Sigcheck -------
[-] 1636-09-26 05:08 . 6CD7F13B1F144218B0CBF0FBC8ACC564 . 61952 . . [------] . . c:\windows\System32\cngaudit.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-06-15 1826816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Billminder.lnk - c:\program files\Quicken\billmind.exe [2002-9-20 36864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
Quicken Startup.lnk - c:\program files\Quicken\QWDLLS.EXE [2002-9-20 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 MotorolaDAP;Motorola Digital Audio Player Manager;c:\windows\System32\MotorolaDAP.exe [9/28/2004 12:04 PM 270336]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [3/13/2009 1:04 PM 451072]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\System32\drivers\athru6.sys [7/5/2007 1:57 AM 873472]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622mStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5622Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\56po4uhx.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://www.tvguide.com/Listings/default.aspxFF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\users\Owner\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-TS - c:\program files\TS\tsc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-01 13:34
Windows 6.0.6001 Service Pack 1 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-11-01 13:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 19:35
Pre-Run: 337,786,920,960 bytes free
Post-Run: 337,429,803,008 bytes free
- - End Of File - - DBA4F49946795A3488BD454F2D6A17DA
Thanks for your help so far.