Trojan.ZlobG

Keep getting a message from Windows firewall saying I'm suffering from Trojan.Zlob.G and then it gives me a link to download some fake malware removal. Also when I try to open a web page i see "Insecure internet security. Threat of Virus Attack" I've read the posts and see that others are suffering from similar problems. I've noticed the virus name changes for some people though. Please help me

Here is my combofix log:

ComboFix 08-12-09.03 - stepahnie 2008-12-10 21:00:27.1 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.0.1252.1.1033.18.361 [GMT -5:00]
Running from: c:\users\stepahnie\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\stepahnie\AppData\Roaming\inst.exe
c:\windows\system32\MabryObj.dll
c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-11-11 to 2008-12-11 )))))))))))))))))))))))))))))))
.

2008-12-10 02:52 . 2008-06-22 20:59 2,868,736 --a--c--- c:\windows\System32\mf.dll
2008-12-10 02:52 . 2008-06-22 20:59 996,352 --a--c--- c:\windows\System32\WMNetMgr.dll
2008-12-10 02:52 . 2008-06-22 20:58 94,720 --a--c--- c:\windows\System32\logagent.exe
2008-12-10 02:37 . 2008-10-21 00:25 296,960 --a--c--- c:\windows\System32\gdi32.dll
2008-12-10 02:35 . 2008-10-29 01:29 2,927,104 --a--c--- c:\windows\explorer.exe
2008-12-10 01:39 . 2008-12-10 20:41 d----c--- c:\program files\Panda Security
2008-12-09 03:58 . 2008-12-09 03:58 d----c--- c:\program files\Common Files\Wise Installation Wizard
2008-12-08 20:05 . 2008-12-08 20:05 d----c--- c:\users\All Users\WindowsSearch
2008-12-08 20:05 . 2008-12-08 20:05 d----c--- c:\programdata\WindowsSearch
2008-12-08 19:29 . 2008-12-08 19:29 d--h-c--- c:\windows\PIF
2008-12-08 19:19 . 2008-12-08 19:19 109,744 --a--c--- c:\windows\System32\drivers\SYMEVENT.SYS
2008-12-08 19:19 . 2008-12-08 19:19 8,014 --a--c--- c:\windows\System32\drivers\SYMEVENT.CAT
2008-12-08 19:19 . 2008-12-08 19:19 805 --a--c--- c:\windows\System32\drivers\SYMEVENT.INF
2008-12-08 19:18 . 2008-12-08 19:18 d----c--- c:\program files\Symantec AntiVirus
2008-12-08 04:01 . 2008-12-08 04:01 d----c--- c:\users\stepahnie\AppData\Roaming\Malwarebytes
2008-12-08 04:01 . 2008-12-08 04:01 d----c--- c:\users\All Users\Malwarebytes
2008-12-08 04:01 . 2008-12-08 04:01 d----c--- c:\programdata\Malwarebytes
2008-12-08 04:01 . 2008-12-08 04:01 d----c--- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 04:01 . 2008-12-03 19:53 38,496 --a--c--- c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-08 04:01 . 2008-12-03 19:53 15,504 --a--c--- c:\windows\System32\drivers\mbam.sys
2008-12-08 02:43 . 2008-02-22 23:38 170,496 --a--c--- c:\windows\System32\tcpipcfg.dll
2008-12-08 02:43 . 2008-02-22 21:41 22,528 --a--c--- c:\windows\System32\netiougc.exe
2008-12-08 02:42 . 2008-12-08 02:42 d----c--- c:\program files\Zone Labs
2008-12-08 02:42 . 2008-08-21 20:41 1,221,008 --a--c--- c:\windows\System32\zpeng25.dll
2008-12-08 02:40 . 2008-12-08 02:42 d----c--- c:\windows\System32\ZoneLabs
2008-12-08 02:40 . 2008-12-10 19:05 348,371 --ah-c--- c:\windows\System32\drivers\vsconfig.xml
