Win32trojanTDSS Removal Assistance Needed

So, Ad-Aware says I have Win32trojanTDSS and that it will get rid of it but I need to reboot my computer. That didn't work, it's still there, and it's a pain to get rid of. I'm very untrained in this type of computer work and could really use some hands-on (and hopefully sympathetic/semi-beginner helping) assistance. I tried downloading Malwarebyte's Anti-Malware but it won't run, as I expected.

Help, please?

I'm using a desktop with Windows XP.

Hello Alex Freeman,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

• If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  
• If you have any cracked/pirated software in your computer delete them or we will not help you.
  
• Only follow advise from Geek Police Staff and not a regular member.
  
• Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
  

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:25 PM, on 7/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\b.exe
C:\Documents and Settings\Andrew Gladwin\Desktop\HJTInstall.exe
C:\Documents and Settings\Andrew Gladwin\Desktop\HJTInstall.exe
C:\Documents and Settings\Andrew Gladwin\Desktop\HJTInstall.exe
C:\Documents and Settings\Andrew Gladwin\Desktop\HJTInstall.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Andrew Gladwin\Desktop\HJTInstall.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [Xderuvaponame] rundll32.exe "C:\WINDOWS\Onimacehez.dll",e
O4 - HKLM\..\Run: [Edalizajovanile] rundll32.exe "C:\WINDOWS\oyedilawetidalu.dll",e
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\nos_uninstall_Adobe.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\b.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11201 bytes

Lets try working here first, if things get too difficult then we will deal with it in safe mode

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

So I ran the scan, but it goes blue screen halfway through. It did it twice. Should I run safe mode and retry the scan?

Well I ran the scan in safemode, but I can't access the interne in it (using laptop in the house). Should I do something like save it in notepad, reboot and switch to regular and paste it in here?

And another note (sorry I'm not editing, his laptop is bogged) is that I can't type in safe mode, only copy and paste. Weird.

No please do the following:

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If BitTorrent is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• BitTorrent
  

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
  O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  O4 - HKLM\..\Run: [Xderuvaponame] rundll32.exe "C:\WINDOWS\Onimacehez.dll",e
  O4 - HKLM\..\Run: [Edalizajovanile] rundll32.exe "C:\WINDOWS\oyedilawetidalu.dll",e
  O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
  O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\b.exe
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
  O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
  O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
  O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

Alright I deleted anything I could find of BitTorrent (which wasn't much because I deleted it forever ago, so I was alitle confused)

I've downloaded ComboFix and I'm running it but it just says it's preparing to run and I'm not entirely sure what to do now. Sorry I tookt his lon to respond, I had to run out but I'm all ears now. I just don't get the last bulets.

Follow the prompts. NOTE:

Allow combofix to run

Post C:\combofix.txt back here.

It had me download something from microsoft, but it's stopped there at a blue screen, not the one on the whole computer but Combo Fix is on blue.

Ah, wait, hold on, it's running now, says it may take a little while for scanning of infected files. Am I on the right track?

Yes you are, once finished please post the log back here

It said to note down the following files.

C:\WINDOWS\system32\drivers\UACcnforbufkx.sys
C:\WINDOWS\system32\UACnpuisbseta.dll
C:\WINDOWS\system32\UACbboadcddgh.dll
C:\WINDOWS\system32\UACkfyqluclil.dat
C:\WINDOWS\system32\UACvpvmkxpied.db
C:\WINDOWS\system32\UACuvahiojnwm.dll
C:\WINDOWS\system32\UACqehnejcqhh.dll
C:\WINDOWS\system32\UACqqbloxgebn.dll

And after I ok'ed that, it restarted my computer. Not blue screen, just restarted.

Rootkit found continue with the scan once you reboot.

Alright, it has taken this long and it's at Completed Stage_50 and nothing has happened for a few minutes. Just keep waiting, am I being impatient?

Just being impatient, it just said it's deleting files now. Waiting.

If you machine is really infected it takes a long time

Alright, here it is. Oddly, it deleted my background and went to the one I had before, which is good for me because I couldn't find it and prefer it.

