please help - Antivirus Live/Antivirus System Pro

Hi, this is my first time posting something like this, but hopefully i can explain everything correctly and someone can help. My computer is trashed. I get a windows security pop up every so often about how my computer is affected by spyware and i now have Antivirus Live and Antivirus System Pro on my computer. I can't use any applications or programs like task manager or Internet Explorer. When i try to use the internet, i get redirected to the antivirus website. I can only use it right when i turn it on and log on, but after about 30 seconds, it gets taken over. Here is my Hijack This log, and i hope i did it right. Someone please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:15 PM, on 12/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\regsvr32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [hqdjeaho] C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hqdjeaho] C:\Documents and Settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: scandisk.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9202 bytes

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

here is the log from ComboFix

ComboFix 09-12-08.03 - Anthony 12/08/2009 14:28:12.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.898 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\commy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg
c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
c:\documents and settings\Anthony\Start Menu\Programs\Startup\scandisk.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-11-29 03:10 . 2009-11-29 03:10 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Threat Expert
2009-11-28 17:32 . 2009-11-28 17:32 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-27 16:21 . 2009-11-27 16:21 -------- d-----w- c:\program files\Trend Micro
2009-11-27 05:31 . 2009-11-27 05:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Avanquest
2009-11-27 04:56 . 2009-11-27 04:58 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-27 04:17 . 2009-11-27 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\87930431
2009-11-23 20:07 . 2009-11-29 05:24 79488 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-29 03:37 . 2008-03-07 20:05 -------- d-----w- c:\program files\Spyware Doctor
2009-11-29 03:12 . 2008-03-07 20:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-15 01:05 . 2009-10-10 23:31 -------- d-----w- c:\program files\World of Warcraft
2009-10-29 03:43 . 2007-06-08 18:22 -------- d-----w- c:\program files\Full Tilt Poker
2009-10-29 03:42 . 2006-03-02 22:30 39952 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 04:15 . 2009-10-20 04:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-11 05:51 . 2009-10-11 05:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-10-11 04:04 . 2006-02-23 00:43 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-10-11 02:25 . 2006-12-09 16:07 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 00:43 . 2009-10-05 03:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-10 22:25 . 2009-10-10 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-09-11 14:18 . 2003-07-16 20:36 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-29_03.39.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 04:14 . 2009-11-29 04:14 16384 c:\windows\Temp\Perflib_Perfdata_6c4.dat
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-11-30 08:00 . 2009-11-30 08:00 195584 c:\windows\Installer\5f5f69f.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-27 1048576]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 12:36 PM 32528]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [9/1/2007 5:58 AM 20496]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MAILSCAN
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-hqdjeaho - c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe
HKLM-Run-hqdjeaho - c:\documents and settings\Anthony\Local Settings\Application Data\pjrdgg\kvjusysguard.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2009-12-08 14:36:58
ComboFix-quarantined-files.txt 2009-12-08 19:36
ComboFix2.txt 2009-11-29 03:49

Pre-Run: 6,591,483,904 bytes free
Post-Run: 6,569,078,784 bytes free

- - End Of File - - 36F3CF6E61530F40CD6A9406E17623DF

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

here is the malwarebytes log

Malwarebytes' Anti-Malware 1.42
Database version: 3325
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/8/2009 9:28:34 PM
mbam-log-2009-12-08 (21-28-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 187101
Time elapsed: 45 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\87930431 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Chris\ntuser.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0CCA057-8B5D-4A2E-8763-45880952FE3F}\RP878\A0194410.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0CCA057-8B5D-4A2E-8763-45880952FE3F}\RP879\A0194484.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A0CCA057-8B5D-4A2E-8763-45880952FE3F}\RP879\A0194489.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

here is the f scanner report.

Scanning Report
Thursday, December 10, 2009 01:00:46 - 06:00:15
Computer name: BOPREY1
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