2008-12-08 02:40 . 2008-08-21 20:42 294,288 --a--c--- c:\windows\System32\drivers\vsdatant.sys
2008-12-07 16:19 . 2008-12-07 16:19 d----c--- c:\users\stepahnie\AppData\Roaming\Grisoft
2008-12-07 16:18 . 2008-12-07 16:18 d----c--- c:\users\All Users\Grisoft
2008-12-07 16:18 . 2008-12-07 16:18 d----c--- c:\programdata\Grisoft
2008-12-07 16:18 . 2007-05-30 07:10 10,872 --a--c--- c:\windows\System32\drivers\AvgAsCln.sys
2008-12-07 13:07 . 2008-05-27 00:18 350,208 --a--c--- c:\windows\System32\mssph.dll
2008-12-07 13:07 . 2008-05-27 00:18 203,776 --a--c--- c:\windows\System32\mssphtb.dll
2008-12-06 19:03 . 2008-12-06 19:03 d----c--- C:\PerfLogs
2008-12-06 17:49 . 2008-12-06 18:05 d----c--- c:\program files\Eusing Free Registry Cleaner
2008-12-04 19:16 . 2008-12-04 19:16 d----c--- c:\program files\CCleaner
2008-12-04 17:43 . 2008-12-08 17:57 d----c--- c:\program files\Alwil Software
2008-11-29 00:51 . 2008-11-29 00:51 d----c--- c:\program files\Common Files\Apple
2008-11-29 00:48 . 2008-11-29 00:48 d----c--- c:\users\All Users\Apple
2008-11-29 00:48 . 2008-11-29 00:48 d----c--- c:\programdata\Apple
2008-11-29 00:48 . 2008-11-29 00:48 d----c--- c:\program files\Apple Software Update
2008-11-28 14:50 . 2008-11-28 14:50 dr---c--- c:\windows\System32\config\systemprofile\Music
2008-11-26 19:23 . 2008-10-21 00:25 1,645,568 --a--c--- c:\windows\System32\connect.dll
2008-11-26 19:23 . 2008-08-27 22:40 712,704 --a--c--- c:\windows\System32\WindowsCodecs.dll
2008-11-26 19:23 . 2008-08-27 22:40 425,472 --a--c--- c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 19:23 . 2008-08-27 22:40 347,136 --a--c--- c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 19:23 . 2008-10-21 22:57 241,152 --a--c--- c:\windows\System32\PortableDeviceApi.dll
2008-11-26 19:23 . 2008-01-19 02:36 160,768 --a--c--- c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 19:23 . 2008-01-19 02:36 94,720 --a--c--- c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-13 22:08 . 2008-12-08 23:41 d----c--- c:\program files\TVAnts
2008-11-13 20:14 . 2008-11-13 20:14 d----c--- c:\windows\Sun
2008-11-13 20:07 . 2008-10-16 16:13 1,809,944 --a--c--- c:\windows\System32\wuaueng.dll
2008-11-13 20:07 . 2008-10-16 15:56 1,524,736 --a--c--- c:\windows\System32\wucltux.dll
2008-11-13 20:07 . 2008-10-16 16:12 561,688 --a--c--- c:\windows\System32\wuapi.dll
2008-11-13 20:07 . 2008-10-16 15:55 83,456 --a--c--- c:\windows\System32\wudriver.dll
2008-11-13 20:07 . 2008-10-16 16:09 51,224 --a--c--- c:\windows\System32\wuauclt.exe
2008-11-13 20:07 . 2008-10-16 16:09 43,544 --a--c--- c:\windows\System32\wups2.dll
2008-11-13 20:07 . 2008-10-16 16:08 34,328 --a--c--- c:\windows\System32\wups.dll
2008-11-13 20:06 . 2008-10-16 14:08 162,064 --a--c--- c:\windows\System32\wuwebv.dll
2008-11-13 20:06 . 2008-10-16 13:56 31,232 --a--c--- c:\windows\System32\wuapp.exe
2008-11-12 17:35 . 2008-08-26 20:05 212,480 --a--c--- c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 15:27 . 2008-09-05 00:14 1,191,936 --a--c--- c:\windows\System32\msxml3.dll
