Windows Security Suite

When i log on loads of error windows pop up and eventually freeze my computer. One of the pop ups is called windows security suite, which i know is a virus. Ive already Malwarebytes and ccleaner and they havent done anything to stop the virus. Can you help please?

Welcome back. This time, please stick with your helper until your computer is declared clean.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Sorry for delay. There is the combo fix log file.

ComboFix 10-10-09.06 - Rob 10/10/2010 19:50:12.5.1 - x86
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\41K62.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\8bk4bb.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\aNn4k78a7.jpg
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\xy1KjBxyy.jpg
c:\documents and settings\All Users\Application Data\32Y1167.exe
c:\documents and settings\All Users\Application Data\4J05NMf8.exe
c:\documents and settings\All Users\Documents\Server\admin.txt
c:\documents and settings\All Users\Documents\Server\server.dat
c:\documents and settings\LocalService\Local Settings\Application Data\32Y1167.exe
c:\documents and settings\NetworkService\Application Data\Microsoft\stor.cfg
c:\documents and settings\NetworkService\Application Data\Microsoft\svchost .exe
c:\documents and settings\NetworkService\Application Data\Microsoft\svchost.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\32Y1167.exe
c:\documents and settings\Rob\.COMMgr
c:\documents and settings\Rob\.COMMgr\complmgr .exe
c:\documents and settings\Rob\.COMMgr\complmgr.exe
c:\documents and settings\Rob\.COMMgr\complmgrSrv.exe
c:\documents and settings\Rob\Application Data\Bifygy\zoorw.exe
c:\documents and settings\Rob\Application Data\Bowyy
c:\documents and settings\Rob\Application Data\Bowyy\olvy.exe
c:\documents and settings\Rob\Application Data\Buicuk
c:\documents and settings\Rob\Application Data\Buicuk\abmo.tmp
c:\documents and settings\Rob\Application Data\Hyro
c:\documents and settings\Rob\Application Data\Hyro\isyqd.nes
c:\documents and settings\Rob\Application Data\Hyro\isyqd.tmp
c:\documents and settings\Rob\Application Data\Irokge
c:\documents and settings\Rob\Application Data\Irokge\paozu.tmp
c:\documents and settings\Rob\Application Data\Luol
c:\documents and settings\Rob\Application Data\Luol\cacu.exe
c:\documents and settings\Rob\Application Data\Microsoft\stor.cfg
c:\documents and settings\Rob\Application Data\Microsoft\svchost .exe
c:\documents and settings\Rob\Application Data\Microsoft\svchost.exe
c:\documents and settings\Rob\Application Data\Microsoft\svchostSrv.exe
c:\documents and settings\Rob\Application Data\Microsoft\Windows\shell.exe
c:\documents and settings\Rob\Application Data\Nekev
c:\documents and settings\Rob\Application Data\Nekev\zauz.tmp
c:\documents and settings\Rob\Application Data\Nekev\zauz.upy
c:\documents and settings\Rob\Application Data\Opuqc\nexek.exe
c:\documents and settings\Rob\Application Data\Tydi
c:\documents and settings\Rob\Application Data\Tydi\ydfi.exe
c:\documents and settings\Rob\Application Data\Uragl
c:\documents and settings\Rob\Application Data\Uragl\nace.tmp
c:\documents and settings\Rob\Application Data\Wyudu
c:\documents and settings\Rob\Application Data\Wyudu\osdo.afe
c:\documents and settings\Rob\Application Data\Wyudu\osdo.tmp
c:\documents and settings\Rob\Application Data\Xaaxy
c:\documents and settings\Rob\Application Data\Xaaxy\axih.exe
c:\documents and settings\Rob\Application Data\Yfni
c:\documents and settings\Rob\Application Data\Yfni\ovnaa.tmp
c:\documents and settings\Rob\Application Data\Yhwa\uneni.exe
c:\documents and settings\Rob\Application Data\Ylyhob
c:\documents and settings\Rob\Application Data\Ylyhob\peah.tmp
c:\documents and settings\Rob\Local Settings\Application Data\cjivwkphx\ikmlxmuuqiw.exe
c:\documents and settings\Rob\Local Settings\Application Data\ljcvwrpou\ichnraluqiw.exe
c:\documents and settings\Rob\Local Settings\Application Data\nbjdawicy\lkasifuuqiw.exe
C:\Microsoft
c:\progra~1\mcafee.com\agent\McUpdate .exe
c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
c:\program files\DivX\DivX Update\DivXUpdate.exe
c:\program files\DNA\btdna .exe
c:\program files\DNA\btdna .exe
c:\program files\DNA\btdna .exe
c:\program files\DNA\btdna .exe
c:\program files\DNA\btdna .exe
c:\program files\DNA\btdna .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\ew1\setup .exe
c:\program files\Internet Explorer\complete.dat
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Internet Explorer\svchost.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\McAfee.com\Personal Firewall\MpfTray.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\program files\McAfee.com\VSO\oasclnt.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\program files\Microsoft\DesktopLayerSrv.exe
c:\program files\Steam\steam.exe
c:\windows\ExplorerSrv.exe
c:\windows\Fonts\32Y1167.com
c:\windows\system32\config\systemprofile\32Y1167.com
c:\windows\system32\regsvr32Srv.exe
c:\windows\Tasks\At1.job


