Hey, it restarted into normal mode and I didn't see any virus warnings come up right away, so that's cool. But I tried to open firefox and internet explorer, and got a message saying that they were marked for removal.
Anyways, here is the log that came up after the latest combofix:
ComboFix 10-07-24.06 - ian 07/26/2010 20:42:19.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3061.2366 [GMT -4:00]
Running from: c:\users\ian\Desktop\commy.exe
Command switches used :: c:\users\ian\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
FILE ::
"c:\users\ian\AppData\Local\ejikidal.dll"
"c:\users\ian\AppData\Local\opigasuti.dll"
"c:\users\ian\AppData\Local\ugixitigokidonot.dll"
"c:\users\ian\AppData\Local\ukawetur.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\ian\AppData\Local\ejikidal.dll
c:\users\ian\AppData\Local\opigasuti.dll
c:\users\ian\AppData\Local\ugixitigokidonot.dll
c:\users\ian\AppData\Local\ukawetur.dll
.
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.
2010-07-27 00:45 . 2010-07-27 00:47 -------- d-----w- c:\users\ian\AppData\Local\temp
2010-07-27 00:45 . 2010-07-27 00:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-27 00:45 . 2010-07-27 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-27 00:40 . 2010-07-27 00:41 -------- d-----w- C:\32788R22FWJFW
2010-07-26 23:16 . 2010-07-26 23:21 -------- d-----w- C:\commy24293c
2010-07-26 23:12 . 2010-07-26 23:13 -------- d-----w- C:\commy
2010-07-18 23:54 . 2010-07-18 23:54 -------- d-----w- c:\program files\JRE
2010-07-18 23:53 . 2010-07-18 23:54 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-18 23:51 . 2010-07-18 23:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 21:53 . 2010-07-01 21:53 -------- d-----w- c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 00:49 . 2008-07-19 03:49 -------- d-----w- c:\users\ian\AppData\Roaming\WeatherBug
2010-07-27 00:38 . 2009-01-03 02:04 6648 ----a-w- c:\users\ian\AppData\Local\d3d9caps.dat
2010-07-26 23:26 . 2008-05-27 06:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-22 00:32 . 2008-06-07 02:44 32638 ----a-w- c:\users\ian\AppData\Roaming\wklnhst.dat
2010-07-19 00:14 . 2008-06-03 21:57 78832 ----a-w- c:\users\ian\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-19 00:11 . 2008-06-09 00:21 -------- d-----w- c:\users\ian\AppData\Roaming\LimeWire
2010-07-18 23:52 . 2008-05-27 06:18 -------- d-----w- c:\program files\Common Files\Java
2010-07-18 23:50 . 2008-05-27 06:18 -------- d-----w- c:\program files\Java
2010-07-16 02:15 . 2008-06-24 02:41 -------- d-----w- c:\users\ian\AppData\Roaming\Skype
2010-07-15 21:33 . 2008-07-19 02:06 -------- d-----w- c:\users\ian\AppData\Roaming\skypePM
2010-06-12 17:03 . 2009-05-19 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 07:10 . 2009-10-27 05:18 -------- d-----w- c:\programdata\Microsoft Help
2010-04-29 19:39 . 2010-05-07 05:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-07 05:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 09:22 . 2009-11-24 09:22 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-27 06:26 . 2008-05-27 06:26 76 --sh--r- c:\windows\CT4CET.bin
2008-05-27 13:54 . 2008-05-27 13:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-27 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2008-06-25 1209584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-05-27 1006264]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-28 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-24 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-07-27 492840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes12\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-27 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-27 06:39 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-24 30192]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-20 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-11 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-20 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-20 297752]
S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 18:08]
2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 18:08]
2010-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-27 18:32]
2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-27 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080527IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\ihla3ipy.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aol-chromesbox-en-us&query=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.google.comFF - prefs.js: keyword.URL -
hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aol-ab-en-us&query=FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\ihla3ipy.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca}\components\FFAlert.dll
FF - component: c:\users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\ihla3ipy.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\iTunes12\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\ian\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\ian\Desktop\eMusic\eMusic Download Manager\plugin\npemusic.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Wdf01000.sys
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\STacSV.exe
c:\program files\tbh\base\bin\tbhDaemon.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\McAfee\VirusScan\McShield.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
.
**************************************************************************
.
Completion time: 2010-07-26 21:00:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-27 00:59
ComboFix2.txt 2010-07-27 00:13
ComboFix3.txt 2010-03-29 23:59
Pre-Run: 10,646,286,336 bytes free
Post-Run: 7,654,555,648 bytes free
- - End Of File - - 7EC1EC7FA7616D9BA7AF0A7AAE0263CA