ComboFix 09-07-23.01 - Andrew Gladwin 07/23/2009 16:52:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.313 [GMT -4:00]
Running from: C:\Documents and Settings\Andrew Gladwin\Desktop\Combo-Fix.exe
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\1.wmv
C:\Program Files\INSTALL.LOG
C:\WINDOWS\Installer\5958b2.msi
C:\WINDOWS\Installer\5958b8.msi
C:\WINDOWS\Installer\5958be.msi
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\UACcnforbufkx.sys
C:\WINDOWS\system32\drivers\vsfoceswvanhtk.sys
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\net.net
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\UACbboadcddgh.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UACkfyqluclil.dat
C:\WINDOWS\system32\UACnpuisbseta.dll
C:\WINDOWS\system32\UACqehnejcqhh.dll
C:\WINDOWS\system32\UACqqbloxgebn.dll
C:\WINDOWS\system32\UACuvahiojnwm.dll
C:\WINDOWS\system32\UACvpvmkxpied.db
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-23 18:54:49 . 2009-07-23 18:54:49 0 d-----w- C:\Program Files\Trend Micro
2009-07-23 16:28:25 . 2009-07-03 14:49:07 15688 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2009-07-23 16:18:01 . 2009-07-03 14:49:08 64160 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2009-07-23 16:17:14 . 2009-07-23 16:17:26 0 dc-h--w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-23 16:16:47 . 2009-07-23 16:17:58 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-23 16:16:47 . 2009-07-23 16:16:47 0 d-----w- C:\Program Files\Lavasoft
2009-07-23 05:36:19 . 2009-07-23 05:34:01 137728 ----a-w- C:\WINDOWS\msb.exe
2009-07-17 18:39:42 . 2009-07-17 18:39:42 0 d-----w- C:\Program Files\iPod
2009-07-13 20:40:20 . 2009-07-13 20:40:36 0 d-----w- C:\Program Files\TuneUpMedia
2009-07-13 20:40:11 . 2009-07-23 04:52:22 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\TuneUpMedia
2009-07-13 20:40:08 . 2009-07-13 20:40:40 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUpMedia
2009-07-09 03:43:12 . 2009-07-09 03:43:12 0 d-----w- C:\Program Files\The Extractor
2009-07-09 03:43:12 . 2009-07-09 03:42:58 737280 ----a-w- C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 21:05:39 . 2007-07-03 21:44:11 386276 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2009-07-23 21:05:39 . 2007-07-03 21:43:59 31641376 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2009-07-23 20:46:01 . 2008-12-11 01:36:40 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
2009-07-23 20:32:28 . 2008-12-23 19:35:35 0 d-----w- C:\Program Files\DNA
2009-07-17 18:40:09 . 2008-01-13 03:13:08 0 d-----w- C:\Program Files\iTunes
2009-07-17 18:39:40 . 2007-06-30 20:37:08 0 d-----w- C:\Program Files\Common Files\Apple
2009-07-16 20:52:52 . 2006-04-24 17:24:34 2516 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
2009-07-16 20:52:52 . 2005-11-21 17:42:20 56 --sh--r- C:\WINDOWS\system32\0F7D1EBD22.sys
2009-07-16 20:44:02 . 2008-12-11 01:36:40 0 d-----w- C:\Program Files\NOS
2009-07-05 18:48:26 . 2005-09-26 03:46:13 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\Apple Computer
2009-07-05 16:27:56 . 2009-06-22 01:00:48 0 d-----w- C:\Program Files\FlashMute
2009-06-17 22:04:15 . 2007-06-30 20:37:08 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2009-06-16 14:55:16 . 2004-08-10 17:51:26 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-16 14:55:16 . 2004-08-10 17:51:07 82432 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-13 00:02:37 . 2006-07-21 20:03:52 1878984 ----a-w- C:\Documents and Settings\Andrew Gladwin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-10 22:29:23 . 2009-06-10 19:53:13 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\U3
2009-06-10 22:18:58 . 2008-10-13 17:57:15 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\gtk-2.0
2009-06-04 21:10:52 . 2009-05-26 19:34:12 25 ----a-w- C:\WINDOWS\popcinfot.dat
2009-06-03 19:27:58 . 2004-08-10 17:51:20 1290752 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-06-02 11:06:51 . 2009-06-02 11:05:50 0 d-----w- C:\Program Files\QuickTime
2009-05-29 17:36:16 . 2009-05-10 20:38:39 2060288 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-29 17:36:16 . 2008-01-13 03:04:24 39424 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2009-05-26 19:33:32 . 2009-05-26 19:33:32 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap Games
2009-05-26 19:33:32 . 2009-05-26 19:32:38 0 d-----w- C:\Program Files\PopCap Games
2009-05-07 15:44:00 . 2004-08-10 17:51:11 344064 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-04-29 04:56:02 . 2004-08-10 17:51:29 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-04-29 04:55:56 . 2004-08-10 17:51:09 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-07-18 04:39:57 . 2008-06-18 10:39:57 137208 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
2007-07-23 21:22:05 . 2007-07-23 21:22:05 19104 ----a-w- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2007-07-23 21:22:06 . 2007-07-23 21:22:06 105632 ----a-w- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 22:24:28 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 19:08:26 67160]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 00:07:44 389120]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 22:07:44 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 22:16:12 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00:00 15360]
"FlashMute"="C:\Program Files\FlashMute\FlashMute.exe" [2006-03-11 19:49:16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 00:42:54 1404928]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 06:05:00 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 21:50:42 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 21:50:18 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 06:02:00 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11:42 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 14:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 14:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 14:36:20 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 14:45:26 136600]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 21:10:28 35696]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]
"Edalizajovanile"="C:\WINDOWS\oyedilawetidalu.dll" [2008-12-04 23:59:24 134144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - C:\WINDOWS\system32\narrator.exe [2004-08-04 10:00:00 53760]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-8-18 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [7/23/2009 12:18:01 PM 64160]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe --> C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49:06 AM 1029456]
S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\drivers\WlanGZXP.sys [8/30/2007 4:11:15 PM 402944]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-REGSHAVE - C:\Program Files\REGSHAVE\REGSHAVE.EXE
HKLM-Run-VerizonServicepoint.exe - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - C:\DOCUME~1\ANDREW~1\APPLIC~1\Mozilla\Firefox\Profiles\h8pre2sy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: XUL Cache: {8A551DF7-6415-413B-97BA-771A8D86BB22} - C:\Documents and Settings\Andrew Gladwin\Local Settings\Application Data\{8A551DF7-6415-413B-97BA-771A8D86BB22}