.
Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.


((((((((((((((((((((((((((((( SnapShot@2010-08-08_15.59.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-01 16:34 . 2010-09-30 16:06 16384 c:\windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-10 18:48 . 2010-10-10 18:48 16384 c:\windows\temp\Perflib_Perfdata_750.dat
+ 2010-09-29 09:44 . 2010-09-29 09:44 56320 c:\windows\system32\WgaTraySrv.exe
+ 2010-09-25 18:22 . 2010-09-29 10:26 56320 c:\windows\system32\dwwinSrv.exe
+ 2010-09-25 18:23 . 2010-09-30 15:58 56320 c:\windows\system32\DLA\DLACTRLWSrv.exe
+ 2010-09-23 16:35 . 2010-09-23 16:35 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-29 17:03 . 2010-08-08 13:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-29 17:03 . 2010-09-23 16:35 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-23 16:35 . 2010-09-23 16:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-09-14 04:45 . 2010-10-06 00:08 35336 c:\windows\system32\32Y1167.com
+ 2010-09-25 18:23 . 2010-09-30 15:58 56320 c:\windows\stsystraSrv.exe
+ 2010-09-21 01:26 . 2010-09-21 01:26 25214 c:\windows\Installer\{171E6C1E-B5FC-11DF-B115-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-21 01:26 . 2010-09-21 01:26 25214 c:\windows\Installer\{171E6C1E-B5FC-11DF-B115-005056C00008}\ARPPRODUCTICON.exe
+ 2006-09-27 13:39 . 2010-10-04 21:10 10240 c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB.exe
- 2006-09-27 13:39 . 2007-06-12 18:05 10240 c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2004-08-10 12:03 . 2010-08-15 10:33 4056 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2007-02-13 02:13 . 2010-10-04 21:10 7168 c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB5.exe
- 2007-02-13 02:13 . 2007-06-12 18:05 7168 c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB5.exe
- 2006-09-27 13:39 . 2007-06-12 18:05 7168 c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
+ 2006-09-27 13:39 . 2010-10-04 21:10 7168 c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe
+ 2010-09-29 10:20 . 2010-09-29 10:22 563520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-09-21 01:26 . 2010-09-21 01:26 874496 c:\windows\Installer\20bff595.msi
- 2009-08-11 23:22 . 2009-08-11 23:22 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
+ 2009-08-11 23:22 . 2010-08-18 03:09 102400 c:\windows\Installer\{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}\iTunesIco.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe
- 2006-09-29 18:41 . 2006-09-29 18:41 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2006-09-29 18:41 . 2010-10-10 18:12 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-17 39408]
"Steam"="c:\program files\steam\steam.exe" [N/A]
"{7AD1994C-E6B6-D453-2621-DFA5E501A564}"="c:\documents and settings\Rob\Application Data\Opuqc\nexek.exe" [2007-08-18 114176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe -startup" [X]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [N/A]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [N/A]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [N/A]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [N/A]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 1121280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
acwe.exe [2010-9-22 107008]
dihuh.exe [2010-9-23 116224]
opela.exe [2010-10-4 114176]
oxmi.exe [2010-9-30 113664]
rogua.exe [2010-10-6 114176]
vewipi.exe [2010-9-23 116224]
vyyb.exe [2010-9-29 134144]
wiytca.exe [2010-9-23 116224]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
aqxaux.exe [2010-9-23 116224]
azxayq.exe [2010-9-23 116224]
ebaxx.exe [2010-9-22 107008]
epxeo.exe [2010-9-23 116224]
icqufi.exe [2010-10-4 114176]
laafu.exe [2010-9-23 116224]
moaqzi.exe [2010-9-29 134144]
pyabdi.exe [2010-9-30 113664]
wylyi.exe [2010-10-6 114176]

