Internet Security 2010 Virus

Lossing control of my computer to this virus. Pop ups are taking over. I saw that others have posted this same issue. Need help!

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

I ran the bleeping computer.com stuff and everything was going fine down to the final step and while it was running I got a blue screen.....problem has been detected and windows has shut down to protect your computer....Bad_Pool_caller.....how should i proceed or is it still running the log?

ComboFix 10-01-11.04 - Jay Todd 01/12/2010 15:00:21.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.701 [GMT -5:00]
Running from: c:\documents and settings\Jay Todd\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carla Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\documents and settings\Carla Todd\Application Data\PC
c:\documents and settings\Carla Todd\Application Data\PC\faq\guide.html
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg1.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg10.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg2.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg3.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg4.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg5.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg6.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg7.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg8.jpg
c:\documents and settings\Carla Todd\Application Data\PC\faq\images\gimg9.jpg
c:\documents and settings\Carla Todd\Application Data\PC\settings.ini
c:\documents and settings\Carla Todd\Application Data\PC\uninstall.exe
c:\program files\InternetSecurity2010
c:\program files\InternetSecurity2010\IS2010.exe
C:\s
c:\windows\$NtUninstallKB922582$
c:\windows\$NtUninstallKB922582$\fltlib.dll
c:\windows\$NtUninstallKB922582$\fltmc.exe
c:\windows\$NtUninstallKB922582$\fltmgr.sys
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.exe
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.inf
c:\windows\$NtUninstallKB922582$\spuninst\spuninst.txt
c:\windows\$NtUninstallKB922582$\spuninst\updspapi.dll
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12316.exe
c:\windows\system32\12382.exe
c:\windows\system32\12859.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\15141.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\17673.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\20037.exe
c:\windows\system32\21726.exe
c:\windows\system32\22190.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25547.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\27529.exe
c:\windows\system32\27644.exe
c:\windows\system32\28145.exe
c:\windows\system32\28253.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\30333.exe
c:\windows\system32\3035.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\32662.exe
c:\windows\system32\32757.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4664.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6868.exe
c:\windows\system32\7711.exe
c:\windows\system32\778.exe
c:\windows\system32\8723.exe
c:\windows\system32\9741.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\bszip.dll
c:\windows\system32\flags.ini
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\uses32.dat
c:\windows\system32\winlogon86.exe
c:\windows\system32\winupdate86.exe
c:\windows\Temp\1959888248.exe
c:\windows\Temp\2859234168.exe
c:\windows\Temp\339521212.exe
c:\windows\Temp\3758580088.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-11 20:27 . 2010-01-11 20:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-11 20:26 . 2010-01-11 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-11 20:25 . 2010-01-11 20:25 -------- d-----w- c:\program files\McAfee Security Scan
2010-01-11 20:25 . 2010-01-11 20:25 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-11 20:24 . 2010-01-11 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-11 20:03 . 2010-01-11 20:03 388096 ----a-r- c:\documents and settings\Jay Todd\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-11 20:03 . 2010-01-11 20:03 -------- d-----w- c:\program files\TrendMicro
2010-01-03 08:04 . 2010-01-03 08:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-03 08:04 . 2010-01-03 08:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-01-03 08:04 . 2010-01-03 08:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2010-01-03 08:02 . 2010-01-03 08:02 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\jutedf
2010-01-03 08:02 . 2010-01-03 08:02 25088 ----a-w- C:\khkil.exe
2010-01-03 08:01 . 2010-01-03 08:01 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-19 15:25 . 2009-12-19 15:25 -------- d-----w- c:\documents and settings\Jay Todd\Local Settings\Application Data\Temp
2009-12-16 23:40 . 2009-12-16 23:40 -------- d-----w- c:\documents and settings\Nicklaus Todd\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 20:51 . 2009-07-25 13:05 -------- d-----w- c:\documents and settings\Jay Todd\Application Data\HPAppData
2010-01-11 20:32 . 2005-04-15 21:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-11 19:15 . 2009-03-08 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-10 21:27 . 2009-07-24 20:26 -------- d-----w- c:\documents and settings\Carla Todd\Application Data\HPAppData
2010-01-10 16:13 . 1980-01-01 06:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-10 16:13 . 1980-01-01 06:00 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-27 19:08 . 2005-03-09 21:53 -------- d-----w- c:\program files\Common Files\AOL
2009-12-27 19:08 . 2005-03-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-12-21 15:31 . 2005-04-24 15:17 -------- d-----w- c:\program files\Google
2009-12-21 02:10 . 2009-12-05 15:37 -------- d-----w- c:\program files\McAfee
2009-12-16 23:49 . 2008-04-20 15:21 33456 -c--a-w- c:\documents and settings\Nicklaus Todd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 22:49 . 2009-11-11 22:20 -------- d-----w- c:\documents and settings\Nicklaus Todd\Application Data\HPAppData
2009-12-14 23:00 . 2009-12-05 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-11 20:51 . 2006-03-03 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-12-07 16:17 . 2009-12-07 16:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-12-06 00:55 . 2009-12-06 00:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-12-05 18:13 . 2009-11-07 16:32 -------- d-----w- c:\program files\AAntivirus
2009-12-05 16:59 . 2009-11-07 16:34 -------- d-----w- c:\program files\Common Files\AAntivirusUninstall
2009-12-05 15:55 . 2009-12-05 15:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-12-05 15:51 . 2009-07-24 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-05 15:49 . 2005-03-09 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-12-05 15:49 . 2005-03-09 21:52 -------- d-----w- c:\program files\McAfee.com
2009-12-05 15:38 . 2009-12-05 15:36 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-03 00:40 . 2009-08-14 15:56 -------- d-----w- c:\documents and settings\Riley Todd\Application Data\HPAppData
2009-11-26 19:44 . 2009-08-20 21:35 -------- d-----w- c:\documents and settings\Visitor 1\Application Data\HPAppData
2009-11-04 21:54 . 2009-12-05 15:38 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 21:54 . 2009-12-05 15:38 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 21:54 . 2009-12-05 15:38 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 21:54 . 2009-11-04 21:54 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-04 21:53 . 2009-12-05 15:32 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-29 07:45 . 2004-08-10 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-10 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-10 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-10 11:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-03-15 135168]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-03-09 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-09 98304]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-03-15 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2005-3-20 73728]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S2 gupdate1c9a00a2acb26e6;Google Update Service (gupdate1c9a00a2acb26e6);c:\program files\Google\Update\GoogleUpdate.exe [3/8/2009 11:23 AM 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/5/2009 10:41 AM 93320]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DCFS2K

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 16:29]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 16:23]

2010-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 16:23]

2005-03-17 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-10 00:12]

2009-12-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-05 17:22]

2009-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-05 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
AddRemove-PComponents - c:\documents and settings\Carla Todd\Application Data\PC\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
Completion time: 2010-01-12 15:19:13
ComboFix-quarantined-files.txt 2010-01-12 20:19

Pre-Run: 135,952,359,424 bytes free
Post-Run: 136,868,163,584 bytes free

- - End Of File - - 1EAC0C8A17B601A7B379259DB6D484D3

Please download Malwarebytes Anti-Malware from here.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.