13 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.Adinterax (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Specificclick (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Trojan.Script.236197 (virus)
C:\DOCUMENTS AND SETTINGS\ANTHONY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RXIQNR7E\AD[1].JS (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31465
System: 2990
Not scanned: 153
Actions:
Disinfected: 12
Renamed: 1
Deleted: 0
Not cleaned: 0
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP
C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE
C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
C:\DOCUMENTS AND SETTINGS\ANTHONY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LPPKCO1O\SYSTEMSCAN-CHECK_NET[1].HTM
C:\8095E69BC3DB2D8B58\ADMPARSE.DLL
C:\8095E69BC3DB2D8B58\ADVPACK.DLL
C:\8095E69BC3DB2D8B58\CORPOL.DLL
C:\8095E69BC3DB2D8B58\CUSTSAT.DLL
C:\8095E69BC3DB2D8B58\DXTRANS.DLL
C:\8095E69BC3DB2D8B58\DXTMSFT.DLL
C:\8095E69BC3DB2D8B58\EXTMGR.DLL
C:\8095E69BC3DB2D8B58\BROWSEUI.DLL
C:\8095E69BC3DB2D8B58\HMMAPI.DLL
C:\8095E69BC3DB2D8B58\IE4UINIT.EXE
C:\8095E69BC3DB2D8B58\ICARDIE.DLL
C:\8095E69BC3DB2D8B58\IEAKENG.DLL
C:\8095E69BC3DB2D8B58\IEAKMMC.CHM
C:\8095E69BC3DB2D8B58\IEAKUI.DLL
C:\8095E69BC3DB2D8B58\IEAKSIE.DLL
C:\8095E69BC3DB2D8B58\IEAPFLTR.DLL
C:\8095E69BC3DB2D8B58\IEDW.EXE
C:\8095E69BC3DB2D8B58\IEEULA.CHM
C:\8095E69BC3DB2D8B58\IEENCODE.DLL
C:\8095E69BC3DB2D8B58\IEDKCS32.DLL
C:\8095E69BC3DB2D8B58\IERNONCE.DLL
C:\8095E69BC3DB2D8B58\IEPEERS.DLL
C:\8095E69BC3DB2D8B58\IEPROXY.DLL
C:\8095E69BC3DB2D8B58\IESETUP.DLL
C:\8095E69BC3DB2D8B58\IESUPP.CHM
C:\8095E69BC3DB2D8B58\IERTUTIL.DLL
C:\8095E69BC3DB2D8B58\IEUINIT.INF
C:\8095E69BC3DB2D8B58\IEUDINIT.EXE
C:\8095E69BC3DB2D8B58\IEXPLORE.CHM
C:\8095E69BC3DB2D8B58\IMGUTIL.DLL
C:\8095E69BC3DB2D8B58\INETCPL.CPL
C:\8095E69BC3DB2D8B58\IEUI.DLL
C:\8095E69BC3DB2D8B58\IEFRAME.DLL
C:\8095E69BC3DB2D8B58\JSPROXY.DLL
C:\8095E69BC3DB2D8B58\IEXPLORE.EXE
C:\8095E69BC3DB2D8B58\INSENG.DLL
C:\8095E69BC3DB2D8B58\LICMGR10.DLL
C:\8095E69BC3DB2D8B58\MSFEEDSBS.DLL
C:\8095E69BC3DB2D8B58\MSFEEDSSYNC.EXE
C:\8095E69BC3DB2D8B58\JSCRIPT.DLL
C:\8095E69BC3DB2D8B58\MSHTA.EXE
C:\8095E69BC3DB2D8B58\MSHTML.TLB
C:\8095E69BC3DB2D8B58\MSFEEDS.DLL
C:\8095E69BC3DB2D8B58\MSHTMLER.DLL
C:\8095E69BC3DB2D8B58\MSLS31.DLL
C:\8095E69BC3DB2D8B58\MSRATING.DLL
C:\8095E69BC3DB2D8B58\MSHTMLED.DLL
C:\8095E69BC3DB2D8B58\OCCACHE.INI
C:\8095E69BC3DB2D8B58\OCCACHE.DLL
C:\8095E69BC3DB2D8B58\PNGFILT.DLL
C:\8095E69BC3DB2D8B58\MSTIME.DLL
C:\8095E69BC3DB2D8B58\SPMSG.DLL
C:\8095E69BC3DB2D8B58\SHLWAPI.DLL
C:\8095E69BC3DB2D8B58\MSHTML.DLL
C:\8095E69BC3DB2D8B58\SPUPDSVC.EXE
C:\8095E69BC3DB2D8B58\TDC.OCX
C:\8095E69BC3DB2D8B58\SPUNINST.EXE
C:\8095E69BC3DB2D8B58\SHDOCVW.DLL
C:\8095E69BC3DB2D8B58\URL.DLL
C:\8095E69BC3DB2D8B58\VBSCRIPT.DLL
C:\8095E69BC3DB2D8B58\WEBCHECK.INI
C:\8095E69BC3DB2D8B58\WEBCHECK.DLL
C:\8095E69BC3DB2D8B58\VGX.DLL
C:\8095E69BC3DB2D8B58\URLMON.DLL
C:\8095E69BC3DB2D8B58\WINFXDOCOBJ.EXE
C:\002C646DC282802160\ADMPARSE.DLL
C:\002C646DC282802160\CORPOL.DLL
C:\002C646DC282802160\ADVPACK.DLL
C:\002C646DC282802160\CUSTSAT.DLL
C:\8095E69BC3DB2D8B58\WININET.DLL
C:\002C646DC282802160\BROWSEUI.DLL
C:\002C646DC282802160\DXTRANS.DLL
C:\002C646DC282802160\EXTMGR.DLL
C:\002C646DC282802160\DXTMSFT.DLL
C:\002C646DC282802160\IE4UINIT.EXE
C:\002C646DC282802160\HMMAPI.DLL
C:\002C646DC282802160\IEAKMMC.CHM
C:\002C646DC282802160\ICARDIE.DLL
C:\002C646DC282802160\IEAKENG.DLL
C:\002C646DC282802160\IEAKUI.DLL
C:\002C646DC282802160\IEAKSIE.DLL
C:\002C646DC282802160\IEENCODE.DLL
C:\002C646DC282802160\IEAPFLTR.DLL
C:\002C646DC282802160\IEDKCS32.DLL
C:\002C646DC282802160\IEDW.EXE
C:\002C646DC282802160\IEEULA.CHM
C:\002C646DC282802160\IERNONCE.DLL
C:\002C646DC282802160\IEPEERS.DLL
C:\002C646DC282802160\IESETUP.DLL
C:\002C646DC282802160\IEPROXY.DLL
C:\002C646DC282802160\IESUPP.CHM
C:\002C646DC282802160\IEUDINIT.EXE
C:\002C646DC282802160\IEUINIT.INF
C:\002C646DC282802160\IERTUTIL.DLL
C:\002C646DC282802160\IEXPLORE.CHM
C:\002C646DC282802160\IEUI.DLL
C:\002C646DC282802160\IMGUTIL.DLL
C:\002C646DC282802160\INETCPL.CPL
C:\002C646DC282802160\IEXPLORE.EXE
C:\002C646DC282802160\INSENG.DLL
C:\002C646DC282802160\IEFRAME.DLL
C:\002C646DC282802160\JSPROXY.DLL
C:\002C646DC282802160\LICMGR10.DLL
C:\002C646DC282802160\JSCRIPT.DLL
C:\002C646DC282802160\MSFEEDSBS.DLL
C:\002C646DC282802160\MSFEEDSSYNC.EXE
C:\002C646DC282802160\MSFEEDS.DLL
C:\002C646DC282802160\MSHTML.TLB
C:\002C646DC282802160\MSHTA.EXE
C:\002C646DC282802160\MSHTMLER.DLL
C:\002C646DC282802160\MSLS31.DLL
C:\002C646DC282802160\MSRATING.DLL
C:\002C646DC282802160\MSHTMLED.DLL
C:\002C646DC282802160\OCCACHE.INI
C:\002C646DC282802160\PNGFILT.DLL
C:\002C646DC282802160\OCCACHE.DLL
C:\002C646DC282802160\MSTIME.DLL
C:\002C646DC282802160\SPMSG.DLL
C:\002C646DC282802160\MSHTML.DLL
C:\002C646DC282802160\SPUPDSVC.EXE
C:\002C646DC282802160\TDC.OCX
C:\002C646DC282802160\SPUNINST.EXE
C:\002C646DC282802160\SHLWAPI.DLL
C:\002C646DC282802160\SHDOCVW.DLL
C:\002C646DC282802160\URL.DLL
C:\002C646DC282802160\VBSCRIPT.DLL
C:\002C646DC282802160\WEBCHECK.INI
C:\002C646DC282802160\WEBCHECK.DLL
C:\002C646DC282802160\VGX.DLL
C:\002C646DC282802160\URLMON.DLL
C:\002C646DC282802160\WINFXDOCOBJ.EXE
C:\002C646DC282802160\WININET.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

heres the new MBAM log.

Malwarebytes' Anti-Malware 1.42
Database version: 3344
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

12/10/2009 9:55:31 PM
mbam-log-2009-12-10 (21-55-31).txt

Scan type: Quick Scan
Objects scanned: 128866
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

so my computer has been running great since you started helping me, but for some reason last night, the virus came back. Now my desktop background also changes to some different colors and has a big security warning in the middle of it. When i log in to my computer, i get a warning saying my computer has a worm called netsky or something. I wasnt able to do the security check, and i didnt want to do anything before making sure it was ok first. I was able to get a hijack this log if it helps. I also have a question, since i have to run hijack this before the virus kicks in, will it be missing anything important in the log?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:38 AM, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\winlogon86.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winupdate86.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\DOCUME~1\Anthony\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\Anthony\LOCALS~1\Temp\kzffyy23nw.exe
C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: C:\WINDOWS\system32\md2092f86.dll - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\md2092f86.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [StartServiceNMDECMPM] C:\Documents and Settings\Anthony\Local Settings\Application Data\NMDECMPM\StartService.exe
O4 - HKLM\..\Run: [ngqbbvca] C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
O4 - HKLM\..\Run: [pafulomip] Rundll32.exe "c:\windows\system32\tipifipo.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\Anthony\ntload.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Anthony\LOCALS~1\Temp\smss.exe
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Anthony\LOCALS~1\Temp\kzffyy23nw.exe
O4 - HKCU\..\Run: [ngqbbvca] C:\Documents and Settings\Anthony\Local Settings\Application Data\pdvqtj\civssysguard.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O20 - AppInit_DLLs: busareki.dll
O20 - Winlogon Notify: kbupdate - C:\WINDOWS\SYSTEM32\kbupdate.dll
O21 - SSODL: tofikovif - {0f0303d7-b313-46f0-a824-7da248cc9dea} - c:\windows\system32\tipifipo.dll
O22 - SharedTaskScheduler: gar873hruefrh87w3hjinhef87w3h7dfd - {C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - C:\WINDOWS\system32\md2092f86.dll
O22 - SharedTaskScheduler: jugezatag - {0f0303d7-b313-46f0-a824-7da248cc9dea} - c:\windows\system32\tipifipo.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10231 bytes

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

i got the kapersky tool on the desktop but my computer wont run in safe mode. When i choose to, i get a blue screen that says a problem has been detected and windows has been shut down to protect my computer

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

Here is the url of the report. Also, when i turned my computer, Anti-virus Pro or whatever was gone and i was able to run programs for some reason. My desktop was still changed though and i was getting some bad pop-ups.

http://www.getsysteminfo.com/read.php?file=dc8c70b4e5b3019410cc4f7116951c40

Please download Cheetah Anti-Rogue: Malware Removal Tool, by me, and save to your Desktop: randomly named DOWNLOAD: KillASP.bat from MediaFire.