2008-11-11 15:26 . 2008-09-09 22:40 1,334,272 --a--c--- c:\windows\System32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 02:00 --------- dc--a-w c:\programdata\TEMP
2008-12-09 09:36 --------- dc----w c:\programdata\Spybot - Search & Destroy
2008-12-09 00:20 --------- dc----w c:\programdata\Symantec
2008-12-09 00:19 --------- dc----w c:\program files\Symantec
2008-12-09 00:19 --------- dc----w c:\program files\Common Files\Symantec Shared
2008-12-07 00:15 174 --sha-w c:\program files\desktop.ini
2008-12-07 00:05 --------- dc----w c:\program files\Windows Sidebar
2008-12-07 00:05 --------- dc----w c:\program files\Windows Photo Gallery
2008-12-07 00:05 --------- dc----w c:\program files\Windows Mail
2008-12-07 00:05 --------- dc----w c:\program files\Windows Journal
2008-12-07 00:05 --------- dc----w c:\program files\Windows Defender
2008-12-07 00:05 --------- dc----w c:\program files\Windows Calendar
2008-12-07 00:05 --------- d-----w c:\program files\Windows Collaboration
2008-12-06 23:47 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-06 23:47 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-06 07:34 --------- dc----w c:\users\stepahnie\AppData\Roaming\FileMaker
2008-12-06 07:34 --------- dc----w c:\users\stepahnie\AppData\Roaming\Download Manager
2008-12-06 07:34 --------- dc----w c:\users\stepahnie\AppData\Roaming\CyberLink
2008-12-06 07:34 --------- dc----w c:\users\stepahnie\AppData\Roaming\Amazon
2008-12-06 07:34 --------- dc----w c:\users\stepahnie\AppData\Roaming\acccore
2008-12-05 06:55 --------- dc----w c:\programdata\WholeSecurity
2008-12-04 17:52 --------- dc----w c:\program files\Spybot - Search & Destroy
2008-12-02 10:07 --------- dc----w c:\program files\StudySmart
2008-11-29 05:51 --------- dc----w c:\program files\QuickTime
2008-11-29 05:50 --------- dc----w c:\programdata\Apple Computer
2008-11-27 17:01 --------- dc----w c:\programdata\Microsoft Help
2008-11-14 02:48 --------- dc----w c:\users\stepahnie\AppData\Roaming\SopCast
2008-11-03 20:38 32,132,615 -c--a-w c:\users\stepahnie\Symantec AV - Ver. 10.2 - Vista (32 bit) - unmanaged - 01MAR.exe
2008-10-30 21:01 --------- dc----w c:\program files\Amazon
2008-10-30 16:42 --------- dc----w c:\program files\Microsoft Works
2008-10-02 03:49 827,392 -c--a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 -c--a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 -c--a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 -c--a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 -c--a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 -c--a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 -c--a-w c:\windows\System32\win32k.sys
2007-11-28 04:00 8 -c--a-w c:\users\stepahnie\AppData\Roaming\usb.dat.bin
2007-11-26 16:56 47,360 -c--a-w c:\users\stepahnie\AppData\Roaming\pcouffin.sys
2007-07-01 23:48 0 -c--a-w c:\users\stepahnie\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