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

hello, some of the log was cut off, can you post all the contents of the log

ComboFix 09-07-23.01 - Andrew Gladwin 07/23/2009 16:52:52.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.313 [GMT -4:00]
Running from: C:\Documents and Settings\Andrew Gladwin\Desktop\Combo-Fix.exe
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\1.wmv
C:\Program Files\INSTALL.LOG
C:\WINDOWS\Installer\5958b2.msi
C:\WINDOWS\Installer\5958b8.msi
C:\WINDOWS\Installer\5958be.msi
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\UACcnforbufkx.sys
C:\WINDOWS\system32\drivers\vsfoceswvanhtk.sys
C:\WINDOWS\system32\msxml71.dll
C:\WINDOWS\system32\net.net
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\UACbboadcddgh.dll
C:\WINDOWS\system32\uacinit.dll
C:\WINDOWS\system32\UACkfyqluclil.dat
C:\WINDOWS\system32\UACnpuisbseta.dll
C:\WINDOWS\system32\UACqehnejcqhh.dll
C:\WINDOWS\system32\UACqqbloxgebn.dll
C:\WINDOWS\system32\UACuvahiojnwm.dll
C:\WINDOWS\system32\UACvpvmkxpied.db
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-23 18:54:49 . 2009-07-23 18:54:49 0 d-----w- C:\Program Files\Trend Micro
2009-07-23 16:28:25 . 2009-07-03 14:49:07 15688 ----a-w- C:\WINDOWS\system32\lsdelete.exe
2009-07-23 16:18:01 . 2009-07-03 14:49:08 64160 ----a-w- C:\WINDOWS\system32\drivers\Lbd.sys
2009-07-23 16:17:14 . 2009-07-23 16:17:26 0 dc-h--w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-23 16:16:47 . 2009-07-23 16:17:58 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-23 16:16:47 . 2009-07-23 16:16:47 0 d-----w- C:\Program Files\Lavasoft
2009-07-23 05:36:19 . 2009-07-23 05:34:01 137728 ----a-w- C:\WINDOWS\msb.exe
2009-07-17 18:39:42 . 2009-07-17 18:39:42 0 d-----w- C:\Program Files\iPod
2009-07-13 20:40:20 . 2009-07-13 20:40:36 0 d-----w- C:\Program Files\TuneUpMedia
2009-07-13 20:40:11 . 2009-07-23 04:52:22 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\TuneUpMedia
2009-07-13 20:40:08 . 2009-07-13 20:40:40 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUpMedia
2009-07-09 03:43:12 . 2009-07-09 03:43:12 0 d-----w- C:\Program Files\The Extractor
2009-07-09 03:43:12 . 2009-07-09 03:42:58 737280 ----a-w- C:\WINDOWS\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 21:05:39 . 2007-07-03 21:44:11 386276 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2009-07-23 21:05:39 . 2007-07-03 21:43:59 31641376 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2009-07-23 20:46:01 . 2008-12-11 01:36:40 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
2009-07-23 20:32:28 . 2008-12-23 19:35:35 0 d-----w- C:\Program Files\DNA
2009-07-17 18:40:09 . 2008-01-13 03:13:08 0 d-----w- C:\Program Files\iTunes
2009-07-17 18:39:40 . 2007-06-30 20:37:08 0 d-----w- C:\Program Files\Common Files\Apple
2009-07-16 20:52:52 . 2006-04-24 17:24:34 2516 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
2009-07-16 20:52:52 . 2005-11-21 17:42:20 56 --sh--r- C:\WINDOWS\system32\0F7D1EBD22.sys
2009-07-16 20:44:02 . 2008-12-11 01:36:40 0 d-----w- C:\Program Files\NOS
2009-07-05 18:48:26 . 2005-09-26 03:46:13 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\Apple Computer
2009-07-05 16:27:56 . 2009-06-22 01:00:48 0 d-----w- C:\Program Files\FlashMute
2009-06-17 22:04:15 . 2007-06-30 20:37:08 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2009-06-16 14:55:16 . 2004-08-10 17:51:26 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll
2009-06-16 14:55:16 . 2004-08-10 17:51:07 82432 ----a-w- C:\WINDOWS\system32\fontsub.dll
2009-06-13 00:02:37 . 2006-07-21 20:03:52 1878984 ----a-w- C:\Documents and Settings\Andrew Gladwin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-10 22:29:23 . 2009-06-10 19:53:13 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\U3