Once on the Desktop, double-click it to run. It will complete its process shortly, and may take 1-3 minutes. The screen will be black, and will not look like it is doing anything - this is normal. It will launch a Notepad file: Cheetah.txt.

Please post the results of it in your next reply.

Hey, I downloaded and ran the file, but my screen didnt turn black or anything, and the text file that came up wasn't called cheetah.txt, so im not sure if this is the log, but here it is.

I was thinking that i didnt do the right thing, so i tried again and got this

Cheetah Anti-Rogue: Malware Removal Tool

Microsoft Windows XP [Version 5.1.2600]
Mon 12/14/2009 0:17:48.68


-- Objects infected --

C:\Documents and Settings\Anthony\Local Settings\temp\781.exe (Heuristic.Virus.781)
C:\Documents and Settings\Anthony\Local Settings\temp\753570442.exe (AntivirusSystemPro.RGE)
C:\Documents and Settings\Anthony\Local Settings\temp\724820442.exe (AntivirusSystemPro.RGE)
C:\Documents and Settings\Anthony\Local Settings\temp\624976692.exe (AntivirusSystemPro.RGE)
C:\Documents and Settings\Anthony\Local Settings\temp\3827476692.exe (AntivirusSystemPro.RGE)
C:\Documents and Settings\Anthony\Local Settings\temp\0.7055475.exe (AntivirusSystemPro.Trj-Downloader)
C:\Documents and Settings\Anthony\Local Settings\temp\kzffyy23nw.exe (AntivirusLive.RGE)
C:\WINDOWS\Temp\4278726692.exe (AntivirusSystemPro.RGE)
C:\WINDOWS\system32\BtwSrv.dll (Trj.BTWSRV)
C:\WINDOWS\system32\crt4.dll (Trj.FakeAV and Adw.SaveNow)
C:\WINDOWS\system32\winlogon86.exe (HEUR:::Trj.FakeAV)
C:\WINDOWS\system32\winupdate86.exe (HEUR:::Trj.FakeAV)
C:\WINDOWS\system32\xm1985.dll (Trj.MsWerr)
C:\WINDOWS\bnetunin.exe (HEUR:::AntivirusSystemPro.RGE)
C:\WINDOWS\system32\lsm32.sys (Trj.VB)
C:\WINDOWS\Temp\debug.exe (Trj.FakeAlert)
C:\WINDOWS\Temp\spoolsv.exe (Trj.FakeAlert)
C:\WINDOWS\Temp\smss.exe (Trj.FakeAlert)
C:\WINDOWS\system32\wewusigo.dll (AntivirusSystemPro.RGE)
C:\WINDOWS\system32\penipure.dll (AntivirusSystemPro.RGE)
C:\WINDOWS\system32\sonosuje.dll (AntivirusSystemPro.RGE)
C:\WINDOWS\diabswun.exe (Trj.FakeAV)


-- Objects removed --

C:\WINDOWS\system32\BtwSrv.dll
C:\WINDOWS\system32\crt4.dll
C:\WINDOWS\system32\winlogon86.exe
C:\WINDOWS\system32\winupdate86.exe


-- Trojan Orphans removed --

C:\WINDOWS\system32\6to4v32.dll


EOF

Please re-run Kaspersky Get System Info as above, and post a new URL. I need to do a final check of those files, and see what is up.

here is the url for the new report.

http://www.getsysteminfo.com/read.php?file=290d8f29a4a1c44e0557fa28e4580cd6

Please run Trend Micro Housecall online scan.

• Click Scan now.
  
• Read and put a Check next to Yes I accept the terms of use.
  
• Click the Launching HouseCall>> button.
  
• If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  
• You may receive a Security Warning about the TrendMicro Java applet, click YES.
  
• Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  
• Please be patient while it installs, updates, and scans your system.
  
• Once the scan is complete, it will take you to the summary page.
  
• Under Cleanup options, choose clean all detected infections automatically.
  
• Click the Clean now>> button.
  
• If anything was found you may be prompted to run the scan again, you can just close the browser window.

i cant run the online scan because my computer wont let me run internet explorer. I can get to the site, but by the time i get there, the antivirus pro blocks me from doing anything else. should i run combofix again? because the last time i did, everything seemed to be normal and i was able to access the internet

Go ahead, and post a new log.

alright, i ran combofix and it went through everything fine. after it rebooted my computer, an error message popped up saying that notepad.dll couldnt run because it could not be found. My screen is showing the blue command box saying not to run any programs until combofix is finished, and it has been like this for about ten minutes. what should i do?

Download Notepad ++ from here: http://notepad-plus.sourceforge.net/uk/download.php

Use the Binary file, download and install.

Then, follow the information on how to replace Notepad.

Lastly, run ComboFix again, and see if that error message pops up.

sorry, i checked my computer again after i posted and a log file was on the screen. i dont know what happened but i guess i just needed to wait longer

ComboFix 09-12-08.03 - Anthony 12/14/2009 15:36:30.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.855 [GMT -5:00]
Running from: c:documents and settingsAnthonyMy DocumentsMathemergencycommy.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:docume~1AnthonyLOCALS~1Templsass.exe
c:docume~1AnthonyLOCALS~1Tempwinlogon.exe
c:docume~1AnthonyLOCALS~1Tempwscsvc32.exe
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr0.dat
c:documents and settingsAll UsersApplication DataMicrosoftNetworkDownloaderqmgr1.dat
c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtj
c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtjcivssysguard.exe
c:documents and settingsAnthonyStart MenuProgramsStartupscandisk.dll
c:documents and settingsAnthonyStart MenuProgramsStartupscandisk.lnk
c:recyclerS-1-5-21-3781777486-0661304054-339478247-8690
c:recyclerS-1-5-21-3781777486-0661304054-339478247-8690Desktop.ini
c:recyclerS-1-5-21-3781777486-0661304054-339478247-8690msimfo32.exe
c:recyclerS-1-5-21-5289978000-5408025882-951223212-7940
c:windowsInstall.txt
c:windowssystem326to4v32.dll
c:windowssystem32AVR10.exe
c:windowssystem32BtwSrv.dll
c:windowssystem32certstore.dat
c:windowssystem32critical_warning.html
c:windowssystem32crt4.dll
c:windowssystem32FastNetSrv.exe
c:windowssystem32FInstall.sys
c:windowssystem32Iasv32.dll
c:windowssystem32Install.txt
c:windowssystem32kbdatat4.dll
c:windowssystem32kboem32.dat
c:windowssystem32kbupdate.dll
c:windowssystem32kidowavi.dll
c:windowssystem32md2092f86.dll
c:windowssystem32nijufagi.dll
c:windowssystem32nobiyaki.dll
c:windowssystem32notepad.dll
c:windowssystem32opeia.exe
c:windowssystem32penipure.dll
c:windowssystem32sazukojo.exe
c:windowssystem32tafiwizo.dll
c:windowssystem32tegavipo.exe
c:windowssystem32vidohosi.dll
c:windowssystem32winhelper86.dll
c:windowssystem32winlogon86.exe
c:windowssystem32winupdate86.exe
c:windowssystem32wmdtc.exe
c:windowssystem32yemopego.dll
c:windowsTasksmpgtzcdm.job
c:windowsTemp989609876.exe
c:windowsTEMPmta13187.dll

