I was able to run combofix in safe mode and then ran Malwarebytes' Anti-Malware in regular mode heres both logs, also i can't seem to connect to the internet now.
ComboFix 12-01-18.04 - Owner 01/18/2012 23:04:05.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.383 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\alot
c:\documents and settings\Owner\Local Settings\Application Data\qkm.exe
c:\documents and settings\Owner\Local Settings\Application Data\wtcryfg.exe
c:\documents and settings\Owner\My Documents\~WRL1438.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\cmman
c:\program files\cmman\hf.txt
c:\program files\cmman\sf.txt
c:\program files\Common Files\fqzu
c:\program files\Common Files\fqzu\fqzua.lck
c:\program files\Common Files\fqzu\fqzud\class-barrel
c:\program files\Common Files\fqzu\fqzuh
c:\program files\Common Files\fqzu\fqzul.lck
c:\program files\Common Files\fqzu\fqzum.lck
c:\program files\Common Files\fqzu\fqzup.lck
c:\program files\UNWISE.EXE
c:\windows\$NtUninstallKB59261$\1088464797\@
c:\windows\$NtUninstallKB59261$\1088464797\bckfg.tmp
c:\windows\$NtUninstallKB59261$\1088464797\cfg.ini
c:\windows\$NtUninstallKB59261$\1088464797\Desktop.ini
c:\windows\$NtUninstallKB59261$\1088464797\keywords
c:\windows\$NtUninstallKB59261$\1088464797\kwrd.dll
c:\windows\$NtUninstallKB59261$\1088464797\L\akygdmgo
c:\windows\$NtUninstallKB59261$\1088464797\lsflt7.ver
c:\windows\$NtUninstallKB59261$\1088464797\U\00000001.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000002.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000000.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000032.@
c:\windows\$NtUninstallKB59261$\2815913818
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~YDKJ4.tmp
c:\windows\desktop
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\OOL80811.ocx
c:\windows\system32\~GLH0003.TMP
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6rcoa4j3.dat
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\inf
c:\windows\system32\inf\hpqps2kb.inf
c:\windows\system32\keep in touch with HP.htm
c:\windows\system32\OLD29A.tmp
c:\windows\system32\ps2.bat
c:\windows\system32\service
c:\windows\system32\service\09092011_TIS17_SfFniAU.log
c:\windows\system32\SET2099.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\setb0.tmp
c:\windows\system32\setb1.tmp
c:\windows\$NtUninstallKB59261$ . . . . Failed to delete
.
c:\windows\system32\drivers\afd.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 20:37 . 2011-12-01 20:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2001-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"S3apphk"="S3apphk.exe" [2002-03-16 28672]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-12-13 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-4-20 69632]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-4-20 16384]
HP OfficeJet Series 500 Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2011-2-7 1175552]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-3-13 40960]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^POWERR~1.EXE]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\POWERR~1.EXE
backup=c:\windows\pss\POWERR~1.EXEStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
2001-12-13 04:59 98304 ----a-w- c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
2001-12-13 04:52 155648 ----a-w- c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10/24/2010 10:38 AM 20328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/18/2009 7:08 PM 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/18/2009 5:53 PM 36432]
S0 dptrlq;dptrlq;c:\windows\system32\drivers\ldnmlqnd.sys --> c:\windows\system32\drivers\ldnmlqnd.sys [?]
S0 uagy;uagy;c:\windows\system32\drivers\flswa.sys --> c:\windows\system32\drivers\flswa.sys [?]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/18/2009 7:09 PM 677128]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/20/2002 9:35 PM 144860]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 19:15]
.
2012-01-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
2012-01-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.ask.com/?o=14196&l=disuDefault_Search_URL =
hxxp://srch-us5.hpwis.com/mSearch Bar =
hxxp://srch-us5.hpwis.com/uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\clnzcqfx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.ask.com?o=14196&l=disFF - prefs.js: keyword.URL -
hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=888A3808-DC5B-4DB4-984D-1D15E3EDF102&apn_ptnrs=FM&apn_sauid=3FD97C11-DA26-42B5-8709-6E11F8FE469B&apn_dtid=TES002YYUS&q=FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar:
toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Add to Amazon Wish List Button:
amznUWL2@amazon.com - %profile%\extensions\amznUWL2@amazon.com
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-ThreadingModel - (no file)
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-01-18 23:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2346936418-2607014498-1974565712-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\S3apphk.exe
c:\progra~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe
c:\program files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-18 23:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 07:59
.
Pre-Run: 34,645,467,136 bytes free
Post-Run: 36,415,332,352 bytes free
.
- - End Of File - - C42D30B26CD69C28D2B690DF68843572
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.orgDatabase version: v2011.12.24.05
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: FAMILY [administrator]
1/19/2012 12:31:00 AM
mbam-log-2012-01-19 (00-31-00).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353451
Time elapsed: 2 hour(s), 50 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)