2009-06-10 22:18:58 . 2008-10-13 17:57:15 0 d-----w- C:\Documents and Settings\Andrew Gladwin\Application Data\gtk-2.0
2009-06-04 21:10:52 . 2009-05-26 19:34:12 25 ----a-w- C:\WINDOWS\popcinfot.dat
2009-06-03 19:27:58 . 2004-08-10 17:51:20 1290752 ----a-w- C:\WINDOWS\system32\quartz.dll
2009-06-02 11:06:51 . 2009-06-02 11:05:50 0 d-----w- C:\Program Files\QuickTime
2009-05-29 17:36:16 . 2009-05-10 20:38:39 2060288 ----a-w- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-29 17:36:16 . 2008-01-13 03:04:24 39424 ----a-w- C:\WINDOWS\system32\drivers\usbaapl.sys
2009-05-26 19:33:32 . 2009-05-26 19:33:32 0 d-----w- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap Games
2009-05-26 19:33:32 . 2009-05-26 19:32:38 0 d-----w- C:\Program Files\PopCap Games
2009-05-07 15:44:00 . 2004-08-10 17:51:11 344064 ----a-w- C:\WINDOWS\system32\localspl.dll
2009-04-29 04:56:02 . 2004-08-10 17:51:29 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-04-29 04:55:56 . 2004-08-10 17:51:09 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-07-18 04:39:57 . 2008-06-18 10:39:57 137208 ----a-w- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
2007-07-23 21:22:05 . 2007-07-23 21:22:05 19104 ----a-w- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2007-07-23 21:22:06 . 2007-07-23 21:22:06 105632 ----a-w- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 22:24:28 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 19:08:26 67160]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 00:07:44 389120]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 22:07:44 68856]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 22:16:12 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00:00 15360]
"FlashMute"="C:\Program Files\FlashMute\FlashMute.exe" [2006-03-11 19:49:16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 00:42:54 1404928]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 06:05:00 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 21:50:42 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 21:50:18 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 06:02:00 86016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11:42 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 14:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 14:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 14:36:20 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-10-26 14:45:26 136600]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 21:22:02 3739648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 21:10:28 35696]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 21:18:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-13 18:03:10 292128]
"Edalizajovanile"="C:\WINDOWS\oyedilawetidalu.dll" [2008-12-04 23:59:24 134144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - C:\WINDOWS\system32\narrator.exe [2004-08-04 10:00:00 53760]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-8-18 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [7/23/2009 12:18:01 PM 64160]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe --> C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49:06 AM 1029456]
S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;C:\WINDOWS\system32\drivers\WlanGZXP.sys [8/30/2007 4:11:15 PM 402944]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeUpdater - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-REGSHAVE - C:\Program Files\REGSHAVE\REGSHAVE.EXE
HKLM-Run-VerizonServicepoint.exe - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - C:\DOCUME~1\ANDREW~1\APPLIC~1\Mozilla\Firefox\Profiles\h8pre2sy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: XUL Cache: {8A551DF7-6415-413B-97BA-771A8D86BB22} - C:\Documents and Settings\Andrew Gladwin\Local Settings\Application Data\{8A551DF7-6415-413B-97BA-771A8D86BB22}

