need help quick!!

ok im doing this for a friend, he says there is something wrong with his pc he dont know the name of the virus and his scanner is picking nothing up but he says "theres loads of pop ups changes setting on web broswer just slow" here is the hijack this log could you please look through it and look for anything unusual thanks....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:31, on 09/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\WinSSUI.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\dekoh\AppData\Local\ggqee.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
c:\PROGRA~1\CYBERL~1\SHARED~1\RICHVI~1.EXE
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\dekoh\Downloads\hijackgpthis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=MarioForever&utm_medium=start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: snappyads browser enhancer - {4B4A07A1-ABE6-9E4F-06CB-63DDC0BE4970} - C:\\Windows\\system32\\uczjfmzsyxprame.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\\Program Files\\AOL\\AOL Toolbar 5.0\\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472\\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O2 - BHO: mysidesearch search enhancer - {C0D63C22-6292-4398-3794-08EE4B89C942} - C:\\Windows\\system32\\qwlpccfhmnzrfzu.dll
O2 - BHO: snappyads - {df08f2b5-ba77-aa4b-04be-bcd03811def7} - C:\\Windows\\system32\\nsc670F.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\\Program Files\\AOL\\AOL Toolbar 5.0\\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\Windows Live Toolbar\\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar2.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [hpsysdrv] c:\\hp\\support\\hpsysdrv.exe
O4 - HKLM\\..\\Run: [KBD] C:\\HP\\KBD\\KbdStub.EXE
O4 - HKLM\\..\\Run: [OsdMaestro] \"C:\\Program Files\\Hewlett-Packard\\On-Screen OSD Indicator\\OSD.exe\"
O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\\..\\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\\HP Health Check\\HPHC_Scheduler.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateReg] \"C:\\Windows\\system32\\jureg.exe\"
O4 - HKLM\\..\\Run: [DT HPW] C:\\Program Files\\Portrait Displays\\HP My Display\\DTHtml.exe -startup_folder
O4 - HKLM\\..\\Run: [NBKeyScan] \"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [HP Software Update] C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"
O4 - HKLM\\..\\Run: [bksrkxqgiull] C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Windows\\system32\\uczjfmzsyxprame.dll\"
O4 - HKLM\\..\\Run: [OneCareUI] \"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\\..\\Run: [HPAdvisor] C:\\Program Files\\Hewlett-Packard\\HP Advisor\\HPAdvisor.exe autoRun
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [MsnMsgr] \"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background
O4 - HKCU\\..\\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] \"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\\..\\Run: [Power2GoExpress] \"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup
O4 - HKCU\\..\\Run: [Uniblue RegistryBooster 2] c:\\program files\\uniblue\\registrybooster 2\\StartRegistryBooster.exe
O4 - HKCU\\..\\Run: [WMPNSCFG] C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe
O4 - HKCU\\..\\Run: [ggqee] \"c:\\users\\dekoh\\appdata\\local\\ggqee.exe\" ggqee
O4 - HKUS\\S-1-5-18\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background (User \'Default user\')
O8 - Extra context menu item: &AOL Toolbar Search - c:\\program files\\aol\\aol toolbar 5.0\\resources\\en-GB\\local\\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\\Program Files\\Windows Live Toolbar\\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\\Program Files\\AOL\\AOL Toolbar 5.0\\aoltb.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\\Program Files\\Common Files\\Portrait Displays\\Shared\\dtsrvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\\Program Files\\HP Games\\My HP Game Console\\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\\Program Files\\Hewlett-Packard\\HP Health Check\\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\\Program Files\\Norton PC Checkup\\executables\\mrHealthy\\MrHealthy.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\\nvvsvc.exe
O23 - Service: PremierOpinion - VoiceFive Networks, Inc. - C:\\Program Files\\PremierOpinion\\pmservice.exe

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: snappyads browser enhancer - {4B4A07A1-ABE6-9E4F-06CB-63DDC0BE4970} - C:\\Windows\\system32\\uczjfmzsyxprame.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: mysidesearch search enhancer - {C0D63C22-6292-4398-3794-08EE4B89C942} - C:\\Windows\\system32\\qwlpccfhmnzrfzu.dll
  O2 - BHO: snappyads - {df08f2b5-ba77-aa4b-04be-bcd03811def7} - C:\\Windows\\system32\\nsc670F.dll
  O4 - HKLM\\..\\Run: [bksrkxqgiull] C:\\Windows\\System32\\regsvr32.exe /s \"C:\\Windows\\system32\\uczjfmzsyxprame.dll\"
  O4 - HKCU\\..\\Run: [ggqee] \"c:\\users\\dekoh\\appdata\\local\\ggqee.exe\" ggqee
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

ok i clicked the boxes on hikack this and clicked "fix checked" and it just went back to main menu and on a re scan the files are still there is this supposed to happen?

UAC is stopping us.
Right click hijackgpthis.exe > run as administrator.
Do the fix again and see if they return.

ok fixed that problem but now he has another problem...."when i install mbam-setup.exe it comes up with a message saying update failed make sure you are connected to the internet and your firewall is set to allow malwarebytes anti malware to access the internet i tried again ith fire wall off and same message"

Lets run a quick scan.

