Security Tool - Is it really gone?

Recently, my computer was infected with Security Tool. I went to your website to find out how to remove it. I downloaded Malwarebytes Anti-Malware, scanned my computer, and removed the threats and/or "malicous items." I ran a second scan to make sure the threats were removed and and it stated that "no malicous items were detected." However, prior to visiting your website and downloading Malwarebytes Anti-Malware, I downloaded Spyware Doctor, per the recommendations of another website. Once downloaded, it stated that there was a fee to have the threats removed. I didn't purchase anything because I wanted to see if there was a free service out there prior to paying for it. That is when I came across your website. Anyway, I scanned my computer using Spyware Doctor and it detected a few "infections." This was after scanning my computer using Malwarebytes Anti-Malware and it saying "no malicous items were detected." Why is there a discrepancy between the two? How do I know for sure Securiy Tool is no longer on my computer? Can you please help?

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Thank you for your assistance! Here's the log...

ComboFix 09-12-01.01 - Karla 12/01/2009 20:01.1.2 - x86
Running from: c:\documents and settings\Karla\desktop\commy.exe
Command switches used :: /stepdel
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeff\Application Data\alot
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\giforakiz.reg
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\uqebyf.bat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\documents and settings\All Users\Application Data\ozicevisam.vbs
c:\documents and settings\All Users\Documents\uxajysi.vbs
c:\documents and settings\Jeff\Local Settings\Temporary Internet Files\obyro._sy
c:\windows\cijib._sy
c:\windows\kb913800.exe
c:\windows\system32\2751681031.dat
c:\windows\system32\bszip.dll
c:\windows\system32\Ijl11.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-11-02 to 2009-12-02 )))))))))))))))))))))))))))))))
.