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

I had to split it into two. I hope that's it, I tried to go back to the Combo-Fix folder and it's empty now, the Trojan must've wiped it....

I might have to leave for a couple hours, but I'll be back sometime before 9 (it's 5:30 here) so I hope you'll be back and still be able to help. If that's not it and the folder's wiped, would you like me to rerun Combo-Fix?

BUMP

I have returned, and if I could start again with help it'd be greatly appreciated. Or, if Origin is off for now, I'll come back tomorrow to keep working. This is on e-mal alert so luckily I'll know if there's a respons.

I ran Malware Anti-Bytes in a quick scan and it removed 8 items, said I had to restart to fully do so. It saved alog, and I haven't done anything since. Just updating.

I think the problem is gone. I ran Ad-Aware smart scan and nothing showed up, and both a Malware Anti-Bytes quick and full system scan and nothing sems to be showing up anymore. I haven't done anything else, and left Ad-Aware disabled, so if there's anything else I should do let me know. If it sounds all good, let me know and I can leave you alone.

Hello.
Most of the malware is gone, but some problems still remain.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
  
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  
• When prompted to run the scan, click Yes.
  
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  

Now open a new notepad file.
Input this into the notepad file:

File::
C:\WINDOWS\msb.exe
C:\WINDOWS\oyedilawetidalu.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Edalizajovanile"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

GooredFix by jpshortstuff (12.07.09)
Log created at 18:56 on 25/07/2009 (Andrew Gladwin)
Firefox version 3.5.1 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{8A551DF7-6415-413B-97BA-771A8D86BB22} -> Success!
Deleting C:\Documents and Settings\Andrew Gladwin\Local Settings\Application Data\{8A551DF7-6415-413B-97BA-771A8D86BB22} -> Success!

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:49 11/06/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [16:34 16/09/2007]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [14:45 26/10/2008]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:45 26/10/2008]

-=E.O.F=-

When I dragged it into Combo-Fix, it said I can not rename ComboFix as Combo-Fix, but that's what I was told to do way back. Should I just change the name on the desktop (click and then it lets me change it without having to open My Computer) to ComboFix and then do it?

Nah, re-download Combofix without renaming it.

ComboFix 09-07-24.01 - Andrew Gladwin 07/25/2009 19:16.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.232 [GMT -4:00]
Running from: c:\documents and settings\Andrew Gladwin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Gladwin\Desktop\CFScript.txt
AV: ZoneAlarm Anti-virus Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Anti-virus Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\msb.exe"
"c:\windows\oyedilawetidalu.dll"
.