Download Lop S&D < here

Right-click Lop S&D.exe > Run as administrator.
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows Vista Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : dekoh ( Administrator )
BOOT : Normal boot
Antivirus : Windows Live OneCare 1.0.0 (Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Activated)
C:\ (Local Disk) - NTFS - Total:325 Go (Free:235 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 09/02/2009|17:30 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[02/04/2008|17:31] C:\Users\dekoh\AppData\Local\Adobe
[02/04/2008|18:16] C:\Users\dekoh\AppData\Local\Ahead
[17/03/2008|14:30] C:\Users\dekoh\AppData\Local\AOL
[03/12/2008|17:57] C:\Users\dekoh\AppData\Local\Apple
[03/12/2008|18:00] C:\Users\dekoh\AppData\Local\Apple Computer
[17/03/2008|12:37] C:\Users\dekoh\AppData\Local\Application Data
[12/10/2008|11:22] C:\Users\dekoh\AppData\Local\d3d9caps.dat
[16/11/2008|18:39] C:\Users\dekoh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[17/08/2008|09:15] C:\Users\dekoh\AppData\Local\Downloaded Installations
[06/01/2009|12:04] C:\Users\dekoh\AppData\Local\ejaduaqo.bat
[17/03/2008|13:06] C:\Users\dekoh\AppData\Local\GDIPFONTCACHEV1.DAT
[08/02/2009|21:08] C:\Users\dekoh\AppData\Local\ggqee.bat
[09/02/2009|16:46] C:\Users\dekoh\AppData\Local\ggqee.dat
[28/01/2009|11:57] C:\Users\dekoh\AppData\Local\ggqee.exe
[30/01/2009|14:13] C:\Users\dekoh\AppData\Local\ggqee_nav.dat
[06/01/2009|01:18] C:\Users\dekoh\AppData\Local\ggqee_navps.dat
[24/08/2008|22:21] C:\Users\dekoh\AppData\Local\Google
[17/03/2008|13:06] C:\Users\dekoh\AppData\Local\Hewlett-Packard
[17/03/2008|12:37] C:\Users\dekoh\AppData\Local\History
[12/04/2008|13:39] C:\Users\dekoh\AppData\Local\HP
[17/03/2008|22:16] C:\Users\dekoh\AppData\Local\HP Guide
[08/02/2009|21:04] C:\Users\dekoh\AppData\Local\IconCache.db
[18/04/2008|20:50] C:\Users\dekoh\AppData\Local\JollyBear
[22/11/2008|02:44] C:\Users\dekoh\AppData\Local\Microsoft
[25/07/2008|23:01] C:\Users\dekoh\AppData\Local\Microsoft Games
[01/04/2008|23:49] C:\Users\dekoh\AppData\Local\MigWiz
[20/03/2008|18:17] C:\Users\dekoh\AppData\Local\Mozilla
[02/04/2008|19:48] C:\Users\dekoh\AppData\Local\Nero
[09/02/2009|17:30] C:\Users\dekoh\AppData\Local\Temp
[17/03/2008|12:37] C:\Users\dekoh\AppData\Local\Temporary Internet Files
[28/01/2009|18:55] C:\Users\dekoh\AppData\Local\Unity
[21/03/2008|02:17] C:\Users\dekoh\AppData\Local\VirtualStore
[15/11/2008|21:45] C:\Users\dekoh\AppData\Local\Wyzo
[30/10/2008|17:51] C:\Users\dekoh\AppData\Local\Zylom Games