----- BITS: Possible infected sites -----

hxxp://82.98.231.102
hxxp://92.241.165.204
hxxp://thekmultimedia.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_BTWSRV
-------Legacy_FASTNETSRV
-------Legacy_IAS
-------Service_BtwSrv
-------Service_fastnetsrv
-------Service_Ias


((((((((((((((((((((((((( Files Created from 2009-11-14 to 2009-12-14 )))))))))))))))))))))))))))))))
.

2009-12-11 16:36 . 2009-12-11 16:36 0 --sha-w- c:documents and settingsNetworkServicentload.dll
2009-12-11 07:40 . 2009-12-14 20:32 20 ----a-w- c:windowssystem32crt.dat
2009-12-11 07:40 . 2009-12-11 07:40 3584 ----a-w- C:udhkiixx.exe
2009-12-11 07:40 . 2009-12-11 07:40 156672 ----a-w- C:nymeu.exe
2009-12-11 07:40 . 2009-12-11 07:40 40960 ----a-w- C:pdvwd.exe
2009-12-11 07:39 . 2009-12-11 07:39 8704 ----a-w- C:ryiasu.exe
2009-12-11 07:39 . 2009-12-11 07:39 135168 ----a-w- C:dcgwhpoh.exe
2009-12-10 02:52 . 2009-12-10 02:52 -------- d-----w- c:documents and settingsAll UsersApplication DataF-Secure
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:documents and settingsAnthonyApplication DataMalwarebytes
2009-12-09 01:09 . 2009-12-03 21:14 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-09 01:09 . 2009-12-03 21:13 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-11-29 03:10 . 2009-11-29 03:10 -------- d-----w- c:documents and settingsAnthonyLocal SettingsApplication DataThreat Expert
2009-11-28 17:32 . 2009-11-28 17:32 79488 ----a-w- c:documents and settingsChrisApplication DataSunJavajre1.6.0_17gtapi.dll
2009-11-27 16:21 . 2009-11-27 16:21 -------- d-----w- c:program filesTrend Micro
2009-11-27 05:31 . 2009-11-27 05:31 -------- d-----w- c:documents and settingsChrisApplication DataAvanquest
2009-11-27 04:56 . 2009-11-27 04:58 -------- d-----w- c:program filesWindows Live Safety Center
2009-11-23 20:07 . 2009-11-29 05:24 79488 ----a-w- c:documents and settingsAnthonyApplication DataSunJavajre1.6.0_17gtapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 04:19 . 2007-06-08 18:22 -------- d-----w- c:program filesFull Tilt Poker
2009-11-29 03:37 . 2008-03-07 20:05 -------- d-----w- c:program filesSpyware Doctor
2009-11-29 03:12 . 2008-03-07 20:06 -------- d---a-w- c:documents and settingsAll UsersApplication DataTEMP
2009-11-15 01:05 . 2009-10-10 23:31 -------- d-----w- c:program filesWorld of Warcraft
2009-10-29 07:46 . 2005-10-21 17:51 832512 ----a-w- c:windowssystem32wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:windowssystem32ieencode.dll
2009-10-29 07:46 . 2003-07-16 20:25 17408 ----a-w- c:windowssystem32corpol.dll
2009-10-29 03:42 . 2006-03-02 22:30 39952 ----a-w- c:documents and settingsAnthonyLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:windowssystem32drivershttp.sys
2009-10-20 04:15 . 2009-10-20 04:15 -------- d-----w- c:program filesMicrosoft Silverlight
2009-10-13 10:30 . 2003-07-16 20:40 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:38 . 2003-07-16 20:42 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38 . 2003-07-16 20:42 79872 ----a-w- c:windowssystem32raschap.dll
2009-10-11 04:04 . 2006-02-23 00:43 77423 ----a-w- c:windowsPCHealthHelpCtrOfflineCacheindex.dat
2009-09-12 04:03 . 2009-09-12 04:03 39424 --sha-w- c:windowssystem32barijatu.dll
2009-09-12 04:03 . 2009-09-12 04:03 54272 --sha-w- c:windowssystem32kabujupe.dll
2009-09-13 03:56 . 2009-09-13 03:56 39424 --sha-w- c:windowssystem32mayotomo.dll
2009-09-12 04:04 . 2009-09-12 04:04 54272 --sha-w- c:windowssystem32pebuhewe.dll
2009-09-14 19:18 . 2009-09-14 19:18 61952 --sha-w- c:windowssystem32vajatika.dll
2009-09-14 19:18 . 2009-09-14 19:18 39424 --sha-w- c:windowssystem32vohelipe.dll
2009-09-13 03:56 . 2009-09-13 03:56 45568 --sha-w- c:windowssystem32wogutopa.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{14a12408-071b-4e7c-8b8d-9c195174b0be}]
2009-09-12 04:04 54272 --sha-w- c:windowssystem32pebuhewe.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2008-04-14 1695232]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowsSystem32NvCpl.dll" [2003-11-03 4800512]
"diagent"="c:program filesCreativeSBLiveDiagnosticsdiagent.exe" [2002-04-03 135264]
"UpdReg"="c:windowsUpdReg.EXE" [2000-05-11 90112]
"dla"="c:windowssystem32dlatfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:program filesDell AIO Printer A920dlbkbmgr.exe" [2003-06-02 270336]
"masqform.exe"="c:program filesPureEdgeViewer 6.0masqform.exe" [2004-01-27 1048576]
"Ulead AutoDetector"="c:program filesUlead SystemsUlead Photo Explorer 8.0 SE BasicMonitor.exe" [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"="c:program filesUlead SystemsUlead Photo Express 5 SEcalcheck.exe" [2004-01-13 69632]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2008-01-10 385024]
"VirusScannerPro"="c:progra~1AVANQU~1Fix-ItMemCheck.exe" [2007-09-01 173312]
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PifSvc.exe" [2007-03-12 517768]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:documents and settingsAll UsersStart MenuProgramsStartup
Adobe Reader Speed Launch.lnk - c:program filesAdobeAcrobat 7.0Readerreader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=""