2009-12-01 01:52 . 2009-12-01 01:52 -------- d-----w- c:\documents and settings\Karla\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-30 21:32 . 2009-11-30 21:32 -------- d-----w- c:\documents and settings\Jeff\Application Data\Malwarebytes
2009-11-30 21:26 . 2009-11-30 21:26 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-11-30 21:26 . 2009-11-30 21:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2009-11-30 20:16 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\Karla\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-30 20:16 . 2009-11-30 20:16 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-30 20:14 . 2009-11-30 20:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-30 20:13 . 2009-11-30 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-30 17:59 . 2009-11-30 17:59 152576 ----a-w- c:\documents and settings\Karla\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-30 17:10 . 2009-11-30 17:10 -------- d-----w- c:\documents and settings\Karla\Application Data\Malwarebytes
2009-11-30 17:09 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-30 17:09 . 2009-11-30 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-30 17:09 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 17:09 . 2009-11-30 17:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-30 12:14 . 2009-11-30 12:14 -------- d-----w- c:\documents and settings\Karla\Local Settings\Application Data\Threat Expert
2009-11-29 23:35 . 2009-11-29 23:35 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\Threat Expert
2009-11-29 23:11 . 2009-10-08 17:31 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-11-29 23:11 . 2009-10-08 17:31 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-11-29 23:11 . 2009-10-08 17:31 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-11-29 23:11 . 2009-10-08 17:31 767952 ----a-w- c:\windows\BDTSupport.dll
2009-11-29 23:11 . 2009-10-02 20:19 1152470 ----a-w- c:\windows\UDB.zip
2009-11-29 23:11 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2009-11-29 22:47 . 2009-09-24 14:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-29 22:46 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-29 22:46 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-29 22:46 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-29 22:46 . 2009-12-02 02:27 -------- d-----w- c:\program files\Spyware Doctor
2009-11-29 22:46 . 2009-11-29 23:12 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-29 22:46 . 2009-11-29 22:46 -------- d-----w- c:\documents and settings\Jeff\Application Data\PC Tools
2009-11-29 22:46 . 2009-11-29 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-11-29 22:45 . 2009-12-02 02:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-29 21:04 . 2009-11-29 21:04 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-24 20:50 . 2009-11-24 20:50 -------- d-sh--w- c:\documents and settings\Karla\IECompatCache
2009-11-22 23:05 . 2009-11-22 23:06 -------- d-----w- c:\program files\QuickTime
2009-11-20 16:54 . 2009-11-30 17:59 79488 ----a-w- c:\documents and settings\Karla\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-20 07:15 . 2009-11-30 09:05 79488 ----a-w- c:\documents and settings\Jeff\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 20:19 . 2006-07-08 04:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-30 18:01 . 2006-06-30 15:31 -------- d-----w- c:\program files\Java
2009-11-24 04:03 . 2006-07-06 22:52 -------- d-----w- c:\program files\Dl_cats
2009-11-22 23:23 . 2009-09-13 17:37 -------- d-----w- c:\program files\iPod
2009-11-22 23:23 . 2008-10-03 19:12 -------- d-----w- c:\program files\iTunes
2009-11-21 00:22 . 2006-07-08 04:23 -------- d-----w- c:\documents and settings\Karla\Application Data\AdobeUM
2009-11-19 19:30 . 2009-06-30 00:10 -------- d-----w- c:\program files\McAfee
2009-10-22 13:50 . 2006-07-07 00:46 76104 -c--a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 18:13 . 2006-07-09 04:11 76104 -c--a-w- c:\documents and settings\Karla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 23:59 . 2005-08-16 09:41 89143 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-11 10:17 . 2009-06-10 18:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-29 18:49 . 2009-07-25 21:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-16 15:22 . 2009-06-30 00:11 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 15:22 . 2009-06-30 00:11 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 15:22 . 2009-06-30 00:11 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 15:22 . 2009-05-14 04:25 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 15:22 . 2009-06-30 00:04 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-13 17:14 . 2009-09-13 17:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.0.70\SetupAdmin.exe
2009-09-11 14:18 . 2005-08-16 09:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-11-08 17:51 . 2008-11-08 17:51 13853 -c--a-w- c:\program files\Common Files\awyloqup._sy
2008-11-08 17:51 . 2008-11-08 17:51 12052 -c--a-w- c:\program files\Common Files\vyrepiwud.lib
2006-08-07 02:55 . 2006-08-07 02:55 251 -c--a-w- c:\program files\wt3d.ini
2009-03-02 21:42 . 2006-12-14 01:10 88 -csh--r- c:\windows\system32\9A2DE05CD7.sys
2009-03-02 21:42 . 2006-12-14 01:10 4182 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay" [X]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-28 655360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-14 29744]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"zMouHk"="mMouHk.exe" - c:\windows\mMouHk.exe [2005-10-28 329216]
"Showwnd"="showwnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864]
"ledpointer"="CNYHKey.exe" - c:\windows\CNYHKey.exe [2005-09-30 5585408]
"CHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2004-12-08 550912]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-30 24576]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-7 180224]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\Program Files\\Palm\\QuickInstall.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Palm\\VMailWiz3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [5/28/2008 8:32 AM 61688]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/29/2009 4:46 PM 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/29/2009 5:11 PM 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/29/2009 6:14 PM 210216]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/29/2009 5:10 PM 358600]
S2 McAfeeLmHosts;McAfee SiteAdvisor Service McAfeeLmHosts;c:\windows\system32\adsldpu.exe srv --> c:\windows\system32\adsldpu.exe srv [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/30/2006 9:56 AM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-11-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-06-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-30 17:22]

2009-12-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-30 17:22]

2009-12-02 c:\windows\Tasks\User_Feed_Synchronization-{3538BF7F-F25F-48F2-B71A-A48FAB518D05}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Karla\Local Settings\Temporary Internet Files\Content.IE5\FBJW6HEO\HijackThis.exe
AddRemove-LyricsSeeker plugins - c:\program files\LyricsSeeker\uninst.exe
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 20:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-594733795-137160479-323698647-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b6,8e,ed,1d,fb,e9,29,19,d9,8b,3f,b9,86,93,5a,e7,35,34,3b,04,85,8b,03,
3e,67,83,e8,84,1d,e8,7c,a5,46,31,e1,62,9f,b8,d5,8d,1f,cd,e2,31,41,56,1c,e0,\
"??"=hex:47,56,a9,dc,ab,3c,fe,05,fb,2b,d4,e0,94,1b,0d,56
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5776)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\docume~1\Karla\LOCALS~1\Temp\IadHide5.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\dlcccoms.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-12-01 20:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-02 02:45

Pre-Run: 43,704,590,336 bytes free
Post-Run: 43,817,807,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 2D07D8DA535484871BC3A7EFB0EE1066

Please use Internet Explorer and run a BitDefender Online scan

• Please check I agree with the Terms and Conditions and click Start Here
  
• You will need to allow an Active X install for the scan to run.
  
• Leave the scanning options at default and click Start Scan
  

Please post the results in your next reply.

Here you go...

