I was able to get a ComboFix log once I removed the LAN proxy from IE. Here is the log...
ComboFix 10-02-27.04 - ************* 02/28/2010 14:14:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.334 [GMT -8:00]
Running from: c:\documents and settings\************\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.WINDOWS\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users.WINDOWS\Application Data\h8srtmainqt.dll
c:\documents and settings\All Users.WINDOWS\Application Data\sysReserve.ini
c:\documents and settings\************\Local Settings\Application Data\metydk
c:\documents and settings\************\Local Settings\Application Data\metydk\bnicsftav.exe
c:\documents and settings\************\Local Settings\Application Data\MSASCui.exe
c:\documents and settings\************\Local Settings\Application Data\mtg.exe
c:\recycler\S-1-5-21-2812339144-1885496373-139784179-1007
c:\windows\Downloaded Program Files\WebP2PInstaller.dll
c:\windows\Fonts\acrsec.fon
c:\windows\regedit.com
c:\windows\system32\azip32.dll
c:\windows\system32\drivers\H8SRTwswulkrjko.sys
c:\windows\system32\dzgtactx.dll
c:\windows\system32\H8SRTbnrfmxwbdm.dll
c:\windows\system32\H8SRTedxvrsbrxd.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRTmufycpqwrq.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTuvqetygmlc.dll
c:\windows\system32\H8SRTxehbbeeybc.dat
c:\windows\system32\P2P Networking v126.cpl
c:\windows\system32\Thumbs.db
c:\windows\Tasks\qlejbexg.job
c:\windows\Tasks\shzahzjb.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.
2010-02-28 21:21 . 2010-02-28 21:22 -------- dc-h--w- c:\windows\ie8
2010-02-28 17:08 . 2010-02-28 17:08 -------- d-----w- c:\program files\ESET
2010-02-28 16:51 . 2010-02-28 16:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-05 04:04 . 2010-02-05 04:04 -------- d-----w- c:\documents and settings\************\myapimage
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 02:01 . 2009-08-08 15:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-23 03:39 . 2010-01-23 19:06 53432 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-18 04:11 . 2005-03-29 01:30 61984 ----a-w- c:\documents and settings\************\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 03:58 . 2010-01-27 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 03:19 . 2004-05-06 04:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-27 02:47 . 2006-01-21 02:19 -------- d-----w- c:\program files\Norton AntiVirus
2010-01-27 02:45 . 2006-01-21 02:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-01-24 20:44 . 2005-03-27 21:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-20 02:38 . 2010-01-20 02:38 2388432 ----a-w- C:\MGtools.exe
2010-01-11 01:29 . 2010-01-11 01:29 -------- d-----w- c:\program files\CCleaner
2010-01-10 21:17 . 2008-12-01 15:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-10 21:12 . 2004-05-06 04:48 -------- d-----w- c:\program files\Java
2010-01-10 20:54 . 2010-01-10 19:04 -------- d-----w- c:\documents and settings\************\Application Data\Uniblue
2010-01-10 20:54 . 2010-01-10 19:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DriverScanner
2010-01-10 20:51 . 2005-04-21 00:47 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2010-01-09 02:08 . 2008-12-23 23:36 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-09 02:08 . 2008-12-23 23:36 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Roxio
2010-01-09 02:00 . 2006-04-29 00:12 -------- d-----w- c:\program files\PartyGaming.net
2010-01-08 00:07 . 2010-01-21 05:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2010-01-27 03:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-04-29 23:45 . 2007-04-29 16:45 80 --sh--r- c:\windows\SYSTEM32\0E69A3E8DA.dll
2006-05-12 04:16 . 2006-05-12 04:14 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-01-21 100056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 23:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\QuickTime\\PictureViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\SYSTEM32\DRIVERS\SSLDrv.sys [6/8/2007 3:02 PM 20504]
.
Contents of the 'Scheduled Tasks' folder
2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar =
hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.htmluInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all by Net Transport - c:\program files\Xi\NetTransport 2\NTAddList.html
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {666E4D35-E955-11D0-A707-000000521958} - hxxp://ads.dropspam.com/landing/aaf/upgrade.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn1.rmkr.com/NELX.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn1.rmkr.com/MLWebCacheCleaner.cab
FF - ProfilePath - c:\documents and settings\************\Application Data\Mozilla\Firefox\Profiles\tjf6j1sp.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\************\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\************\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npNELaunch.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-bqefgcjh - c:\documents and settings\************\Local Settings\Application Data\metydk\bnicsftav.exe
HKLM-Run-bqefgcjh - c:\documents and settings\************\Local Settings\Application Data\metydk\bnicsftav.exe
SharedTaskScheduler-{662ccfb0-050a-42e3-847f-37164fd2c131} - (no file)
SharedTaskScheduler-{26c6dfbd-a2f6-46f7-9b28-7d772ebfd152} - (no file)
SSODL-vadudobej-{662ccfb0-050a-42e3-847f-37164fd2c131} - (no file)
SSODL-kazegobiv-{26c6dfbd-a2f6-46f7-9b28-7d772ebfd152} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 14:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
.
**************************************************************************
.
Completion time: 2010-02-28 14:40:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 22:40
Pre-Run: 27,809,169,408 bytes free
Post-Run: 27,725,651,968 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - CE0AB957423B11822CC5687824068D37