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=

R2 tmpreflt;tmpreflt;c:progra~1AVANQU~1Fix-Ittmpreflt.sys [8/31/2007 12:36 PM 32528]
R3 MailScan;MailScan;c:progra~1AVANQU~1Fix-ItMailScan.sys [9/1/2007 5:58 AM 20496]
S3 ndisdrv;ndisdrv;c:windowssystem32ndisdrv.sys [7/16/2003 3:33 PM 2304]
S3 winsts;winsts;c:windowssystem32winsts.sys [7/16/2003 3:33 PM 2304]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MAILSCAN
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: &Yahoo! Search - file:///c:program filesYahoo!Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:program filesYahoo!Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:program filesYahoo!Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:program filesYahoo!Common/ycsms.htm
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254
.
- - - - ORPHANS REMOVED - - - -

BHO-{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - c:windowssystem32md2092f86.dll
HKCU-Run-ngqbbvca - c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtjcivssysguard.exe
HKLM-Run-notepad - c:windowssystem32notepad.dll
HKLM-Run-StartServiceNMDECMPM - c:documents and settingsAnthonyLocal SettingsApplication DataNMDECMPMStartService.exe
HKLM-Run-ngqbbvca - c:documents and settingsAnthonyLocal SettingsApplication Datapdvqtjcivssysguard.exe
HKLM-Run-pafulomip - c:windowssystem32kidowavi.dll
HKLM-Run-pugirofuge - tafiwizo.dll
SharedTaskScheduler-{C5B24B16-23F2-41AD-F4E4-00ABC39C0004} - c:windowssystem32md2092f86.dll
SharedTaskScheduler-{e7eaac45-3be4-48bc-b587-c625968085e2} - c:windowssystem32wewusigo.dll
SharedTaskScheduler-{b10269a1-0229-4fcc-bcb7-1402f6331ecb} - c:windowssystem32sonosuje.dll
SharedTaskScheduler-{82e79279-52b7-4927-81cf-ce75211e8af6} - c:windowssystem32kidowavi.dll
SSODL-jinakabiw-{e7eaac45-3be4-48bc-b587-c625968085e2} - c:windowssystem32wewusigo.dll
SSODL-sudodefuf-{b10269a1-0229-4fcc-bcb7-1402f6331ecb} - c:windowssystem32sonosuje.dll
SSODL-jokufovag-{82e79279-52b7-4927-81cf-ce75211e8af6} - c:windowssystem32kidowavi.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-14 15:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:windowssystem32WININET.dll
c:progra~1AVANQU~1Fix-ItWinHook.dll
c:windowssystem32ieframe.dll
c:windowssystem32mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:windowssystem32LEXBCES.EXE
c:windowssystem32LEXPPS.EXE
c:program filesSymantecLiveUpdateAluSchedulerSvc.exe
c:program filesBonjourmDNSResponder.exe
c:windowsSystem32CTsvcCDA.exe
c:progra~1AVANQU~1Fix-Itmxtask.exe
c:program filesJavajre6binjqs.exe
c:windowsSystem32nvsvc32.exe
c:program filesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
c:windowsSystem32MsPMSPSv.exe
c:progra~1AVANQU~1Fix-Itmxtask.exe
c:windowssystem32wscntfy.exe
c:program filesDell AIO Printer A920dlbkbmon.exe
.
**************************************************************************
.
Completion time: 2009-12-14 15:55:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-14 20:55
ComboFix2.txt 2009-12-08 19:36
ComboFix3.txt 2009-11-29 03:49

Pre-Run: 8,525,221,888 bytes free
Post-Run: 8,823,894,016 bytes free

- - End Of File - - 2C44215E99278466C0A299E811237243

here is the log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Anthony at 2009-12-15 14:53:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (22%) free of 38 GB
Total RAM: 1279 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:38 PM, on 12/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Anthony\Desktop\RSIT.exe
C:\Documents and Settings\Anthony\Desktop\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {14a12408-071b-4e7c-8b8d-9c195174b0be} - pebuhewe.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pafulomip] Rundll32.exe "c:\windows\system32\mosirope.dll",a
O4 - HKLM\..\Run: [pugirofuge] Rundll32.exe "tafiwizo.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O20 - AppInit_DLLs: penipure.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8465 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14a12408-071b-4e7c-8b8d-9c195174b0be}]
C:\WINDOWS\system32\pebuhewe.dll [2009-09-11 54272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-07 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-11-03 4800512]
"diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]
"Dell AIO Printer A920"=C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe [2003-06-02 270336]
"masqform.exe"=C:\Program Files\PureEdge\Viewer 6.0\masqform.exe [2004-01-26 1048576]
"Ulead AutoDetector"=C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"=C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe [2004-01-12 69632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]
"VirusScannerPro"=C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe [2007-09-01 173312]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
"pafulomip"=c:\windows\system32\mosirope.dll,a []
"pugirofuge"=tafiwizo.dll,s []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]
"Internet Security 2010"=C:\Program Files\InternetSecurity2010\IS2010.exe [2009-12-15 1363968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="penipure.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
tafiwizo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\dla\tfswctrl.exe"="C:\WINDOWS\system32\dla\tfswctrl.exe:*:Enabled:tfswctrl"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-12-15 14:53:34 ----D---- C:\rsit
2009-12-15 14:46:40 ----A---- C:\ComboFix.txt
2009-12-15 14:29:12 ----D---- C:\Program Files\InternetSecurity2010
2009-12-15 02:10:51 ----A---- C:\WINDOWS\system32\wuyojaza.dll
2009-12-11 02:40:02 ----A---- C:\udhkiixx.exe
2009-12-11 02:40:00 ----A---- C:\pdvwd.exe
2009-12-11 02:40:00 ----A---- C:\nymeu.exe
2009-12-11 02:39:58 ----A---- C:\ryiasu.exe
2009-12-11 02:39:56 ----A---- C:\dcgwhpoh.exe
2009-12-09 21:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2009-12-09 03:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 20:09:48 ----D---- C:\Documents and Settings\Anthony\Application Data\Malwarebytes
2009-12-08 20:09:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-28 22:25:24 ----A---- C:\Boot.bak
2009-11-28 22:25:13 ----RASHD---- C:\cmdcons
2009-11-28 22:23:56 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-28 22:23:56 ----A---- C:\WINDOWS\MBR.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\zip.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\SWREG.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\PEV.exe
2009-11-28 22:23:53 ----A---- C:\WINDOWS\grep.exe
2009-11-28 22:23:52 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-28 22:23:52 ----A---- C:\WINDOWS\SWSC.exe
2009-11-28 22:23:52 ----A---- C:\WINDOWS\sed.exe
2009-11-28 22:23:43 ----D---- C:\WINDOWS\ERDNT
2009-11-28 22:22:47 ----D---- C:\Qoobox
2009-11-27 11:21:16 ----D---- C:\Program Files\Trend Micro
2009-11-26 23:56:17 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-26 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 03:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