c:\documents and settings\Rob\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-27 7168]
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2007-4-12 884838]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\mcafee.com\agent\mcdetectsrv.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask .exe -atboottime [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
c:\program files\DNA\btdna .exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
c:\program files\DAEMON Tools Pro\DTProAgent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-07-22 23:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
c:\program files\MP4 Player\mp4Player.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
c:\program files\McAfee.com\Personal Firewall\MPFTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ouccrasi]
2010-09-22 01:05 305664 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\nbjdawicy\lkasifuuqiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qlwmxytv]
2010-09-22 00:38 305664 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\ljcvwrpou\ichnraluqiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rainlendar2]
c:\program files\Rainlendar2\Rainlendar2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-09-25 14:06 83968 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscjiwos]
2010-09-22 00:26 305664 ----a-w- c:\documents and settings\Rob\Local Settings\Application Data\cjivwkphx\ikmlxmuuqiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{6BCAE218-C949-5DD7-B5AA-C06EA2EC20F8}]
c:\documents and settings\Rob\Application Data\Azubep\ybro.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{7AD1994C-E6B6-D453-2621-DFA5E501A564}]
2007-04-18 08:27 116224 ----a-w- c:\documents and settings\Rob\Application Data\Yhwa\uneni.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{B2234604-1D67-796D-989D-7551FA679455}]
2007-01-04 10:04 125440 ----a-w- c:\documents and settings\Rob\Application Data\Bifygy\zoorw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Steam\\steamapps\\rob399\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Rob\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Rob\\My Documents\\utorrent.exe"=

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-08 721904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [x]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]

.
Contents of the 'Scheduled Tasks' folder

2010-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2010-10-05 c:\windows\Tasks\At25.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At26.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At27.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At28.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At29.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At3.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At30.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At31.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-05 c:\windows\Tasks\At313.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At314.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At315.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At316.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At317.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At318.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At319.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At32.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At320.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At321.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At322.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At323.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-29 c:\windows\Tasks\At324.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-23 c:\windows\Tasks\At325.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At326.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-28 c:\windows\Tasks\At327.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At328.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At329.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At33.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At330.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-23 c:\windows\Tasks\At331.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At332.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At333.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At334.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-04 c:\windows\Tasks\At335.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At336.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At34.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At35.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-29 c:\windows\Tasks\At36.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-23 c:\windows\Tasks\At37.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At38.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-28 c:\windows\Tasks\At39.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At4.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-09-22 c:\windows\Tasks\At40.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At41.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At42.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-23 c:\windows\Tasks\At43.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-10 c:\windows\Tasks\At44.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At45.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At46.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-04 c:\windows\Tasks\At47.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-09-22 c:\windows\Tasks\At48.job
- c:\windows\system32\32Y1167.com [2010-09-14 00:08]

2010-10-06 c:\windows\Tasks\At5.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At6.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At7.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At769.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At770.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At771.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At772.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At773.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At774.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At775.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At776.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At777.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At778.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At779.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At780.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At781.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At782.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At783.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At784.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At785.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At786.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At787.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At788.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At789.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At790.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At791.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\At792.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At8.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-06 c:\windows\Tasks\At9.job
- c:\windows\Fonts\32Y1167.com [2010-10-10 00:08]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]