((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-24 17:01 . 2009-07-24 17:01 -------- d-----w- c:\documents and settings\Andrew Gladwin\Application Data\Malwarebytes
2009-07-24 17:01 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 17:01 . 2009-07-24 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 17:01 . 2009-07-24 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-24 17:01 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 20:46 . 2009-07-25 22:59 -------- d-s---w- C:\Combo-Fix
2009-07-23 18:54 . 2009-07-23 18:54 -------- d-----w- c:\program files\Trend Micro
2009-07-23 16:28 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-23 16:18 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-23 16:17 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-23 16:17 . 2009-07-23 16:17 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-23 16:16 . 2009-07-23 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-23 16:16 . 2009-07-23 16:16 -------- d-----w- c:\program files\Lavasoft
2009-07-17 18:39 . 2009-07-17 18:39 -------- d-----w- c:\program files\iPod
2009-07-17 18:30 . 2009-07-17 18:30 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-13 20:40 . 2009-07-25 20:44 -------- d-----w- c:\program files\TuneUpMedia
2009-07-13 20:40 . 2009-07-25 20:46 -------- d-----w- c:\documents and settings\Andrew Gladwin\Application Data\TuneUpMedia
2009-07-13 20:40 . 2009-07-13 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-07-09 03:43 . 2009-07-09 03:43 -------- d-----w- c:\program files\The Extractor
2009-07-09 03:43 . 2009-07-09 03:42 737280 ----a-w- c:\windows\iun6002.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 21:02 . 2006-04-24 17:24 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-25 21:02 . 2005-11-21 17:42 56 --sh--r- c:\windows\system32\0F7D1EBD22.sys
2009-07-24 21:40 . 2007-07-03 21:44 386636 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-24 21:40 . 2007-07-03 21:43 31641376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-23 20:46 . 2008-12-11 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-23 20:32 . 2008-12-23 19:35 -------- d-----w- c:\program files\DNA
2009-07-17 18:40 . 2008-01-13 03:13 -------- d-----w- c:\program files\iTunes
2009-07-17 18:39 . 2007-06-30 20:37 -------- d-----w- c:\program files\Common Files\Apple
2009-07-16 20:44 . 2008-12-11 01:36 -------- d-----w- c:\program files\NOS
2009-07-05 18:48 . 2005-09-26 03:46 -------- d-----w- c:\documents and settings\Andrew Gladwin\Application Data\Apple Computer
2009-07-05 16:27 . 2009-06-22 01:00 -------- d-----w- c:\program files\FlashMute
2009-06-17 22:04 . 2007-06-30 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-16 14:55 . 2004-08-10 17:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 17:51 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 00:02 . 2006-07-21 20:03 1878984 ----a-w- c:\documents and settings\Andrew Gladwin\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-10 22:29 . 2009-06-10 19:53 -------- d-----w- c:\documents and settings\Andrew Gladwin\Application Data\U3
2009-06-10 22:18 . 2008-10-13 17:57 -------- d-----w- c:\documents and settings\Andrew Gladwin\Application Data\gtk-2.0
2009-06-04 21:10 . 2009-05-26 19:34 25 ----a-w- c:\windows\popcinfot.dat
2009-06-03 19:27 . 2004-08-10 17:51 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 11:06 . 2009-06-02 11:05 -------- d-----w- c:\program files\QuickTime
2009-05-29 17:36 . 2009-05-10 20:38 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 17:36 . 2008-01-13 03:04 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-07 15:44 . 2004-08-10 17:51 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 17:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 04:39 . 2008-06-18 10:39 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-07-23 21:22 . 2007-07-23 21:22 19104 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-07-23 21:22 . 2007-07-23 21:22 105632 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-23_21.07.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-24 21:41 . 2009-07-24 21:41 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 389120]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 4670968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 136600]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/23/2009 12:18 PM 64160]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
S3 ZG760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\drivers\WlanGZXP.sys [8/30/2007 4:11 PM 402944]
.
Contents of the 'Scheduled Tasks' folder

2009-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
.

------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Andrew Gladwin\Application Data\Mozilla\Firefox\Profiles\h8pre2sy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk23.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3345164839-973460320-4224190119-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1652)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
.
Completion time: 2009-07-25 19:27
ComboFix-quarantined-files.txt 2009-07-25 23:26
ComboFix2.txt 2009-07-23 21:17

Pre-Run: 62,314,770,432 bytes free
Post-Run: 62,305,247,232 bytes free

232 --- E O F --- 2009-07-15 07:01

Hello.
Just about done now, one last log I want to see.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
Bonjour
DellSupport
DivX Codec
DivX Player
DivX Web Player
Gimp 2.6.0
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.1)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Netflix Movie Viewer
Plants vs. Zombies
PokerStars.net
QuickTime
RER Video Converter
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
The Extractor
TuneUp Companion 1.5.7
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Yahoo! Messenger
ZoneAlarm Anti-virus

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
Java(TM) 6 Update 10
Java(TM) 6 Update 2

Updating Java:

• Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  
• Select the first option where it says "This release is Windows 7 support-ready and includes support for Internet Explorer 8...".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe that you downloaded to install the newest version.
  

How is the machine running now?

Quite well, actually. Java went under my radar but I dunno how much it's used with Firefox, so I'm glad to update it. I really can't thank you guys enough for going through all this with me and being patient, because you saved me from wiping my hard drive and the 15 bucks (I know, not much) I spent on iTunes and the long list of books I want to buy, which is pretty important to me. Plus, you saved my paying some guy to come in and mess around and instead I got a little bit of knowledge from doing it myself with a lot of help.

Anything else I need to do, or fini?

Nope, looks fine now.