Virus disabled antivirus, antimalware, and system restore

Hello,
I got a virus I believe it was System Security 2009. I immediately ran Malwarebytes and erased everything it found. Now my computer does not run Malwarebytes or McAfee which I had previously on my computer. I click on them and nothing happens. My computer also will not download any antivirus software from the internet as I tried to redownload Malwarebytes. System Restore also did not work when clicked on. Through advice I found I renamed System Volume Information as I had been told that would allow System Restore to work. Now there are no system restore checkpoints anymore like they were erased. I am not very good with computers and I appreciate you help in advance.

I have Windows XP

Welcome to GeekPolice.

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a Tech Staff member, administrator, or moderator. Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.

As this topic is for you only, I just need to issue a warning to outside readers:
Warning: Instructions issued in this topic are for this user only. We are not responsible for damages, so if you need help; please register for this site, and start a new topic requesting help.

---

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I successfully downloaded combofix but I cannot find a way to disable McAfee Virus Scan. It is no longer in the taskbar in the lower right hand corner (it used to be there before the virus infected my computer) and when I use the Start button in the lower left hand corner and click on McAfee Security Center nothing happens. I tried to run combofix thinking McAfee was disabled and ComboFix said it detected McAfee Virus Scan active and I should disable it before continueing. I read the guide of how to disable McAfee and did not find any info that helped.
Please advise on what I should do and again thank you for your help and patience.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try the downloaded ComboFix again.

I rebooted in safe mode and ComboFix still detected McAfee Virus Scan and I am still unable to disable the Virus Scan. So I have not run ComboFix yet.
Should I try to just unistall McAfee via START/CONTROL PANEL/ ADD OR REMOVE PROGRAMS and then try and run ComboFix?

Yes, go ahead.