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[09/02/2009 17:00][--a------] C:\Windows\tasks\RegCure Program Check.job
[07/02/2009 09:43][--a------] C:\Windows\tasks\RegCure.job
[09/02/2009 17:30][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{2C61D359-04E2-4FBD-BE6D-AA063B2317FD}.job
[25/03/2008 19:49][--a------] C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[08/02/2009 21:06][--a------] C:\Windows\tasks\RtlVistaStart.job
[09/02/2009 12:41][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{270D32E9-1AD5-4851-93A1-DEB3A8D82C27}.job
[28/01/2009 16:30][--a------] C:\Windows\tasks\HPCeeScheduleFordekoh.job
[08/02/2009 21:05][--ah-----] C:\Windows\tasks\SA.DAT
[08/02/2009 21:04][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[12/10/2008|11:45] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[23/11/2008|15:21] C:\ProgramData\Adobe
[03/12/2008|17:56] C:\ProgramData\Apple
[03/12/2008|17:59] C:\ProgramData\Apple Computer
[02/11/2006|13:02] C:\ProgramData\Application Data
[01/04/2008|22:16] C:\ProgramData\Big Fish Games
[18/04/2008|19:07] C:\ProgramData\BigFishGamesCache
[21/03/2008|03:10] C:\ProgramData\Channel4
[17/03/2008|22:58] C:\ProgramData\CyberLink
[02/11/2006|13:02] C:\ProgramData\Desktop
[02/11/2006|13:02] C:\ProgramData\Documents
[30/10/2008|17:56] C:\ProgramData\Driving Test Success
[10/07/2008|16:13] C:\ProgramData\Electronic Arts
[02/11/2006|13:02] C:\ProgramData\Favorites
[18/04/2008|19:21] C:\ProgramData\Gogii
[20/03/2008|17:35] C:\ProgramData\Google
[08/02/2009|23:02] C:\ProgramData\Google Updater
[17/03/2008|13:06] C:\ProgramData\Hewlett-Packard
[05/05/2008|19:32] C:\ProgramData\HipSoft
[30/11/2007|16:57] C:\ProgramData\HP
[30/11/2007|16:57] C:\ProgramData\hpzinstall.log
[01/04/2008|22:12] C:\ProgramData\Ice Cream Tycoon
[14/05/2008|20:39] C:\ProgramData\InstallShield
[11/05/2008|15:16] C:\ProgramData\iWin
[18/04/2008|20:50] C:\ProgramData\JollyBear
[30/10/2008|17:48] C:\ProgramData\Kontiki
[02/04/2008|18:21] C:\ProgramData\LightScribe
[09/02/2009|17:11] C:\ProgramData\Malwarebytes
[26/07/2008|20:37] C:\ProgramData\MGS
[26/07/2008|20:37] C:\ProgramData\Microgaming
[08/02/2009|21:10] C:\ProgramData\Microsoft
[14/05/2008|21:08] C:\ProgramData\MinigolfAdventures
[29/03/2008|00:34] C:\ProgramData\Mozilla
[30/11/2007|17:04] C:\ProgramData\muvee Technologies
[08/02/2009|21:01] C:\ProgramData\N360BUOptions.ini
[14/10/2008|16:01] C:\ProgramData\Nero
[06/02/2009|17:29] C:\ProgramData\NortonInstaller
[13/11/2008|16:04] C:\ProgramData\NVIDIA
07|17:09] C:\ProgramData\PC-Doctor
[21/10/2008|22:15] C:\ProgramData\pixelStorm
[17/12/2008|11:55] C:\ProgramData\PlayFirst
[02/11/2006|13:02] C:\ProgramData\Start Menu
[08/02/2009|21:03] C:\ProgramData\Symantec
[03/02/2009|20:50] C:\ProgramData\TEMP
[02/11/2006|13:02] C:\ProgramData\Templates
[28/03/2008|23:13] C:\ProgramData\Trymedia
[17/12/2008|12:56] C:\ProgramData\WildTangent
[21/05/2008|17:26] C:\ProgramData\WinZip
[18/04/2008|22:31] C:\ProgramData\WLInstaller
[28/03/2008|23:13] C:\ProgramData\Yahoo! Games