======List of files/folders modified in the last 1 months======

2009-12-15 14:53:36 ----D---- C:\WINDOWS\Prefetch
2009-12-15 14:46:43 ----D---- C:\WINDOWS\system32\drivers
2009-12-15 14:46:42 ----D---- C:\WINDOWS\Temp
2009-12-15 14:45:43 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-15 14:41:36 ----AD---- C:\WINDOWS
2009-12-15 14:41:36 ----A---- C:\WINDOWS\system.ini
2009-12-15 14:37:43 ----D---- C:\WINDOWS\system32\config
2009-12-15 14:37:04 ----SD---- C:\WINDOWS\Tasks
2009-12-15 14:37:04 ----D---- C:\WINDOWS\system32
2009-12-15 14:36:03 ----D---- C:\WINDOWS\AppPatch
2009-12-15 14:35:58 ----D---- C:\Program Files\Common Files
2009-12-15 14:31:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-15 14:31:28 ----SHD---- C:\System Volume Information
2009-12-15 14:31:28 ----D---- C:\WINDOWS\system32\Restore
2009-12-15 14:29:12 ----D---- C:\Program Files
2009-12-11 01:50:16 ----HD---- C:\WINDOWS\inf
2009-12-09 21:46:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-09 15:38:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:04:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-09 03:04:40 ----SHD---- C:\WINDOWS\Installer
2009-12-09 03:04:24 ----A---- C:\WINDOWS\imsins.BAK
2009-12-09 03:03:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 03:03:30 ----D---- C:\WINDOWS\system32\en-US
2009-12-09 03:03:30 ----D---- C:\Program Files\Internet Explorer
2009-12-08 23:19:22 ----D---- C:\Program Files\Full Tilt Poker
2009-12-08 21:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-03 20:34:28 ----D---- C:\_Backup
2009-11-30 03:00:22 ----D---- C:\WINDOWS\WinSxS
2009-11-28 22:37:04 ----D---- C:\Program Files\Spyware Doctor
2009-11-28 22:25:24 ----RASH---- C:\boot.ini
2009-11-28 22:12:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-27 00:31:17 ----A---- C:\WINDOWS\OEWABLog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R2 tmpreflt;tmpreflt; \??\C:\PROGRA~1\AVANQU~1\Fix-It\tmpreflt.sys []
R2 tmxpflt;tmxpflt; \??\C:\PROGRA~1\AVANQU~1\Fix-It\tmxpflt.sys []
R2 Vsapint;Vsapint; \??\C:\PROGRA~1\AVANQU~1\Fix-It\Vsapint.sys []
R3 catchme;catchme; \??\C:\commy\catchme.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 MailScan;MailScan; \??\C:\PROGRA~1\AVANQU~1\Fix-It\MailScan.sys []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-08-14 1296384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 mbr;mbr; \??\C:\DOCUME~1\Anthony\LOCALS~1\Temp\mbr.sys []
S3 ndisdrv;ndisdrv; \??\C:\WINDOWS\system32\ndisdrv.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winsts;winsts; \??\C:\WINDOWS\system32\winsts.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 Fix-It Task Manager;Fix-It Task Manager; C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe [2007-09-01 152832]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-25 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-06-02 303104]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2007-03-12 517768]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-11-03 73728]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-01-23 1251720]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------



here is the info.txt

info.txt logfile of random's system information tool 1.06 2009-12-15 14:53:39

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Dell AIO Printer A920-->C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Fix-It Utilities 8 Professional-->MsiExec.exe /I{5158974E-2D28-4018-9335-7694C2974746}
Full Tilt Poker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Anthony\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
PFE Gold-->C:\PROGRA~1\PFESTU~1\UNWISE.EXE C:\PROGRA~1\PFESTU~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Ulead Photo Explorer 8.0 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Ulead Photo Express 5 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}\Setup.exe" -l0x9
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======System event log======

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 56080
Source Name: W32Time
Time Written: 20091206125933.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 55949
Source Name: W32Time
Time Written: 20091129125912.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 55822
Source Name: W32Time
Time Written: 20091128014231.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 55742
Source Name: Tcpip
Time Written: 20091127010504.000000-300
Event Type: warning
User:

Computer Name: BOPREY1
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because nȯne of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 55557
Source Name: W32Time
Time Written: 20091126165841.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: BOPREY1
Event Code: 1000
Message: Faulting application googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, faulting module googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, fault address 0x000a5e43.

Record Number: 58252
Source Name: Application Error
Time Written: 20091006184207.000000-240
Event Type: error
User:

Computer Name: BOPREY1
Event Code: 1000
Message: Faulting application googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, faulting module googletoolbarmanager_0531c63a913cc9d1.exe, version 5.0.2124.6042, fault address 0x000a5e43.

Record Number: 58251
Source Name: Application Error
Time Written: 20091006184201.000000-240
Event Type: error
User:

Computer Name: BOPREY1
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 58231
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091006175915.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BOPREY1
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 58171
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091005211528.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BOPREY1
Event Code: 101
Message: Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D.

Record Number: 58113
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091005002157.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip

-----------------EOF-----------------

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

• InternetSecurity2010
  

Please re-open HijackThis and scan. Check the boxes to the left of all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {14a12408-071b-4e7c-8b8d-9c195174b0be} - pebuhewe.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pafulomip] Rundll32.exe "c:\windows\system32\mosirope.dll",a
O4 - HKLM\..\Run: [pugirofuge] Rundll32.exe "tafiwizo.dll",s
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O20 - AppInit_DLLs: penipure.dll

Then, please exit all programs except for HijackThis (System Tray (bottom right of screen): right-click on each program icon and click an Exit or shut down option, etc.), then click Fix Checked.

Please reboot your computer, and post a new HijackThis log here in your next reply.

==

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Registry::
   [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14a12408-071b-4e7c-8b8d-9c195174b0be}]
   
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
   "pafulomip"=-
   "pugirofuge"=-
   
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
   "Internet Security 2010"=-
   
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   "AppInit_DLLS"=-
   
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
   
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
   
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
   
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
   
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
   
   [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
   
   
   File::
   C:\WINDOWS\system32\wuyojaza.dll
   C:\udhkiixx.exe
   C:\pdvwd.exe
   C:\nymeu.exe
   C:\ryiasu.exe
   C:\dcgwhpoh.exe
   C:\WINDOWS\system32\winsts.sys
   C:\WINDOWS\UpdReg.EXE
   c:\windows\system32\mosirope.dll
   
   
   Folder::
   C:\Program Files\InternetSecurity2010
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

==

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
tafiwizo.dll
penipure.dll


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

==

Please go HERE. Copy and paste the following file path in to the box.

C:\WINDOWS\system32\winsts.sys

Do the same for these two files:

C:\windows\system32\userinit.exe
C:\windows\explorer.exe

Then click submit. (Do re-scans. Do not get old results.).

Please post the results (URL from the address bar) to your next reply. Also, post the new HijackThis log, SystemLook log, and ComboFix log.

i did all of what you said, except for the CFScript and Combofix. When i tried to use it, i got a message saying ComboFix was currently offline. I guess ill just try it later, but here are the other logs.

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:00 PM, on 12/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O20 - AppInit_DLLs: penipure.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7863 bytes


SystemLook log
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:38 on 15/12/2009 by Anthony (Administrator - Elevation successful)

========== filefind ==========

Searching for "tafiwizo.dll"
No files found.

Searching for "penipure.dll"
No files found.

-=End Of File=-


Virustotal
winsts.sys results http://www.virustotal.com/analisis/62e598ba24d2f021240997044de9b38803bb47c229182981ee707925486cc94b-1260938501

userinit.exe results http://www.virustotal.com/analisis/944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f-1260938645

explorer.exe results http://www.virustotal.com/analisis/1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455-1260938758

Please copy and paste the following in to Notepad:


Then click File > Save as
Save it to the Desktop as killthem.reg
Save as type: All files.

==

Please copy and paste the following in to Notepad:


Then click File > Save as
Save to the Desktop as blackpudding.bat
And Save as type: All Files.