BitDefender Online Scanner

Scan report generated at: Wed, Dec 02, 2009 - 00:55:21

Scan path: C:\;D:\;E:\;

Statistics

Time
02:32:14

Files
505343

Folders
13877

Boot Sectors
0

Archives
6221

Packed Files
27124


Results

Identified Viruses
2

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3


Engines Info

Virus Definitions
4675521

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe
Infected with: Trojan.Generic.IS.539024

C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP841\A0169659.dll
Infected with: Trojan.Vundo.GNA

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP841\A0169659.dll
Deleted

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP846\A0170142.exe
Infected with: Trojan.Generic.IS.539024

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP846\A0170142.exe
Deleted

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Is this good news? Here you go?

Malwarebytes' Anti-Malware 1.41
Database version: 3279
Windows 5.1.2600 Service Pack 3

12/2/2009 1:34:39 PM
mbam-log-2009-12-02 (13-34-39).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 243297
Time elapsed: 1 hour(s), 53 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also, please let me know how your computer is running.

My computer is running at normal speed. Here's the results...


Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee SecurityCenter
McAfee Anti-Theft
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
Java(TM) 6 Update 17
Java 2 Runtime Environment, SE v1.4.2_03
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Thank you so very much for your assistance! You have been wonderful. I appreciate your advice in your last post as well.

You had me download several things. Should I keep "Malwarebytes Anti-malware" and "Security Check" on my computer? Is there a need to keep all the logs I saved as well?

I'm curious how "Security Tool" infected me? Did it come from a site I visited? In addition, I have McAfee, is it immune to it? I'm just curious how it happened to me.

Keep Malwarebytes' Anti-Malware, as it can be used from time to time on your own to scan and check your computer for infection.

You may delete Security Check.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /u

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

==

Security Tool is installed on your computer, usually by Trojans. Once the program is installed, rogues display fake security alerts stating that your computer is infected or is under a risk. It urges you to purchase its software in order to protect yourself. If you click on one of these alerts, you will then be brought to the website of the program, where you will be prompted to purchase the software.

It usually infects your computer in multiple places where some antivirus software cannot find. So it takes much better tools, like ComboFix, to seek out and find those bad files and corruptions made by this Security Tool rogue.

McAfee should be able to keep up, but as always, I recommend a much better choice. Would you like to know about better choices for an antivirus software?

Yes, I would definitely like to know about better choices for antivirus software. I always thought McAfee was one of the best.

Is there any way to know what site I visited that caused me to be infected by System Tool?

What about the logs I saved on my computer? Do I need to keep them? Or, will uninstalling ComboFix remove them?

You may delete the logs.

It is hard to tell what specific site you had gotten the infection from. All I can say is, is to follow the recommendations I have given above, and you are bound to have a clean computer, always, in the future.

Optionally, if you would like to be protected from bad websites, download and install Web of Trust: http://www.mywot.com - which is a browser add-on that gives you warnings about bad websites.

If you need help configuring WOT, please let me know.

==

If you would like to get rid of McAfee:
Please download and run MCPR.exe

1. Download the removal tool from: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe
   
2. Click Save and save the file to a folder on your computer.
   
3. Navigate to the folder where the file was saved.
   
4. Make sure all McAfee windows are closed.
   
5. Double-click MCPR.exe to run the removal tool.
   
6. Restart your computer after receiving the message CleanUp Successful.
   Your McAfee product will not be fully removed until the system is restarted.
   

==

All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG.

So, if these antivirus software options are free and much better, why do people, such as myself, purchase software like McAfee Security Center? Is it that I'm, as well as others, just unaware and uneducated on all the free services that are available? This past summer, I purchased McAfee for two years. I'm beginning to think I'm a computer idiot.

I tried to uninstall CombFix and when I typed "ComboFix /u" (space and all) a box came up that said "Windows cannot find ComboFix. Make sure you typed the name correctly..." Why did this happen? I have xp.

Try combofix /uninstall in the Run box, instead. If that does not work, then go ahead and right-click on ComboFix and click Delete.

Like I said, McAfee should be able to keep up, but there are better choices that are much more powerful - that you do not even need to pay for. McAfee charges too much for a software that should be free.

All three, AVG - Avira - Avast, are very strong virus removers and prevention tools. For the beginner computer user, AVG is the best choice.

combofix /uninstall didn't work. The same box came up as when I typed ComboFix /u.

You said to right click it. Should this be done from the desktop icon. I don't have anything that says ComboFix on my desktop. Is ComboFix also Security Check? I do have a Security Check icon on my desktop.

Yes, please delete Security Check. If you cannot find ComboFix, no big deal.

By right clicking and hitting delete, it completely removes it from my computer? That's it?

Yes. It is not installed on the system. It works by itself.