--------------------\\ Listing Folders in C:\Program Files

[23/11/2008|15:21] C:\Program Files\Adobe
[17/03/2008|14:03] C:\Program Files\AGEIA Technologies
[27/04/2008|13:02] C:\Program Files\Ahead
[17/03/2008|12:38] C:\Program Files\AOL
[03/12/2008|17:57] C:\Program Files\Apple Software Update
[27/07/2008|19:04] C:\Program Files\Atlant Software
[03/12/2008|17:59] C:\Program Files\Bonjour
[08/02/2009|21:02] C:\Program Files\Common Files
[30/11/2007|17:03] C:\Program Files\CyberLink
[03/04/2008|01:59] C:\Program Files\directx
[06/02/2009|17:56] C:\Program Files\DivX
[30/11/2007|16:05] C:\Program Files\EasyBits
[31/03/2008|17:25] C:\Program Files\FlashGet
[12/10/2008|11:21] C:\Program Files\FunWebProducts
[24/08/2008|22:17] C:\Program Files\Google
[27/09/2008|16:20] C:\Program Files\Hamsterball_at
[30/11/2007|17:10] C:\Program Files\Hewlett-Packard
[13/11/2008|15:49] C:\Program Files\HP
[16/12/2008|14:02] C:\Program Files\HP Games
[06/02/2009|17:55] C:\Program Files\InstallShield Installation Information
[06/02/2009|17:06] C:\Program Files\Internet Explorer
[03/12/2008|17:59] C:\Program Files\iPod
[03/12/2008|18:00] C:\Program Files\iTunes
[30/11/2007|17:05] C:\Program Files\Java
[09/02/2009|17:16] C:\Program Files\Malwarebytes' Anti-Malware
[06/02/2009|17:55] C:\Program Files\Microsoft Games
[30/11/2007|17:06] C:\Program Files\Microsoft Office
[13/11/2008|16:17] C:\Program Files\Microsoft Silverlight
[08/02/2009|21:05] C:\Program Files\Microsoft Windows OneCare Live
[30/11/2007|17:06] C:\Program Files\Microsoft Works
[23/07/2008|20:23] C:\Program Files\Movie Maker
[08/11/2008|21:13] C:\Program Files\Mozilla Firefox
[02/11/2006|12:37] C:\Program Files\MSBuild
[21/03/2008|03:09] C:\Program Files\MSXML 4.0
[30/11/2007|17:04] C:\Program Files\muvee Technologies
[30/10/2008|18:30] C:\Program Files\MyWebSearch
[02/04/2008|18:11] C:\Program Files\Nero
[02/04/2008|18:16] C:\Program Files\NeroInstall.bak
[07/02/2009|11:23] C:\Program Files\Norton PC Checkup
[09/02/2009|12:54] C:\Program Files\Norton Security Scan
[06/02/2009|17:29] C:\Program Files\NortonInstaller
[06/02/2009|17:43] C:\Program Files\Online Services
[30/11/2007|17:23] C:\Program Files\PC-Doctor 5 for Windows
[17/03/2008|13:09] C:\Program Files\Portrait Displays
[06/02/2009|12:42] C:\Program Files\PremierOpinion
[03/12/2008|17:59] C:\Program Files\QuickTime
[30/11/2007|16:54] C:\Program Files\Realtek
[13/11/2008|11:49] C:\Program Files\REALTEK USB Wireless LAN Driver and Utility
[02/11/2006|12:37] C:\Program Files\Reference Assemblies
[18/04/2008|19:20] C:\Program Files\ReflexiveArcade
[06/02/2009|18:16] C:\Program Files\RegCure
[03/04/2008|01:58] C:\Program Files\Rockstar Games
[17/08/2008|14:42] C:\Program Files\ShoppingReport
[28/01/2009|11:56] C:\Program Files\Symantec
[02/11/2006|13:01] C:\Program Files\Uninstall Information
[28/01/2009|17:50] C:\Program Files\Unity
[30/10/2008|18:02] C:\Program Files\VirtualVillagers_at
[23/07/2008|20:23] C:\Program Files\Windows Calendar
[23/07/2008|20:23] C:\Program Files\Windows Collaboration
[23/07/2008|20:23] C:\Program Files\Windows Defender
[23/07/2008|20:23] C:\Program Files\Windows Journal
[25/03/2008|19:47] C:\Program Files\Windows Live
[25/03/2008|19:48] C:\Program Files\Windows Live Favorites
[03/02/2009|20:49] C:\Program Files\Windows Live Safety Center
[25/03/2008|19:49] C:\Program Files\Windows Live Toolbar
[29/01/2009|03:03] C:\Program Files\Windows Mail
[23/07/2008|20:23] C:\Program Files\Windows Media Player
[02/11/2006|12:37] C:\Program Files\Windows NT
[23/07/2008|20:23] C:\Program Files\Windows Photo Gallery
[23/07/2008|20:23] C:\Program Files\Windows Sidebar
[31/03/2008|17:23] C:\Program Files\Yahoo!
[31/03/2008|12:01] C:\Program Files\Yahoo! Games
[13/11/2008|11:45] C:\Program Files\ZTE Mobile Connection

--------------------\\ Listing Folders in C:\Program Files\Common Files
[23/11/2008|15:21] C:\Program Files\Common Files\Adobe
[27/04/2008|13:02] C:\Program Files\Common Files\Ahead
[03/12/2008|17:59] C:\Program Files\Common Files\Apple
[30/11/2007|16:57] C:\Program Files\Common Files\HP
[14/05/2008|20:38] C:\Program Files\Common Files\InstallShield
[30/11/2007|17:05] C:\Program Files\Common Files\Java
[30/11/2007|17:03] C:\Program Files\Common Files\LightScribe
[30/11/2007|17:03] C:\Program Files\Common Files\LS Getting Started
[25/03/2008|19:48] C:\Program Files\Common Files\microsoft shared
[30/11/2007|17:04] C:\Program Files\Common Files\muvee Technologies
[14/10/2008|16:01] C:\Program Files\Common Files\Nero
[17/03/2008|13:09] C:\Program Files\Common Files\Portrait Displays
[08/02/2009|20:56] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|11:18] C:\Program Files\Common Files\Services
[02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines
[09/02/2009|16:02] C:\Program Files\Common Files\Symantec Shared
[23/07/2008|20:23] C:\Program Files\Common Files\System
[25/03/2008|19:46] C:\Program Files\Common Files\WindowsLiveInstaller
[17/03/2008|14:03] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 95 Processes )

iexplore.exe ~ [PID:4676]
iexplore.exe ~ [PID:4712]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\Users\dekoh\AppData\Roaming\MICROS~1\Windows\Cookies\dekoh@partypoker[1].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 17:31:08
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 421

--------------------\\ Searching for other infections


C:\Users\dekoh\AppData\Local\ggqee.bat
C:\Users\dekoh\AppData\Local\ggqee.dat
C:\Users\dekoh\AppData\Local\ggqee.exe
C:\Users\dekoh\AppData\Local\ggqee_nav.dat
C:\Users\dekoh\AppData\Local\ggqee_navps.dat
==> EGDACCESS <==

--------------------\\ Cracks & Keygens ..

