"Invisible" ads playing with no windows open.

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fcxzyql]

Driver::
lrfpcwxs

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

ComboFix 11-04-11.01 - Owner 04/11/2011 16:13:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1752 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: F:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 128 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_lrfpcwxs
.
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))))))))))))))))))))))))))
.
.
2011-04-11 20:23 . 2011-04-12 04:37 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-04-11 20:23 . 2011-04-11 20:23 -------- d-----w- c:\users\Walter\AppData\Local\temp
2011-04-11 20:23 . 2011-04-11 20:23 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-11 20:23 . 2011-04-11 20:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-11 01:00 . 2011-03-23 14:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C40E23C-8857-42BA-80D6-252E8C6B41B6}\mpengine.dll
2011-04-11 00:40 . 2011-04-11 00:40 -------- d-----w- c:\windows\system32\%APPDATA%
2011-04-08 03:06 . 2011-03-23 14:11 6792528 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-07 17:16 . 2011-04-07 17:16 -------- d-----w- c:\users\Owner\AppData\Roaming\Uniblue
2011-04-07 17:16 . 2011-04-07 17:16 -------- dc----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-07 17:16 . 2011-04-07 17:16 -------- d-----w- c:\program files\Uniblue
2011-04-07 17:15 . 2011-04-07 17:15 -------- d-----w- c:\users\Owner\AppData\Local\PackageAware
2011-04-07 02:22 . 2011-04-07 02:22 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-04-07 02:21 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-07 02:21 . 2011-04-07 02:21 -------- d-----w- c:\programdata\Malwarebytes
2011-04-07 02:21 . 2011-04-09 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-07 01:28 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0C26C52-F4AE-4787-B3D5-C27C462AD712}\gapaengine.dll
2011-04-07 01:26 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-07 00:41 . 2011-04-07 00:44 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-07 00:37 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-04-07 00:32 . 2011-04-07 01:03 -------- d-----w- C:\6c83d92bdc1780e8d2b52641e0
2011-04-07 00:28 . 2011-04-07 00:28 -------- d-----w- c:\windows\system32\MpEngineStore
2011-04-06 18:56 . 2011-04-07 01:33 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-04-06 01:02 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E12EF42-5F35-412A-A985-BCFD32FE6D9F}\mpengine.dll
2011-03-22 22:55 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 22:55 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 22:55 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-21 23:35 . 2011-03-21 23:48 -------- d-----w- c:\users\Owner\.tmp-resize-dir
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 23:16 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-28 21:44 . 2011-02-28 21:44 8768200 ----a-w- c:\program files\Common Files\lpuninstall.exe
2011-02-03 01:40 . 2010-05-11 22:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-20 16:37 . 2011-02-09 03:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 03:07 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 03:07 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 03:07 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 03:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 03:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 03:07 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 03:07 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 03:07 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 03:07 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 03:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 03:07 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 03:07 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 03:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 03:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 03:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 03:07 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 03:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 03:07 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 03:07 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 03:07 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 03:07 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 03:07 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 03:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 03:07 683008 ----a-w- c:\windows\system32\d2d1.dll
2010-03-11 04:01 . 2010-03-11 04:01 124272 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-11 04:40 . 2010-03-11 04:40 13168 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-11 04:02 . 2010-03-11 04:02 70512 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-11 04:01 . 2010-03-11 04:01 91504 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-11 04:01 . 2010-03-11 04:01 22384 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-11 04:00 . 2010-03-11 04:00 255344 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-11 04:01 . 2010-03-11 04:01 31088 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-11 04:01 . 2010-03-11 04:01 40304 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-05 17:49 . 2009-10-05 17:49 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-11 04:02 . 2010-03-11 04:02 23920 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-12 202256]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" [2010-08-09 286720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A]
.
c:\users\Walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-28 8768200]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-2-28 8768200]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 22:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-03-14 15:31 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 135664]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-08-17 102448]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-08-20 482432]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101015.003\IDSvix86.sys [2010-10-13 353840]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-10-20 196928]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 05:40]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 05:40]
.
2011-03-22 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2011-04-12 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
2011-02-27 c:\windows\Tasks\User_Feed_Synchronization-{203101EE-ACBC-4414-A64F-3A8472B7AA0C}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: csgweb.com\webapps
Trusted Zone: google.com
Trusted Zone: google.com\mail
Trusted Zone: hostedcc.com
Trusted Zone: microsoft.com\office
Trusted Zone: phoenix.edu\ecampus
Trusted Zone: valuemags.com
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wkkqlrp1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?G=1
FF - prefs.js: keyword.URL - hxxp://utils.babylon.com/abt/index.php?url=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Dictionary.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 00:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-300283812-549489910-1987781108-1000\Software\SecuROM\License information*]
"datasecu"=hex:49,88,5e,3d,41,30,d0,e6,9c,79,b7,bf,59,0c,ca,d3,25,ea,d6,01,fc,
34,e0,28,41,ff,a0,73,06,33,a2,61,8b,73,a4,e9,c5,8d,26,b8,a3,85,e8,77,90,14,\
"rkeysecu"=hex:bc,b6,40,ec,fd,bb,1e,cc,2b,05,07,03,f8,8e,da,7f
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2011-04-12 00:43:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-12 04:43
ComboFix2.txt 2011-04-11 01:31
.
Pre-Run: 185,082,331,136 bytes free
Post-Run: 184,674,267,136 bytes free
.
- - End Of File - - C08518BD85B04FCBD7F586C612E161FD

Hello.

You are running two antivirus', I see from the uninstall list you have Norton/Symantec installed, along with MSE. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Norton to avoid conflict and other future problems.

Completely Uninstall Norton software using:

• SymNRT.exe
  

Instructions

1. Please download and save SymNRT.exe to your desktop.
   
2. Close all programs and double click on the tool.
   
3. Follow the on-screen instructions.
   
4. Restart the computer if asked.
   
5. Then delete the SymNRT.exe tool from your desktop.
   
6. Open the Program Files folder on your local disk ( normally C: )
   
7. Find and delete the following folders (if present):
   
   
   
   • Norton AntiVirus
     
   • Norton Internet Security
     
   • Norton SystemWorks
     
   • Norton Personal Firewall
     

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Your directions didn't indicate whether or not to post the log here but here it is anyway:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Hello.

• Click Start >> Control Panel.
  
• Under the Programs click Uninstall a Program
  
• Highlight the following:
  
  Adobe Reader 9
  Ask Toolbar
  Java(TM) 6 Update 7
  
  
• Click on the Uninstall/Change button at the top.
  

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 24.
  
• Click the "Download JRE" button to the right.
  
• In the Window that opens, select your platform, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.
  

Then download and install Adobe Reader X

How is the machine running now?

I was successful in removing Adobe Reader 9, however I came into a couple other issues.

1-I don't have the Ask Toolbar in my Programs and Features, so how do I uninstall it?
2-I don't know which Java 6 Update to uninstall as I have two versions: 7 & 24.

If Ask isn't there, skip that.

Remove update 7, leave 24 there.

THANK YOU SO MUCH!! Did I yell that loud enough? I don't hear any ads and my Start Menu Programs are back! Still no faves but I can just re-add them, no biggie. I can't thank you enough, so I'm going to show my appreciation by making a donation!

Hello.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  
• Google Chrome is available here: Google Chrome
  
• SRWare Iron is available here: SRWare Iron