HERE IS THE REST OF THE LOG FROM COMBO FIX

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smax4v"="c:\users\stepahnie\AppData\Roaming\Google\windep.exe" [2008-12-06 128000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-08-21 981904]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^stepahnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^stepahnie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 15:21 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
--a--c--- 2008-06-12 14:37 50520 c:\users\stepahnie\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2007-11-20 16:40 731136 c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a--c--- 2008-01-19 02:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-11-06 04:05 106496 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a--c--- 2007-06-05 11:12 71176 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-10-18 12:32 472800 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2006-11-06 04:02 98304 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-11-06 04:02 81920 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2006-11-06 13:58 159744 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2006-12-02 19:32 167936 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-12-07 02:43 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-15 01:02 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-03 01:36 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2006-10-18 12:56 317152 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2008-01-19 02:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2007-06-11 20:16 4670968 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

AND THIS IS THE LAST OF THE COMBO FIX LOG


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{912E4D46-9443-4355-BFFD-FB17D1033BBB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88E37DE1-BF38-4EAF-9FE1-518E9C159753}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A03BCDD1-BC60-4290-B48B-B85FE0EE7605}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{F0484DEF-8161-4100-BC94-B92C63F6C992}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{117D3D41-9CBC-4A77-8F6F-FD23E365AB86}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{591AC6C7-9C04-4FC7-A1D7-860D35446253}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{CF896297-B062-46A0-9418-340FAACC54EB}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{C3270D6A-EBA1-48AF-B455-D06CEB6E7E68}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{B2761C83-086B-460F-B618-FC413E458717}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{63836B04-D758-4976-98BF-91A26EA796F5}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{1728CC25-CFF7-4DE1-922A-B761022F0C74}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{602094BE-385C-4951-A490-686FB9257ECF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{75D4F8F0-3B32-4451-B767-AC96FEC0289E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6A0DEB76-5B19-4418-A0BB-06F266E551C6}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3AF834DA-4EDF-4596-8A60-07C784A5D13F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18D85347-A6E7-48C4-8DEB-A18714534CA5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{48F53658-4F05-4BC5-B0E9-1292260D79A3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FD5E27EC-5210-4FE6-82DF-8EF0F7E2F618}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{BDD2E88D-EFDB-48DA-98F5-8565EE44ECE8}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0EC65DB1-69E3-4BEC-A27D-D23970516923}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3801A64E-73F1-425C-9949-696869046D85}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85482554-61DE-4831-BFA9-BC8CAFC4B0B9}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E08442CB-09D4-4F81-8961-1026F69F62B4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2375684C-D408-4C4B-9B16-CCCD65FFD758}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A5CF0C84-7D6A-44F6-A032-21468B924DF7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6B16D9C8-8E9A-4549-9571-825A79B479D9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5FF0AA66-D02A-409C-944A-862368DE09B8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{5374904A-09D6-48B4-81C0-609F47ACCD37}c:\\users\\stepahnie\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\stepahnie\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{4DCDE70C-C20A-4F8F-B806-789FB2E32392}c:\\users\\stepahnie\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\stepahnie\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{681E3168-1D4D-49FC-AF98-42A31A936A8B}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{5339DAAE-F675-40BF-A19E-7C0BC3B86087}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{DC8B52A8-1607-4CC0-98AC-791BB92A16B6}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{21195A60-3239-4AD4-8A9B-8EC33238D8F6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C93AFDFE-ECE0-40BF-8C2A-D3B30A44A9D4}c:\\program files\\rhapsody\\rhapsody.exe"= UDP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{C849CF94-A3E6-48B7-B8F2-4047B772A35F}c:\\program files\\rhapsody\\rhapsody.exe"= TCP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"TCP Query User{FA46EDC6-D8FF-488E-9082-FE18F7A1F3A6}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{ED7D791A-671F-4FB0-AA6F-461D6A534DDC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{96D732B5-AD4A-4D38-B905-B8E4522A1B29}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{B0121ACF-CA68-43E2-A280-0E1F83A45E43}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{AF5E16A8-1D55-46B9-8F75-A09FC326D416}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{249050C8-545E-4FCF-9BE3-06694E823EF5}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2800CD59-0AF2-47F5-891C-80ED251D009A}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{89DCF05B-8BB1-458B-9CB8-75B3F4601095}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{69710386-4344-4E06-81A6-A4276266C1F3}"= UDP:c:\users\stepahnie\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{B13B595E-AAD5-4F15-8C5F-CB980BF0934E}"= TCP:c:\users\stepahnie\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{834853B5-6B23-49B1-BF59-64F5CC94AB43}"= UDP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{022E4F72-5570-4D23-A4F2-C3EE83166BB2}"= TCP:c:\program files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{514178C2-CDE6-433D-A8FE-81DA9626C874}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{38DCAD1A-B254-4513-99E2-C0C33CCE9F42}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{DB4A0F0E-A1A9-441A-9F5D-B5C2AD8A0A42}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43D7AF82-7E83-4D63-A0A6-850BEFF05F7A}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7E088C65-631E-4B4E-8152-8F5554617045}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7617604E-9A63-4A97-9C10-9818D4766BFE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{64F90B84-F66E-4646-8F2D-C801E02508DD}"= UDP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{18F7457C-AA89-419D-B41E-F8A245236864}"= TCP:c:\program files\Alwil Software\Avast4\ashAvast.exe:avast! Antivirus
"{50217275-BAC3-4356-916E-414722DDF548}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{5389BCC0-43BD-4113-AB4E-6FA3B9357764}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{EC8B0028-5545-4A33-8825-463F75C0BA12}"= UDP:c:\program files\LG Software Innovations\1Click DVD Copy 5\1ClickDvdCopy.exe:1Click DVD Copy
"{45243EE0-46F0-4875-94E0-F1B2E9630932}"= TCP:c:\program files\LG Software Innovations\1Click DVD Copy 5\1ClickDvdCopy.exe:1Click DVD Copy

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\program files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\program files\ExamSoft\SofTest.exe:*:Enabled:SofTest