2010-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-14 03:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Bejeweled 2 - c:\program files\Bejeweled 2\uninstall.exe
AddRemove-LimeWire - c:\program files\LimeWire\uninstall.exe
AddRemove-MP4 Player - c:\program files\MP4 Player\uninst.exe
AddRemove-Steam App 220 - c:\program files\Steam\steam.exe
AddRemove-Steam App 340 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3482 - c:\program files\Steam\steam.exe
AddRemove-Steam App 3483 - c:\program files\Steam\steam.exe
AddRemove-Steam App 380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 420 - c:\program files\Steam\steam.exe
AddRemove-Steam App 440 - c:\program files\Steam\steam.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5e,3c,da,7b,39,6f,7f,b3,a4,e5,e1,c0,14,5f,93,01,18,dc,11,1c,85,19,a3,
ce,b2,85,42,49,fe,49,98,de,dd,51,fd,4c,11,2d,71,a6,f4,5e,f2,bf,ee,dd,ae,67,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-147038334-2158946348-2334436982-1006\Software\SecuROM\License information*]
"datasecu"=hex:e1,4d,2d,b6,16,e7,39,57,ab,55,5e,d8,87,ef,02,3e,9d,af,39,29,ab,
0d,62,cf,b5,b7,e4,f8,ee,43,8b,62,17,d2,54,64,dc,72,22,1b,6f,cd,0d,a6,72,62,\
"rkeysecu"=hex:5b,b1,f1,96,e6,e7,05,7e,0c,23,86,99,20,fc,03,4c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3380)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\program files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\VentSrv\ventrilo_svc.exe
c:\program files\VentSrv\ventrilo_srv.exe
c:\windows\stsystra.exe
.
**************************************************************************
.
Completion time: 2010-10-10 20:11:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-10 19:11
ComboFix2.txt 2010-08-13 13:36
ComboFix3.txt 2010-08-09 21:02
ComboFix4.txt 2010-08-08 16:01
ComboFix5.txt 2010-10-10 18:37

Pre-Run: 1,374,904,320 bytes free
Post-Run: 1,268,649,984 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 3375D342497B66F6FA27384177034414

Attention: Your computer is severely infected with Win32\Ramnit what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

• How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  
• What Should I Do If I've Become A Victim Of Identity Theft?
  
• Identity Theft Victims Guide - What to do

Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:

• When should I re-format? How should I reinstall?
  
• Help: I Got Hacked. Now What Do I Do?
  
• Help: I Got Hacked. Now What Do I Do? Part II
  
• Where to draw the line? When to recommend a format and reinstall?
  

Guides for format and reinstall:

http://www.GeekPolice.net/tutorials-guides-f13/how-to-reformat-and-reinstall-your-operating-system-t15119.htm

http://www.helpmyos.com/tutorials-software-alternatives-to-proprietary-f19/how-to-reformat-and-reinstall-your-operating-system-the-easy-way-t1307.htm

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Having read all the stuff you sent I think it is best to reformat and re-install. I dont use internet banking etc. and I have disconnected this PC from the internet. I do share a wireless router with 3 other people and 4 PCs. You say the router needs to be reset with stronger passwords. Should I change the encryption keys as well. Also are the other PCs on this router likely to have the same virus. I know banking is done on the another PC from this router.

I will first check if I have all the things I need to re-install OS. If so I will do this at the weekend. If I transfer any important stuff to an external USB harddrive will that get infected as well?

This is a DELL PC and I thought I would use the DELL automatic recovery as per the link.

I would recommend to just change the encryption key on the router to something else.

The external drive should be fine. Just only transfer documents, pictures, videos, and music. Don't transfer programs or any file with an .exe extension.

Let me know of any more questions.

Still with us?

I have re-installed Windows XP as per the instructions on the Dell site, upgraded with all the windows updates, and recovery console. I downloaded AVG in place of MacAfee. I took a combofix scan, logs below. I am now re-installing the applications and data. It seems to be running OK, quicker in fact. Thanks for your help.