C:\Users\dekoh\AppData\Local\Microsoft\Messenger\anerley@hotmail.com\Sharing Folders\jason_tms@hotmail.com\12-jay-spaz-crack-music.mp3
C:\Users\dekoh\AppData\Roaming\Microsoft\Windows\Recent\crack.zip.lnk
C:\Users\dekoh\Desktop\DEKOHS MIXTAPES\12-jay-spaz-crack-music.mp3
C:\Users\dekoh\Desktop\DEKOHS MIXTAPES\03-lil-wayne-and-bun-b--damn-im-cold\12-jay-spaz-crack-music.mp3
C:\Users\dekoh\Documents\hospital tycoon_Crack
C:\Users\dekoh\Documents\hospital tycoon_Crack\data.uid
C:\Users\dekoh\Documents\LimeWire\Incomplete\T-91843-hospital tycoon full game down crack.zip
C:\Users\dekoh\Documents\LimeWire\Saved\[ PC Games ] - Age of Empires II(FULL)(2)\crack.zip


[F:189][D:28]-> C:\Users\dekoh\AppData\Local\Temp
[F:256][D:1]-> C:\Users\dekoh\AppData\Roaming\MICROS~1\Windows\Cookies
[F:41][D:13]-> C:\Users\dekoh\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:34][D:7]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 09/02/2009|17:32 - Option : [1]

--------------------\\ Scan completed at 17:32:58
[ UAC => 1 ]

• Now download Navilog1 from one of the following links:
  http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe
  or
  http://il-mafioso.changelog.fr/Navifix/Navilog1.exe
  
• Right click on the above link and choose Save target as and save it to your Desktop.
  
• Right-click on navilog1.exe and choose "Run as Administrator" to install it.
  
  Option #1:
  
  
• Once installation is completed, right-click on Navilog1 shortcut on your Desktop and choose "Run as Administrator".
  
• On main menu, choose 1
  
• Follow the instructions and wait.
  
• Wait for the *** Search completed ….*** message (It may take a reasonable amount of time)
  
• Press any key as requested.
  
• A new notepad document will be produced: fixnavi.txt.
  
• Please copy/paste the contents of this report in your next reply.
  

The report fixnavi.txt is also saved in %systemdrive%. (usually C:\)

Search Navipromo version 3.7.2 began on 09/02/2009 at 17:55:39.39

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Program Files\navilog1

Updated on 07.02.2009 at 10h00 by IL-MAFIOSO

Microsoft Windows Vista Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : dekoh ( Administrator )
BOOT : Normal boot

Antivirus : Windows Live OneCare 1.0.0 (Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Activated)

C:\ (Local Disk) - NTFS - Total:325 Go (Free:235 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\Windows" ***


*** Search folders in "C:\Program Files" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Search folders in "C:\ProgramData" ***


*** Search folders in "c:\users\dekoh\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Search folders in "C:\Users\dekoh\AppData\Local\virtualstore\Program Files" ***

...\InternetGameBox found !

*** Search folders in "C:\Users\MELZIE\AppData\Local\virtualstore\Program Files" ***



*** Search folders in "C:\Users\dekoh\AppData\Local" ***



*** Search folders in "C:\Users\aaron\AppData\Local" ***



*** Search folders in "C:\Users\MELZIE\AppData\Local" ***




*** Search folders in "C:\Users\dekoh\AppData\Roaming" ***


*** Search folders in "C:\Users\aaron\appdata\roaming" ***


*** Search folders in "C:\Users\MELZIE\appdata\roaming" ***


*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\Windows\system32" *

* Scan in "C:\Users\dekoh\AppData\Local\Microsoft" *

* Scan in "C:\Users\dekoh\AppData\Local\virtualstore\windows\system32" *

* Scan in "C:\Users\dekoh\AppData\Local" *

* Scan in "C:\Users\aaron\AppData\Local" *

* Scan in "C:\Users\MELZIE\AppData\Local" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\Windows\system32" :


* In "C:\Users\dekoh\AppData\Local\Microsoft" :


* In "C:\Users\dekoh\AppData\Local\virtualstore\windows\system32" :


* In "C:\Users\dekoh\AppData\Local" :

ggqee.exe found !
ggqee.dat found !
ggqee_nav.dat found !
ggqee_navps.dat found !
ggqee.bat found !

* In "C:\Users\aaron\AppData\Local" :


* In "C:\Users\MELZIE\AppData\Local" :


3)Certificates Search :

Egroup certificate found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 09/02/2009 at 17:56:24.79 ***

Right-click on Navilog1 shortcut on your Desktop and choose "Run as Administrator".

• On main menu, choose 2.
  
• Follow the instructions and wait.
  
• The tool will then advise you that it will restart your computer.
  
• Save your open documents, if any, and close all windows.
  
• Press any key as requested.
  
• If your computer doesn't restart automatically, restart it manually.
  
• Choose your usual session if necessary.
  
• Wait for the *** Cleaning stage complete! ….*** message (Please be patient. It may take a reasonable amount of time).
  
• A new notepad document will be produced.
  
• Please save the document and copy/paste the contents of this report in your next reply.
  