ComboFix 09-12-30.01 - Todd Eskra 12/30/2009 21:36:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1622 [GMT -8:00]
Running from: c:\documents and settings\Todd Eskra\Desktop\commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\igemaq.vbs
c:\documents and settings\All Users\Application Data\igofamocut.inf
c:\documents and settings\All Users\Documents\xurucilefe.reg
c:\documents and settings\Allenda R\Application Data\obuk.bat
c:\documents and settings\Allenda R\Cookies\ucafakybuk.dl
c:\documents and settings\Allenda R\Local Settings\Application Data\dytyro.reg
c:\documents and settings\Allenda R\Local Settings\Application Data\yjazynot.inf
c:\documents and settings\Allenda R\Local Settings\Temporary Internet Files\qekikoziqy.lib
c:\documents and settings\Allenda R\Local Settings\Temporary Internet Files\ufupej.pif
c:\documents and settings\Todd Eskra\Cookies\umucalyna.bin
c:\documents and settings\Todd Eskra\Local Settings\Application Data\bojusopyte.inf
c:\documents and settings\Todd Eskra\Local Settings\Application Data\obakuru.bat
c:\documents and settings\Todd Eskra\Local Settings\Temporary Internet Files\alawifyhi._sy
c:\documents and settings\Todd Eskra\Local Settings\Temporary Internet Files\jabomives.vbs
c:\documents and settings\Todd Eskra\Local Settings\Temporary Internet Files\ovanu.bin
c:\windows\akuwy.exe
c:\windows\aqosoh.vbs
c:\windows\arizybop.reg
c:\windows\axadufet.inf
c:\windows\axypom._sy
c:\windows\baxytat.vbs
c:\windows\cytytu.vbs
c:\windows\ecadeput.dll
c:\windows\ehim.exe
c:\windows\eqamukile.reg
c:\windows\inijetup.reg
c:\windows\locetimoky.bat
c:\windows\regeripi.scr
c:\windows\roporiv._sy
c:\windows\system32\drivers\H8SRTjnodoyqjwm.sys
c:\windows\system32\eqyryh.reg
c:\windows\system32\H8SRTixuwylllqt.dll
c:\windows\system32\H8SRTlrdvvmpwey.dll
c:\windows\system32\H8SRToqbivekmup.dat
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat
c:\windows\system32\ygyd.vbs
c:\windows\uheliqe.exe
c:\windows\wafufur.bat
c:\windows\wazuk.inf
c:\windows\ytomu.vbs
c:\windows\zesuzehof.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-31 04:02 . 2009-12-31 04:06 -------- d-----w- C:\commy
2009-12-30 02:46 . 2009-12-30 02:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-29 00:40 . 2009-12-29 00:43 -------- d-sh--w- C:\System Volume Information3
2009-12-28 02:12 . 2009-12-28 02:12 -------- d-sh--w- c:\documents and settings\Todd.ESKRA\PrivacIE
2009-12-28 02:12 . 2009-12-28 02:12 -------- d-----w- c:\documents and settings\Todd.ESKRA\Local Settings\Application Data\Apple Computer
2009-12-28 02:12 . 2009-12-28 02:12 -------- d-----w- c:\documents and settings\Todd.ESKRA\Local Settings\Application Data\SupportSoft
2009-12-28 02:12 . 2009-12-28 02:12 -------- d-sh--w- c:\documents and settings\Todd.ESKRA\IETldCache
2009-12-28 01:28 . 2009-12-28 01:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-27 05:03 . 2009-12-27 05:03 -------- d-----w- c:\documents and settings\Todd Eskra\Local Settings\Application Data\cwosgg
2009-12-26 03:46 . 2009-12-26 03:46 -------- d-----w- c:\documents and settings\Todd Eskra\Local Settings\Application Data\uapomv
2009-12-24 23:39 . 2009-12-24 23:39 -------- d-----w- c:\documents and settings\Todd Eskra\Local Settings\Application Data\xsojsm
2009-12-20 21:22 . 2009-12-20 21:22 -------- d-----w- c:\documents and settings\Todd Eskra\Local Settings\Application Data\ufijfk
2009-12-15 01:03 . 2009-12-15 01:03 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-15 00:55 . 2009-12-15 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-13 22:21 . 2009-12-13 22:21 -------- d-----w- c:\documents and settings\Todd\Application Data\HPAppData
2009-12-12 20:18 . 2009-12-12 20:31 23122 ----a-w- c:\windows\hpqins15.dat
2009-12-12 19:51 . 2009-12-12 19:54 -------- d-----w- c:\documents and settings\Todd\Application Data\HpUpdate
2009-12-12 07:26 . 2009-12-12 07:26 -------- d-----w- c:\documents and settings\Todd\PrivacIE
2009-12-12 07:26 . 2009-12-12 07:26 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Apple Computer
2009-12-12 07:26 . 2009-12-12 07:26 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\SupportSoft
2009-12-12 00:49 . 2009-12-12 00:49 -------- d-----w- c:\documents and settings\Todd Eskra\Application Data\MSNInstaller
2009-12-05 22:44 . 2009-12-05 22:46 77352 ----a-w- c:\windows\hpqins05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 05:35 . 2008-08-22 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-31 03:57 . 2008-08-22 22:38 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-31 03:57 . 2008-08-22 22:38 -------- d-----w- c:\program files\McAfee
2009-12-30 02:44 . 2009-12-28 02:55 39152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-29 01:21 . 2009-09-29 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-28 02:12 . 2009-12-28 02:11 39152 ----a-w- c:\documents and settings\Todd.ESKRA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 02:06 . 2008-08-22 23:15 39152 ----a-w- c:\documents and settings\Allenda Eskra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-23 05:45 . 2009-09-17 02:23 36268 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-23 00:43 . 2009-09-17 01:30 -------- d-----w- c:\documents and settings\Allenda R\Application Data\HpUpdate
2009-12-15 02:10 . 2009-05-09 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-15 02:06 . 2009-12-15 02:06 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-15 01:16 . 2009-09-03 07:27 -------- d-----w- c:\documents and settings\Todd Eskra\Application Data\HpUpdate
2009-12-15 00:55 . 2009-05-01 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-13 20:52 . 2009-05-01 15:20 -------- d-----w- c:\documents and settings\Allenda R\Application Data\HPAppData
2009-12-13 20:41 . 2009-05-01 01:59 -------- d-----w- c:\documents and settings\Todd Eskra\Application Data\HPAppData
2009-12-13 03:35 . 2009-01-28 00:57 11244 ----a-w- c:\documents and settings\Allenda R\Application Data\wklnhst.dat
2009-12-12 07:26 . 2009-12-12 07:25 39152 ----a-w- c:\documents and settings\Todd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-07 00:24 . 2009-01-28 00:55 39152 ----a-w- c:\documents and settings\Allenda R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-05 23:49 . 2008-08-22 22:09 39152 ----a-w- c:\documents and settings\Todd Eskra\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 00:14 . 2009-09-29 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13 . 2009-09-29 22:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 15:30 . 2009-09-29 22:49 0 ----a-w- c:\windows\Shakuburuyaxub.bin
2009-12-01 15:30 . 2009-09-29 22:49 120 ----a-w- c:\windows\Yxohuqavefogut.dat
2009-10-29 23:37 . 2009-10-29 23:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 17:51 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 17:51 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 21:18 . 2009-10-16 21:17 126970 ----a-w- c:\documents and settings\Todd Eskra\Application Data\Move Networks\uninstall.exe
2009-10-16 21:18 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Todd Eskra\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-10-13 10:30 . 2004-08-10 17:51 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-10 17:51 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-10 17:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 21:13 . 2008-08-22 22:11 1720 ----a-w- c:\documents and settings\Todd Eskra\Application Data\wklnhst.dat
2009-09-28 22:36 . 2009-09-28 22:36 13047 ----a-w- c:\program files\Common Files\qotati._dl
2009-09-28 16:46 . 2009-09-28 16:46 17251 ----a-w- c:\program files\Common Files\vijego.sys
2009-09-28 16:46 . 2009-09-28 16:46 15215 ----a-w- c:\program files\Common Files\polumaci.exe
2009-09-28 16:46 . 2009-09-28 16:46 16631 ----a-w- c:\program files\Common Files\pynahug._sy
2009-09-28 16:45 . 2009-09-28 16:45 17604 ----a-w- c:\program files\Common Files\uwore.exe
2009-09-28 16:26 . 2009-09-28 16:26 18052 ----a-w- c:\program files\Common Files\ykiwopi.lib
2009-09-28 16:26 . 2009-09-28 16:26 15435 ----a-w- c:\program files\Common Files\corenib.bin
2009-09-28 16:20 . 2009-09-28 16:20 12354 ----a-w- c:\program files\Common Files\yduxyvibyw.scr
2009-09-28 16:20 . 2009-09-28 16:20 11718 ----a-w- c:\program files\Common Files\hajis.lib
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-07 8466432]
"nwiz"="nwiz.exe" [2008-04-07 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-07 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16859648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-22 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HostManager"="c:\program files\Common Files\AOL\1208827316\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Todd Eskra\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-10-10 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1208827316\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080422
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 21:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-765718398-3582225506-1518988564-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\progra~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-12-30 21:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 05:51