ComboFix 10-10-19.04 - Robert 20/10/2010 22:04:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.460 [GMT 1:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
.

2010-10-20 20:14 . 2010-10-20 20:14 -------- d-----w- c:\windows\LastGood
2010-10-19 06:36 . 2010-10-19 06:36 -------- d-----w- c:\program files\MSXML 4.0
2010-10-18 23:48 . 2010-10-18 23:48 -------- d-----w- c:\windows\ServicePackFiles
2010-10-18 23:01 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-10-18 22:32 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-10-18 22:21 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-10-18 22:19 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-10-18 22:10 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-10-18 22:02 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-10-18 21:31 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-10-18 21:09 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-10-18 20:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-10-18 20:37 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-10-18 20:35 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-10-18 20:30 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-10-18 20:30 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-10-18 20:29 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-10-18 14:53 . 2010-10-18 14:53 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-18 14:52 . 2010-10-19 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-18 14:47 . 2010-10-20 19:55 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-18 14:47 . 2010-10-18 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-18 14:44 . 2010-10-18 15:24 -------- d-----w- c:\program files\AVG
2010-10-18 12:10 . 2010-10-18 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-18 12:10 . 2010-10-18 12:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-10-18 12:10 . 2010-10-18 12:10 -------- d-----w- c:\program files\Yahoo!
2010-10-18 12:10 . 2010-10-18 12:10 -------- d-----w- c:\program files\CCleaner
2010-10-18 11:43 . 2010-10-18 11:44 -------- d-----w- c:\program files\iPod
2010-10-18 11:43 . 2010-10-18 11:48 -------- d-----w- c:\program files\iTunes
2010-10-18 11:43 . 2010-10-18 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-18 11:43 . 2010-10-18 11:43 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2010-10-18 11:43 . 2010-10-18 11:43 -------- d-----w- c:\program files\QuickTime
2010-10-18 11:43 . 2010-10-18 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-10-18 11:43 . 2010-10-18 11:43 -------- d-----w- c:\program files\Apple Software Update
2010-10-18 11:42 . 2010-10-18 11:44 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-18 11:42 . 2010-10-18 11:42 -------- d-----w- c:\program files\Bonjour
2010-10-18 11:42 . 2010-10-18 11:43 -------- d-----w- c:\program files\Common Files\Apple
2010-10-18 11:42 . 2010-10-18 11:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-10-18 11:39 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-18 11:39 . 2010-10-18 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-18 11:39 . 2010-10-18 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-18 11:39 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-18 11:36 . 2004-08-03 22:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-10-18 09:38 . 2010-10-18 09:38 -------- d-----w- c:\windows\ShellNew
2010-10-18 09:31 . 2010-10-20 20:20 56 --sh--r- c:\windows\system32\EFA7FF70F7.sys
2010-10-18 09:31 . 2010-10-20 20:20 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-10-18 09:22 . 2010-10-18 09:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2010-10-18 08:55 . 2010-10-18 08:55 -------- d-----w- c:\documents and settings\Owner
2010-10-18 08:55 . 2010-10-20 19:06 -------- d-----w- c:\documents and settings\Robert
2010-10-18 08:47 . 2004-08-03 21:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-18 08:47 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-18 08:47 . 2001-08-17 13:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 14:25 2565448 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-27 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-27 169984]
"BuildBU"="c:\dell\bldbubg.exe" [2006-09-27 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-27 7168]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 03:49 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/09/2010 10:35 6104144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 01:45 265400]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [12/01/2006 22:27 13696]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [12/01/2006 22:29 13568]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [18/10/2010 15:52 488776]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060927
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6060927
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-20 22:11:11
ComboFix-quarantined-files.txt 2010-10-20 21:11
ComboFix2.txt 2010-10-20 20:28

Pre-Run: 106,756,227,072 bytes free
Post-Run: 106,749,186,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D76DA3B6E8CD827F764C75AB6FADAA17

If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
  
• Ran OTC
  
• Ran TFC
  
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.