• Your desktop will now appear.
  

avipromo Removal version 3.7.2 started on 09/02/2009 at 18:06:32.93

Fix running from C:\Program Files\navilog1

Updated on 07.02.2009 at 10h00 by IL-MAFIOSO

Microsoft Windows Vista Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : dekoh ( Administrator )
BOOT : Normal boot

Antivirus : Windows Live OneCare 1.0.0 (Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Activated)

C:\ (Local Disk) - NTFS - Total:325 Go (Free:235 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Automatic removal
with Catchme and GNS results


Cleanning stage done on Reboot


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\Windows\System32" *


* Deletion in "C:\Users\dekoh\AppData\Local\Microsoft" *


* Deletion in "C:\Users\dekoh\AppData\Local\virtualstore\windows\system32" *


* Deletion in "C:\Users\dekoh\AppData\Local" *


* Deletion in "C:\Users\aaron\AppData\Local" *


* Deletion in "C:\Users\MELZIE\AppData\Local" *



*** Deleting folders in "C:\Windows" ***


*** Deleting folders in "C:\Program Files" ***


*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" ***


*** Deleting folders in "C:\ProgramData" ***


*** Deleting folders in c:\users\dekoh\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Deleting folders in "C:\Users\aaron\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Deleting folders in "C:\Users\MELZIE\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Deleting folders in "C:\Users\dekoh\AppData\Local\virtualstore\Program Files" ***

...\InternetGamebox ...deleting...
...\InternetGamebox deleted !


*** Deleting folders in "C:\Users\MELZIE\AppData\Local\virtualstore\Program Files" ***


*** Deleting folders in "C:\Users\dekoh\AppData\Local" ***


*** Deleting folders in "C:\Users\aaron\AppData\Local" ***


*** Deleting folders in "C:\Users\MELZIE\AppData\Local" ***


*** Deleting folders in "C:\Users\dekoh\AppData\Roaming" ***


*** Deleting folders in "C:\Users\aaron\appdata\roaming" ***


*** Deleting folders in "C:\Users\MELZIE\appdata\roaming" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\Windows\Temp done !
Cleaning of C:\Users\dekoh\AppData\Local\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\Windows\system32" *


* In "C:\Users\dekoh\AppData\Local\Microsoft" *


* In "C:\Users\dekoh\AppData\Local\virtualstore\windows\system32" *


* In "C:\Users\dekoh\AppData\Local" *


ggqee.exe found !
Copy ggqee.exe done !
ggqee.exe deleted !

ggqee.dat found !
Copy ggqee.dat done !
ggqee.dat deleted !

ggqee_nav.dat found !
Copy ggqee_nav.dat done !
ggqee_nav.dat deleted !

ggqee_navps.dat found !
Copy ggqee_navps.dat done !
ggqee_navps.dat deleted !

ggqee.bat found !
Copy ggqee.bat done !
ggqee.bat deleted !


* In "C:\Users\aaron\AppData\Local" *


* In "C:\Users\MELZIE\AppData\Local" *


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate deleted !
Electronic-Group Certificate deleted !
Montorgueil Certificate not found !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !


*** Search others known folders and files ***



*** Cleaning stage complete on 09/02/2009 at 18:17:06.24 ***

Hello.
Please uninstall Limewire.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

i click on the limewire icon click delete go to uninstall programs but i cant find it

cant find limewire anywhere had a good look no luck

Okay, we'll remove it later, it's there in a hidden folder.
Please run MBAM.

ok done it i can notice the difference already but one problem remains when i go on mozilla a search engine called yoog keeps seeing its elf as my search engine i delete it but it keeps coming back

Don't worry, we can fix it.

• Download combofix from here - combofix.exe
  
• Double click on Combo-Fix.exe.
  
• Follow the prompts.
  NOTE:
  
• Tell Combofix NOT to download the recovery console(If prompted...).
  
• Accept the End-User License Agreement.
  
• Allow combofix to run.
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

i click on the link for combofix.exe but comes up 404 error???

Have uploaded it here:
http://www.sendspace.com/file/u6to9w

Use that link and run it using my instructions.