==

Double-click on each of them. Allow them to finish. Then do the following:

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click Yes to the Optional_Scan
• Please follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your Desktop.

i made the two files you asked, but when i ran the killthem.reg, it said i cant import it because it is not a registry script, and i can only import binary registry files from within the registry editor. Im not sure what that means exactly, or if you wanted me the continue with the dds scan. The blackpudding file worked fine though.

Try this script for the Registry instead:

okay, the new registry script worked. I got a question about the dds scan though. I got the two logs, but one said to zip it and attach it to the forum. Do you want me to do that, and if yes, than can u tell me how? Here is the first log from the scan.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Anthony at 21:43:47.96 on Wed 12/16/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.895 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirusScannerPro] c:\progra~1\avanqu~1\fix-it\MemCheck.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254

============= SERVICES / DRIVERS ===============

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-23 1251720]
R2 tmpreflt;tmpreflt;c:\progra~1\avanqu~1\fix-it\tmpreflt.sys [2007-8-31 32528]
R3 MailScan;MailScan;c:\progra~1\avanqu~1\fix-it\MailScan.sys [2007-9-1 20496]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [2003-7-16 2304]
S3 winsts;winsts;\??\c:\windows\system32\winsts.sys --> c:\windows\system32\winsts.sys [?]

=============== Created Last 30 ================

2009-12-15 19:29:12 0 d-----w- c:\program files\InternetSecurity2010
2009-12-11 07:40:12 20 ----a-w- c:\windows\system32\crt.dat
2009-12-10 02:52:24 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2009-12-09 01:09:48 0 d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2009-12-09 01:09:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-29 03:25:13 0 d-sha-r- C:\cmdcons
2009-11-29 03:23:56 77312 ----a-w- c:\windows\MBR.exe
2009-11-29 03:23:53 260096 ----a-w- c:\windows\PEV.exe
2009-11-29 03:23:53 161792 ----a-w- c:\windows\SWREG.exe
2009-11-29 03:23:52 98816 ----a-w- c:\windows\sed.exe
2009-11-27 16:21:16 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-12 04:03:25 39424 --sha-w- c:\windows\system32\barijatu.dll
2009-09-15 19:18:41 39424 --sha-w- c:\windows\system32\buhovawu.dll
2009-09-12 04:03:25 54272 --sha-w- c:\windows\system32\kabujupe.dll
2009-09-13 03:56:14 39424 --sha-w- c:\windows\system32\mayotomo.dll
2009-09-15 19:18:41 62464 --sha-w- c:\windows\system32\mikowuto.dll
2009-09-12 04:04:01 54272 --sha-w- c:\windows\system32\pebuhewe.dll
2009-09-15 07:18:28 45568 --sha-w- c:\windows\system32\romotaja.dll
2009-09-14 19:18:29 61952 --sha-w- c:\windows\system32\vajatika.dll
2009-09-14 19:18:32 39424 --sha-w- c:\windows\system32\vohelipe.dll
2009-09-13 03:56:15 45568 --sha-w- c:\windows\system32\wogutopa.dll
2009-09-15 07:18:28 92672 --sha-w- c:\windows\system32\yihenori.dll

============= FINISH: 21:44:17.09 ===============

Download The Avenger by Swandog46 from here.

• Unzip/extract it to a folder on your desktop.
  
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Copy all of the lines in between the **** stars lines **** below textbox to the clibpboard by highlighting it and then pressing Ctrl C.
  ***********************************************
  Files to delete:
  c:\windows\system32\winsts.sys
  c:\windows\system32\oakley.dll
  c:\windows\system32\raschap.dll
  c:\windows\system32\barijatu.dll
  c:\windows\system32\buhovawu.dll
  c:\windows\system32\kabujupe.dll
  c:\windows\system32\mayotomo.dll
  c:\windows\system32\mikowuto.dll
  c:\windows\system32\pebuhewe.dll
  c:\windows\system32\romotaja.dll
  c:\windows\system32\vajatika.dll
  c:\windows\system32\vohelipe.dll
  c:\windows\system32\wogutopa.dll
  c:\windows\system32\yihenori.dll
  
  Drivers to delete:
  winsts
  
  Folders to delete:
  c:\program files\InternetSecurity2010
  
  ***********************************************
  
• In the avenger window, click the Paste Script from Clipboard icon, button.
  
• ! Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  
• Click the Execute button.
  
• You will be asked Are you sure you want to execute the current script?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
  
• Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  
• If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  
• After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.
  

Not
all the items will be found; so do not worry. Hopefully enough of the
rootkit will be removed so that we can continue forward with more
cleaning.
If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.
and then reboot the system again.

==

Please copy and paste the following in to Notepad:

Then, click File > Save as
Save to the Desktop as chksystem.bat
Change Save as type to All Files.
Click the Save button and exit Notepad.

Double-click on it to run.
Then post the contents of chksystem.txt as well as the Avenger log.

here are the two log files.
Avenger logfile

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\winsts.sys" not found!
Deletion of file "c:\windows\system32\winsts.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\oakley.dll" deleted successfully.
File "c:\windows\system32\raschap.dll" deleted successfully.
File "c:\windows\system32\barijatu.dll" deleted successfully.
File "c:\windows\system32\buhovawu.dll" deleted successfully.
File "c:\windows\system32\kabujupe.dll" deleted successfully.
File "c:\windows\system32\mayotomo.dll" deleted successfully.
File "c:\windows\system32\mikowuto.dll" deleted successfully.
File "c:\windows\system32\pebuhewe.dll" deleted successfully.
File "c:\windows\system32\romotaja.dll" deleted successfully.
File "c:\windows\system32\vajatika.dll" deleted successfully.
File "c:\windows\system32\vohelipe.dll" deleted successfully.
File "c:\windows\system32\wogutopa.dll" deleted successfully.
File "c:\windows\system32\yihenori.dll" deleted successfully.
Driver "winsts" deleted successfully.
Folder "c:\program files\InternetSecurity2010" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Chksystem logfile

System File Reliability
Program based from Cheetah Anti-Rogue
by DragonMaster Jay

Volume in drive C has no label.
Volume Serial Number is 187E-5C0A

Directory of C:\WINDOWS\system32


EOF

Please re-run DDS and post a log.

here is the new DDS log.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Anthony at 12:39:09.56 on Thu 12/17/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.896 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.0\masqform.exe -UpdateCurrentUser
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [VirusScannerPro] c:\progra~1\avanqu~1\fix-it\MemCheck.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
mPolicies-explorer: =
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxps://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254
LSA: Notification Packages = scecli tafiwizo.dll

============= SERVICES / DRIVERS ===============

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-23 1251720]
R2 tmpreflt;tmpreflt;c:\progra~1\avanqu~1\fix-it\tmpreflt.sys [2007-8-31 32528]
R3 MailScan;MailScan;c:\progra~1\avanqu~1\fix-it\MailScan.sys [2007-9-1 20496]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [2003-7-16 2304]

=============== Created Last 30 ================

2009-12-11 07:40:12 20 ----a-w- c:\windows\system32\crt.dat
2009-12-10 02:52:24 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2009-12-09 01:09:48 0 d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2009-12-09 01:09:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-29 03:25:13 0 d-sha-r- C:\cmdcons
2009-11-29 03:23:56 77312 ----a-w- c:\windows\MBR.exe
2009-11-29 03:23:53 260096 ----a-w- c:\windows\PEV.exe
2009-11-29 03:23:53 161792 ----a-w- c:\windows\SWREG.exe
2009-11-29 03:23:52 98816 ----a-w- c:\windows\sed.exe
2009-11-27 16:21:16 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll

============= FINISH: 12:39:39.39 ===============

Now, please post a new HijackThis log.

here's the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:58 PM, on 12/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anthony\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.254
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7821 bytes

Please download ComboFix from here: http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

here is the new Combofix log.