Pre-Run: 130,984,214,528 bytes free
Post-Run: 132,317,405,184 bytes free

- - End Of File - - 530C164DBB3EC3BF399F64C2639663B0

ComboFix also detected RootKits and instructed me to write them down here they are in case you need them also

C:WINDOWS\system32\drivers\H8SRTjnodoyqjwm.sys
C:WINDOWS\system32\H8SRTixuwylllqt.dll
C:WINDOWS\system32\H8SRToqbivekmup.dat
C:WINDOWS\system32\H8SRTlrdvvmpwey.dll

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.43
Database version: 3465
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/31/2009 5:32:38 PM
mbam-log-2009-12-31 (17-32-38).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 229486
Time elapsed: 27 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTixuwylllqt.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTlrdvvmpwey.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTjnodoyqjwm.sys.vir (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000002.sys (Malware.Packer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000003.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000004.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-01 21:27:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\TODDES~1\LOCALS~1\Temp\uxtdapog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D15380, 0x300577, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLHOS~1.EXE[216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [10007D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\PROGRA~1\COMMON~1\AOL\120882~1\EE\AOLServiceHost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10007CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00997D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[984] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00997CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00AF7CD1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[1828] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [00AF7D24] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics Resources/America Online, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat B334FD20

---- EOF - GMER 1.0.15 ----

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Please delete the following files:

=> C:\WINDOWS\aveh.com
=> C:\WINDOWS\bilafiqep.pif
=> C:\WINDOWS\ceharucyn.com
=> C:\WINDOWS\honihok.sys
=> C:\WINDOWS\setpwr32.exe
=> C:\WINDOWS\yjefyvori.com
=> C:\WINDOWS\system32\ajisoqer.dll
=> C:\WINDOWS\system32\qona.dll

==

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

Cheetah Anti-Rogue v1.0.14
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Sun 01/03/2010 19:15:29.37


-- Known infection --



If objects found, full virus scan or anti-malware scan necessary


EOF

Good.

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
``````````````````````````````
Anti-malware/Other Utilities Check:
AOL Spyware Protection
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

I do not have anymore questions. I plan on getting the security of my computer back up as soon as possible and I will give feedback and donate to this wonderful site as soon as I can. I really cant thank you enough and you have gained an avid follower of this site. I am going to change my name though as I am rather embarrassed by the "genericness" of it. Thank you again for all the help I really can't say that enough.

You are welcome.