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-08 99376]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-01-19 3768]
S3 AMQHAZK;AMQHAZK;c:\users\STEPAH~1\AppData\Local\Temp\AMQHAZK.exe []
S3 JAIDYEKPQD;JAIDYEKPQD;c:\users\STEPAH~1\AppData\Local\Temp\JAIDYEKPQD.exe []
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-11-28 122008]
S4 SoundMovieServer;SoundMovieServer;"c:\windows\system32\snmvtsvc.exe" [2008-01-19 184320]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-11 24652]
S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-05-18 229856]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04d919b6-866e-11dc-98c5-0016d4e5f47f}]
\shell\AutoRun\command - F:\Autorun.exe /run
\shell\Shell00\Command - F:\Autorun.exe /run
\shell\Shell01\Command - F:\Autorun.exe /action
\shell\Shell02\Command - F:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ecce6a-43a4-11dc-a91b-0016d4e5f47f}]
\shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ecce6f-43a4-11dc-a91b-0016d4e5f47f}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8147a2-4eb4-11dd-9c8f-0016d4e5f47f}]
\shell\AutoRun\command - G:\autorun.exe
\shell\phone\command - G:\autorun.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{8BB152DF-5FE8-496F-ADEE-983C90779B0E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Octoshape Streaming Services - c:\users\stepahnie\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = about:blank
uSearchURL,(Default) = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\tplayer38.ocx - O16 -: {9CA74596-B5BB-4634-971C-F0224115A15F}
hxxp://nba.tom.com/video/tcastV1.cab
FireFox -: Profile - c:\users\stepahnie\AppData\Roaming\Mozilla\Firefox\Profiles\hrrp9dzn.default\
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - c:\users\stepahnie\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0808270_SUA_900\npoctoshape.dll
FF -: plugin - c:\users\stepahnie\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 21:05:44
Windows 6.0.6001 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-10 21:07:12
ComboFix-quarantined-files.txt 2008-12-11 02:06:57

Pre-Run: 42,702,635,008 bytes free
Post-Run: 42,810,769,408 bytes free

351 --- E O F --- 2008-12-10 08:02:37

Here is the HIJACK THIS log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:39 PM, on 12/10/2008
Platform: Windows Vista (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMQHAZK - Unknown owner - C:\Users\STEPAH~1\AppData\Local\Temp\AMQHAZK.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: JAIDYEKPQD - Unknown owner - C:\Users\STEPAH~1\AppData\Local\Temp\JAIDYEKPQD.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6475 bytes

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :processes
  explorer.exe
  
  :services
  AMQHAZK
  JAIDYEKPQD
  Viewpoint Manager Service
  
  :files
  c:\users\stepahnie\AppData\Roaming\Google\windep.exe
  c:\users\stepahnie\AppData\Roaming\mjusbsp
  
  :reg
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Smax4v"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04d919b6-866e-11dc-98c5-0016d4e5f47f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8147a2-4eb4-11dd-9c8f-0016d4e5f47f}]
  
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
  
  
• Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt3
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

I ran the OT Move it 3

By the time, it go to the Empty folder process. THe Zlob.G pop up popped up again and the program froze up. It says not responding. The page for the program is now blank. I can't even see the results. Should I try running it again?

Somehow the OT program came back up...and its asking if I want to reboot. I'm going to reboot and see what happens.

don't see any pop up webpages so far. Here is the log from OTMoveit3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service AMQHAZK stopped successfully.
Service AMQHAZK deleted successfully.
Service JAIDYEKPQD stopped successfully.
Service JAIDYEKPQD deleted successfully.
Service Viewpoint Manager Service stopped successfully.
Service Viewpoint Manager Service deleted successfully.
========== FILES ==========
c:\users\stepahnie\AppData\Roaming\Google\windep.exe moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp\Upgrade moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp\ug00000 moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp\st00000 moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp\in00000 moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp\ar00001 moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp\ar00000 moved successfully.
c:\users\stepahnie\AppData\Roaming\mjusbsp moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Smax4v deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04d919b6-866e-11dc-98c5-0016d4e5f47f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef8147a2-4eb4-11dd-9c8f-0016d4e5f47f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\Users\STEPAH~1\AppData\Local\Temp\~DFF58.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\STEPAH~1\AppData\Local\Temp\~DFF5F7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\ZLT0579e.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12112008_122439

Files moved on Reboot...
C:\Users\STEPAH~1\AppData\Local\Temp\~DFF58.tmp moved successfully.
C:\Users\STEPAH~1\AppData\Local\Temp\~DFF5F7.tmp moved successfully.
File C:\Windows\temp\ZLT0579e.TMP not found!

Hello.
The alerts should have stopped now.
What problems remain?

Not seeing anymore problems. THANK YOU SO MUCH!!! I read prior posts that suggest updating Java. For some reason when I go to the Install/Uninstall page, i'm not given an option to uninstall, do you know why that is? Do you think I need to update my JAva?

Hello.
Yes, you need to update.
If there is no Java on the uninstall list, skip the uninstall and run JavaRa.

THANKS FOR THE HELP!!! I updated JAVA too.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.