ComboFix 09-12-17.01 - Anthony 12/17/2009 23:10:31.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.824 [GMT -5:00]
Running from: c:\documents and settings\Anthony\desktop\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\ntload.dll
c:\documents and settings\Anthony\Start Menu\Internet Security 2010.lnk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMAPISERVICE
-------\Legacy_WINSTS
-------\Service_ImapiService


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 03:59 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-18 03:59 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-18 03:59 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-18 03:59 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-18 03:59 . 2009-12-18 03:59 -------- d-----w- c:\program files\Avira
2009-12-18 03:59 . 2009-12-18 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-15 19:53 . 2009-12-15 19:53 -------- d-----w- C:\rsit
2009-12-11 16:36 . 2009-12-11 16:36 0 --sha-w- c:\documents and settings\NetworkService\ntload.dll
2009-12-11 07:40 . 2009-12-14 20:32 20 ----a-w- c:\windows\system32\crt.dat
2009-12-10 02:52 . 2009-12-10 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 03:10 . 2009-11-29 03:10 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Threat Expert
2009-11-28 17:26 . 2009-11-28 17:26 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-11-27 16:21 . 2009-11-27 16:21 -------- d-----w- c:\program files\Trend Micro
2009-11-27 05:31 . 2009-11-27 05:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Avanquest
2009-11-27 04:56 . 2009-11-27 04:58 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 04:19 . 2007-06-08 18:22 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-29 05:24 . 2009-11-23 20:07 79488 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 03:37 . 2008-03-07 20:05 -------- d-----w- c:\program files\Spyware Doctor
2009-11-29 03:12 . 2008-03-07 20:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 17:32 . 2009-11-28 17:32 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 01:05 . 2009-10-10 23:31 -------- d-----w- c:\program files\World of Warcraft
2009-10-29 07:46 . 2005-10-21 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 03:42 . 2006-03-02 22:30 39952 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-20 04:15 . 2009-10-20 04:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-12 13:38 . 2003-07-16 20:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 04:04 . 2006-02-23 00:43 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-27 1048576]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/17/2009 10:59 PM 108289]
R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 12:36 PM 32528]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [7/16/2003 3:33 PM 2304]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 23:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\WININET.dll
c:\progra~1\AVANQU~1\Fix-It\WinHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
.
**************************************************************************
.
Completion time: 2009-12-17 23:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 04:28
ComboFix2.txt 2009-12-15 19:46
ComboFix3.txt 2009-12-14 20:55
ComboFix4.txt 2009-12-08 19:36
ComboFix5.txt 2009-12-18 04:09

Pre-Run: 8,679,694,336 bytes free
Post-Run: 8,673,259,520 bytes free

- - End Of File - - 7EAAA3AAA0E0A97978EA5DA9799D101E

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\documents and settings\NetworkService\ntload.dll
   c:\windows\system32\crt.dat
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

here is the new log.

ComboFix 09-12-17.01 - Anthony 12/18/2009 13:28:44.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.842 [GMT -5:00]
Running from: c:\documents and settings\Anthony\Desktop\commy.exe
Command switches used :: c:\documents and settings\Anthony\Desktop\CFscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\NetworkService\ntload.dll"
"c:\windows\system32\crt.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\ntload.dll
c:\windows\system32\crt.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ImapiService


((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 03:59 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-18 03:59 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-18 03:59 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-18 03:59 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-18 03:59 . 2009-12-18 03:59 -------- d-----w- c:\program files\Avira
2009-12-18 03:59 . 2009-12-18 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-15 19:53 . 2009-12-15 19:53 -------- d-----w- C:\rsit
2009-12-10 02:52 . 2009-12-10 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-12-09 01:09 . 2009-12-09 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 03:10 . 2009-11-29 03:10 -------- d-----w- c:\documents and settings\Anthony\Local Settings\Application Data\Threat Expert
2009-11-28 17:26 . 2009-11-28 17:26 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Avanquest
2009-11-27 16:21 . 2009-11-27 16:21 -------- d-----w- c:\program files\Trend Micro
2009-11-27 05:31 . 2009-11-27 05:31 -------- d-----w- c:\documents and settings\Chris\Application Data\Avanquest
2009-11-27 04:56 . 2009-11-27 04:58 -------- d-----w- c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 04:19 . 2007-06-08 18:22 -------- d-----w- c:\program files\Full Tilt Poker
2009-11-29 05:24 . 2009-11-23 20:07 79488 ----a-w- c:\documents and settings\Anthony\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-29 03:37 . 2008-03-07 20:05 -------- d-----w- c:\program files\Spyware Doctor
2009-11-29 03:12 . 2008-03-07 20:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-28 17:32 . 2009-11-28 17:32 79488 ----a-w- c:\documents and settings\Chris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-15 01:05 . 2009-10-10 23:31 -------- d-----w- c:\program files\World of Warcraft
2009-10-29 07:46 . 2005-10-21 17:51 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 03:42 . 2006-03-02 22:30 39952 ----a-w- c:\documents and settings\Anthony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-20 04:15 . 2009-10-20 04:15 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-12 13:38 . 2003-07-16 20:42 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 04:04 . 2006-02-23 00:43 77423 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-03 4800512]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 270336]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.0\masqform.exe" [2004-01-27 1048576]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"VirusScannerPro"="c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe" [2007-09-01 173312]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dla\\tfswctrl.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/17/2009 10:59 PM 108289]
R2 tmpreflt;tmpreflt;c:\progra~1\AVANQU~1\Fix-It\tmpreflt.sys [8/31/2007 12:36 PM 32528]
R3 MailScan;MailScan;c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [9/1/2007 5:58 AM 20496]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [7/16/2003 3:33 PM 2304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {B5CE61BE-37D9-4C95-8031-F02ABCFDCCB3} = 193.104.110.38,4.2.2.1,192.168.1.254
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-18 13:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(660)
c:\windows\system32\WININET.dll
c:\progra~1\AVANQU~1\Fix-It\WinHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-18 13:48:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 18:48
ComboFix2.txt 2009-12-18 04:28
ComboFix3.txt 2009-12-15 19:46
ComboFix4.txt 2009-12-14 20:55
ComboFix5.txt 2009-12-18 18:27

Pre-Run: 8,671,670,272 bytes free
Post-Run: 8,648,372,224 bytes free

- - End Of File - - 459A52DACFE6CECD2F19A41AFC83BC77

Now time to clean up.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

here is the results of the Security Check log.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
HijackThis 2.0.2
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.7
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• AVG Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

hey, thanks a lot for all the help and work you did getting my computer back to normal. I know you don't have to do this, so i really appreciate it. I cant afford a new computer, so you saved me big time. I owe you. I guess i have just one question left. If for any reason the infection didnt completely go away and comes back, should i post a new topic, or continue on this topic. Im guessing i should post a new topic, but i wasnt sure.

sorry, i actually have another question. When i search on google now, i get redirected when i click the links. I think its uniquesearch8 thats doing it, but how can i fix that