Trojan.Vundo (might be other stuff as well)

ComboFix 10-02-02.02 - JC 02/02/2010 20:27:02.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1326 [GMT -5:00]
Running from: c:\documents and settings\JC\Desktop\Combo-Fix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\ixesvnvj.job

.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-01-31 21:10 . 2010-01-31 21:10 -------- d-----w- C:\_OTM
2010-01-28 02:58 . 2010-01-28 02:58 -------- d-----w- c:\program files\iPod
2010-01-28 02:58 . 2010-01-28 02:58 -------- d-----w- c:\program files\iTunes
2010-01-28 02:58 . 2010-01-28 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-28 02:54 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-28 02:54 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-28 02:51 . 2010-01-28 02:51 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-28 02:26 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 02:26 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 02:01 . 2010-01-27 02:01 388096 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-27 02:01 . 2010-01-27 02:01 -------- d-----w- c:\program files\TrendMicro
2010-01-12 22:42 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-01 05:11 . 2009-10-18 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 03:06 . 2009-07-18 06:16 -------- d-----w- c:\documents and settings\JC\Application Data\Apple Computer
2010-01-28 02:58 . 2009-07-18 06:14 -------- d-----w- c:\program files\Common Files\Apple
2010-01-28 02:56 . 2009-07-18 06:15 -------- d-----w- c:\program files\QuickTime
2010-01-27 00:51 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-01-27 00:46 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\aolshare
2010-01-27 00:46 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
2010-01-27 00:46 . 2009-07-13 01:56 -------- d-----w- c:\documents and settings\JC\Application Data\AOL
2010-01-27 00:46 . 2006-02-16 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2010-01-16 22:19 . 2009-12-26 01:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-16 22:19 . 2009-12-26 01:52 152576 ----a-w- c:\documents and settings\JC\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-16 22:19 . 2009-12-26 01:51 79488 ----a-w- c:\documents and settings\JC\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 10:00 . 2006-02-15 14:04 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-02-15 14:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-02-15 14:02 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-26 01:53 . 2006-02-16 09:28 -------- d-----w- c:\program files\Java
2009-12-05 18:43 . 2009-12-05 18:43 -------- d-----w- c:\program files\Common Files\Vbox
2009-11-21 15:51 . 2006-02-15 14:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-01-22_23.24.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-03 01:35 . 2010-02-03 01:35 16384 c:\windows\Temp\Perflib_Perfdata_e0c.dat
+ 2010-02-01 22:21 . 2010-02-01 22:21 16384 c:\windows\Temp\Perflib_Perfdata_be0.dat
+ 2010-02-03 01:35 . 2010-02-03 01:35 16384 c:\windows\Temp\Perflib_Perfdata_82c.dat
+ 2010-02-03 01:34 . 2010-02-03 01:34 16384 c:\windows\Temp\Perflib_Perfdata_368.dat
+ 2010-01-28 02:54 . 2009-08-29 00:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2010-01-28 02:54 . 2009-08-29 00:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
- 2009-07-18 06:14 . 2009-07-09 19:16 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-01-28 02:58 . 2009-05-18 19:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-07-18 06:16 . 2009-05-18 19:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
- 2009-07-18 06:16 . 2008-04-17 19:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-07-18 06:16 . 2008-04-17 18:12 107368 c:\windows\system32\GEARAspi.dll
+ 2010-01-28 02:58 . 2008-04-17 18:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2010-01-28 02:54 . 2010-01-28 02:54 796672 c:\windows\Installer\266a24.msi
+ 2010-01-28 02:59 . 2010-01-28 02:59 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
+ 2010-01-28 02:54 . 2009-08-29 00:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2010-01-28 02:54 . 2009-08-29 00:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2010-01-28 02:59 . 2010-01-28 02:59 4454912 c:\windows\Installer\266ff9.msi
+ 2010-01-28 02:56 . 2010-01-28 02:56 9473024 c:\windows\Installer\266cb3.msi
+ 2010-01-28 02:54 . 2010-01-28 02:54 3310592 c:\windows\Installer\266a1f.msi
+ 2010-01-27 02:01 . 2010-01-27 02:01 1093632 c:\windows\Installer\152a6d52.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-10 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-11-09 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-16 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ltmoh\\ltmoh.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\JC\\Desktop\\OTM.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SmcGui.exe"=

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 11:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 11:55 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 11:25 PM 3456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2009 4:00 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 3:55 PM 23888]
.
Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-13 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

2009-07-13 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\fillbma2.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 20:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1304)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(5220)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\TDispVol.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\AGRSMMSG.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-02 20:39:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-03 01:39
ComboFix2.txt 2010-01-30 19:53
ComboFix3.txt 2010-01-22 23:28
ComboFix4.txt 2009-11-30 23:22
ComboFix5.txt 2010-02-03 01:26

Pre-Run: 15,212,789,760 bytes free
Post-Run: 15,177,248,768 bytes free

- - End Of File - - 204918B7B834B2726131963433D9F84C

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

No popups but symantec keeps detecting a couple different viruses - Trojan.Vundo!gen4 (3 found) and Backdoor.Tidserv!inf. I have not yet uninstalled combofix but i ran a full scan with mbam and nothing came up. Any suggestions?

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fc6e8416465c5743be60703ba97ebeac
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-08 11:48:44
# local_time=2010-02-08 06:48:44 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 8833969 8833969 0 0
# compatibility_mode=8192 67108863 100 0 9416523 9416523 0 0
# scanned=92656
# found=17
# cleaned=17
# scan_time=3053
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvafuye.dll.vir a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\vugopifu.dll.vir a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\yobiseha.dll.vir a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP193\A0021154.dll a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0021723.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0021726.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0021727.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0021762.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0022400.dll a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0022401.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0022402.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP195\A0022403.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP196\A0022579.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP203\A0023046.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP203\A0023047.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP203\A0023048.dll a variant of Win32/Kryptik.CBQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTM\MovedFiles\01312010_161055\c_windows\system32\bebupato.dll.tmp a variant of Win32/Kryptik.CBR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Much better thank you.