ComboFix 09-02-08.02 - dekoh 2009-02-09 19:29:07.1 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.1918.885 [GMT 0:00]
Running from: c:\users\dekoh\Downloads\Combo-Fix.exe
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\dekoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\dekoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\dekoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\dekoh\FAVORI~1\Download programs.url
c:\users\dekoh\FAVORI~1\Games.url
c:\users\dekoh\FAVORI~1\Translator.url
c:\users\dekoh\FAVORI~1\Videos.url
c:\users\dekoh\Favorites\Download programs.url
c:\users\dekoh\Favorites\Games.url
c:\users\dekoh\Favorites\Translator.url
c:\users\dekoh\Favorites\Videos.url
c:\windows\system32\uczjfmzsyxprame.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-09 18:12 . 2009-02-09 18:12 d--hs---- C:\found.002
2009-02-09 17:53 . 2009-02-09 18:17 d-------- c:\program files\Navilog1
2009-02-09 17:28 . 2009-02-09 17:32 d-------- C:\Lop SD
2009-02-09 17:11 . 2009-02-09 17:11 d-------- c:\users\dekoh\AppData\Roaming\Malwarebytes
2009-02-09 17:11 . 2009-02-09 17:11 d-------- c:\users\All Users\Malwarebytes
2009-02-09 17:11 . 2009-02-09 17:11 d-------- c:\programdata\Malwarebytes
2009-02-09 17:11 . 2009-02-09 17:16 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 17:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-09 17:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-08 21:03 . 2009-02-08 21:03 d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-02-08 20:57 . 2007-11-27 22:45 91,200 --a------ c:\windows\System32\drivers\msfwdrv.sys
2009-02-08 20:57 . 2007-11-27 22:44 37,440 --a------ c:\windows\System32\drivers\msfwhlpr.sys
2009-02-08 20:56 . 2008-05-15 16:15 53,168 --a------ c:\windows\System32\drivers\MpFilter.sys
2009-02-08 20:52 . 2009-02-08 21:05 d-------- c:\program files\Microsoft Windows OneCare Live
2009-02-06 17:29 . 2009-02-06 17:29 d-------- c:\users\All Users\NortonInstaller
2009-02-06 17:29 . 2009-02-06 17:29 d-------- c:\programdata\NortonInstaller
2009-02-06 17:29 . 2009-02-06 17:29 d-------- c:\program files\NortonInstaller
2009-02-05 20:08 . 2009-02-06 12:42 d-------- c:\program files\PremierOpinion
2009-02-05 20:06 . 2009-02-05 20:06 85,664 --a------ c:\windows\System32\eb54bdf7-09d3-6dd9-94cb-554adeb46fbb.exe
2009-02-05 20:06 . 2009-02-05 20:06 48,278 --a------ c:\windows\System32\yzkkvgqpspfo.exe
2009-02-04 14:09 . 2009-02-04 14:09 695,808 --a------ c:\windows\System32\nsc670F.dll
2009-02-03 00:38 . 2008-06-20 01:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-03 00:38 . 2008-06-20 01:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-03 00:38 . 2008-06-20 01:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-03 00:38 . 2008-06-20 01:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-03 00:38 . 2008-06-20 01:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-03 00:38 . 2008-06-20 01:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-03 00:38 . 2008-06-20 01:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-03 00:38 . 2008-06-20 01:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-03 00:31 . 2008-07-27 18:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-03 00:31 . 2008-07-27 18:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-03 00:31 . 2008-07-27 18:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-03 00:31 . 2008-07-27 18:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-03 00:31 . 2008-07-27 18:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-03 00:19 . 2007-12-23 18:08 d-------- c:\users\dekoh\Counter-Strike 1.6 + Half-Life
2009-01-28 18:59 . 2009-01-28 18:59 d-------- c:\users\dekoh\AppData\Roaming\Unity
2009-01-28 17:50 . 2009-02-09 18:57 d-------- c:\program files\Unity
2009-01-28 12:07 . 2008-12-16 02:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-09 16:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 12:54 --------- d-----w c:\program files\Norton Security Scan
2009-02-08 23:02 --------- d-----w c:\programdata\Google Updater
2009-02-08 21:03 --------- d-----w c:\programdata\Symantec
2009-02-08 20:56 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-02-07 11:23 --------- d-----w c:\program files\Norton PC Checkup
2009-02-06 17:56 --------- d-----w c:\program files\DivX
2009-02-06 17:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 17:55 --------- d-----w c:\program files\Microsoft Games
2009-02-05 20:13 --------- d-----w c:\users\dekoh\AppData\Roaming\LimeWire
2009-02-05 14:53 --------- d-----w c:\users\dekoh\AppData\Roaming\Apple Computer
2009-02-03 20:50 --------- d---a-w c:\programdata\TEMP
2009-02-03 20:49 --------- d-----w c:\program files\Windows Live Safety Center
2009-01-29 03:03 --------- d-----w c:\program files\Windows Mail
2009-01-28 11:56 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-28 11:56 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-28 11:56 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-28 11:56 --------- d-----w c:\program files\Symantec
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-06 11:29 965,664 ----a-w c:\windows\System32\RtkPgExt.dll
2009-01-06 11:29 44,064 ----a-w c:\windows\System32\RtkCoInst.dll
2009-01-06 11:29 322,080 ----a-w c:\windows\System32\RtkApoApi.dll
2009-01-06 11:29 2,510,368 ----a-w c:\windows\System32\RtkAPO.dll
2009-01-06 11:29 109,088 ----a-w c:\windows\RTKAUDIOSERVICE.EXE
2009-01-06 11:07 2,261,024 ----a-w c:\windows\system32\drivers\RTKVHDA.sys
2008-12-26 21:41 47,104 ----a-w c:\windows\System32\KMVIDC32.DLL
2008-12-17 12:56 --------- d-----w c:\programdata\WildTangent
2008-12-17 11:55 --------- d-----w c:\users\dekoh\AppData\Roaming\PlayFirst
2008-12-17 11:55 --------- d-----w c:\programdata\PlayFirst
2008-12-16 14:02 --------- d-----w c:\program files\HP Games
2008-08-11 16:21 1,523,200 ----a-w c:\users\dekoh\siw.exe
2008-07-23 20:31 174 --sha-w c:\program files\desktop.ini
2008-03-17 22:14 0 ----a-w c:\users\dekoh\AppData\Roaming\wklnhst.dat
2009-02-04 14:09 699,904 ----a-w c:\program files\mozilla firefox\components\8e88d16c-9ca3-ade3-d6d7-a977b7733099.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-04 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-10-18 2503976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-04-25 280064]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{814EB14C-7903-4031-B896-1B9C57A07854}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A90BDDDC-5761-43EE-9216-2A93980C4CFA}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{2E40B13D-98D9-4F9A-B38E-D97160066FF8}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E114D4C5-D823-44C1-BDA6-22CA059456FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A22E4FAB-A647-455A-B80D-96A2CCD65DFE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{E2DBD4FF-7901-4E81-A00C-8B61EA96B369}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{02BFC969-ABB3-4427-BB25-2DED38EFC458}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D163E1B4-7846-4F0C-AEDC-F0FFA9EE4BBA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{02859E92-5035-4492-A244-8905F08B3103}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{71B94E50-65DC-457B-BFBC-285FE92CCCDF}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{9EDCB9F5-9B0C-4D3B-8E5F-247532E4400D}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{FAE29DD8-0E5E-43AB-A71D-0FABACC6CBF5}"= UDP:c:\program files\National Guard\Guard Shield\PRISM.exe:Guard Shield
"{A78FDA16-6E52-4194-9E36-E55B88C2BA2F}"= TCP:c:\program files\National Guard\Guard Shield\PRISM.exe:Guard Shield
"{366DFF61-CA72-441C-8D91-81617BF6999A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B16458A4-CE04-41DA-8CE4-9A3A4286B562}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{89F91027-587C-4875-B526-AC9F85B22CFF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CB67C61A-7AE2-4F19-BC0B-55C021187C9A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F57D46CB-102D-4874-BED0-8750414DB050}c:\\team17\\worms2\\frontend.exe"= UDP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
"UDP Query User{DB10813A-C731-4A32-9307-4F7AEC6AA5FA}c:\\team17\\worms2\\frontend.exe"= TCP:c:\team17\worms2\frontend.exe:Worms 2 Frontend
"{5E890977-C242-4FB7-B2FD-C2ACA411CE42}"= UDP:c:\windows\Temp\~os432A.tmp\ossproxy.exe:ossproxy.exe
"{0CEBB3AA-8A27-4F18-92AA-D8A022C54111}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe
"{206EFD2B-7F7C-4EAA-AA51-1FF3F44C35A3}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe
"{702BD867-6888-4EFE-BE6F-842A497D08E0}"= UDP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe
"{C8672105-DEC6-4493-AD1C-3658FF2C1D54}"= TCP:c:\program files\PremierOpinion\pmropn.exe:pmropn.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2008-03-20 15360]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
R2 PremierOpinion;PremierOpinion;c:\program files\PremierOpinion\pmservice.exe [2009-02-05 45056]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [2008-06-27 335872]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-06-13 41008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-03-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-01-28 c:\windows\Tasks\HPCeeScheduleFordekoh.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-07-21 00:34]

2009-02-09 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2007-04-12 04:59]

2009-02-09 c:\windows\Tasks\User_Feed_Synchronization-{270D32E9-1AD5-4851-93A1-DEB3A8D82C27}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 10:01]

2009-02-09 c:\windows\Tasks\User_Feed_Synchronization-{2C61D359-04E2-4FBD-BE6D-AA063B2317FD}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 10:01]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=MarioForever&utm_medium=start
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\users\dekoh\AppData\Roaming\Mozilla\Firefox\Profiles\ndzzkyjv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
1 file(s) moved.
1 file(s) moved.
FF - component: c:\program files\Mozilla Firefox\components\8e88d16c-9ca3-ade3-d6d7-a977b7733099.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-09 19:32:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-09 19:33:46
ComboFix-quarantined-files.txt 2009-02-09 19:33:43

Pre-Run: 254,831,267,840 bytes free
Post-Run: 254,805,143,552 bytes free

261 --- E O F --- 2009-02-06 17:24:40

????

are u still there?

Yes, I'm still here.
I sometimes get pulled away from my machine, sorry about that.
Please disable one care, see here how to:
http://www.bleepingcomputer.com/forums/index.php?showtopic=114351&st=0&p=649847&#entry649847


Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\System32\eb54bdf7-09d3-6dd9-94cb-554adeb46fbb.exe
c:\windows\System32\yzkkvgqpspfo.exe
c:\users\dekoh\AppData\Roaming\Mozilla\Firefox\Profiles\ndzzkyjv.default\user.js
c:\program files\Mozilla Firefox\components\8e88d16c-9ca3-ade3-d6d7-a977b7733099.dll

Folder::
C:\found.002
c:\program files\Navilog1
C:\Lop SD

Firefox::
FF - ProfilePath - c:\users\dekoh\AppData\Roaming\Mozilla\Firefox\Profiles\ndzzkyjv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Since this issue has been addressed, a "solved" tag will be added and this topic will be closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.