HJT & ComboFix Logs...please help

[SHO]

So, this was a very infected laptop I picked up. Removed tons of malware, and here are my logs. Can someone have a look and offer some help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:33 PM, on 11/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JZhang\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 5189 bytes


ComboFix 08-11-12.02 - Administrator 2008-11-14 21:14:15.1 - NTFSx86 MINIMAL
Command switches used :: c:\documents and settings\JZhang\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
c:\program files\Common Files\asks~1
c:\windows\system32\aiqyhpef.ini
c:\windows\system32\avjsgmmf.dll
c:\windows\system32\bwffeiel.dll
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\bestwiner.stt
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\cqkasabt.ini
c:\windows\system32\drivers\TDSSmaxt.sys
c:\windows\system32\fqgcfumj.ini
c:\windows\system32\ltadrkcb.ini
c:\windows\system32\mqxhlxfv.ini
c:\windows\system32\nsfcjwll.ini
c:\windows\system32\qufxbuej.ini
c:\windows\system32\rfjrcx.dll
c:\windows\system32\rrfrby.dll
c:\windows\system32\TDSScfub.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSoeqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\tnoeijka.ini
c:\windows\system32\uobssdop.ini
c:\windows\system32\vjasmbft.dll
c:\windows\system32\wtduispg.ini
c:\windows\system32\wxwolgip.ini
c:\windows\system32\xkkqaaug.ini
c:\windows\system32\ylksof.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-14 21:02 . 2008-11-14 21:03 <DIR> d-------- c:\documents and settings\JZhang\Application Data\U3
2008-11-14 20:25 . 2008-11-14 20:25 3,478 --a------ c:\windows\system32\tmp.reg
2008-11-14 20:24 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-14 20:24 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-14 20:24 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-14 20:24 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-14 20:24 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-14 20:24 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-14 20:24 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-14 20:24 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-14 20:24 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-14 20:24 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-14 19:55 . 2008-11-14 19:55 <DIR> d-------- C:\VundoFix Backups
2008-11-14 19:45 . 2008-11-14 19:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\U3
2008-11-14 17:22 . 2008-11-14 17:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-14 17:21 . 2008-11-14 17:21 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-11-14 14:40 . 2008-11-14 20:53 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-14 14:39 . 2008-11-14 20:52 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-14 14:20 . 2008-11-14 14:20 <DIR> d-------- c:\documents and settings\JZhang\Application Data\Malwarebytes
2008-11-14 14:19 . 2008-11-14 14:19 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-14 14:19 . 2008-11-14 14:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-14 14:19 . 2008-06-09 20:13 34,296 --a------ c:\windows\system32\drivers\mbamcatchme.sys
2008-11-14 14:19 . 2008-06-09 20:13 15,864 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-14 13:42 . 2008-11-14 17:09 <DIR> d-------- c:\program files\a-squared Free
2008-11-14 13:28 . 2008-11-14 13:28 <DIR> d-------- c:\program files\Lavasoft
2008-11-14 13:19 . 2008-11-14 17:22 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-14 13:19 . 2008-11-14 13:19 <DIR> d-------- c:\documents and settings\JZhang\Application Data\SUPERAntiSpyware.com
2008-11-14 13:19 . 2008-11-14 13:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-14 13:18 . 2008-11-14 13:27 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-14 13:02 . 2008-11-14 13:02 <DIR> d-------- c:\program files\CCleaner
2008-11-14 12:17 . 2008-11-14 12:17 129 --a------ C:\Shortcut to CD Drive.lnk
2008-11-10 11:36 . 2008-11-14 21:21 2,148 --a------ c:\windows\system32\wpa.dbl
2008-11-10 11:34 . 2008-11-14 21:21 0 --a------ c:\windows\system.ini
2008-11-07 20:11 . 2003-03-18 17:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-11-07 11:08 . 2008-11-07 11:08 9,662 --a------ c:\windows\system32\ZoneAlarmIconUS.ico
2008-11-07 03:35 . 2008-11-07 03:35 4,286 --a------ c:\windows\system32\Jamster.ico
2008-11-07 02:44 . 2008-11-14 15:09 <DIR> d--hs---- c:\windows\ag
2008-11-05 11:58 . 2008-11-05 11:58 <DIR> d-------- c:\program files\Common Files\xing shared
2008-11-04 22:03 . 2008-11-04 22:03 <DIR> d-------- c:\program files\Avira
2008-11-04 22:03 . 2008-11-04 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-03 13:19 . 2008-11-03 13:19 25 --a------ c:\windows\cdplayer.ini
2008-11-03 13:19 . 2008-11-03 13:19 0 --a------ c:\windows\nsreg.dat
2008-11-03 09:48 . 2008-11-14 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-01 23:37 . 2008-11-02 02:16 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-01 22:34 . 2008-11-01 22:34 18,637 --a------ c:\program files\Common Files\adydu.pif
2008-11-01 22:34 . 2008-11-01 22:34 14,303 --a------ c:\program files\Common Files\ypoky.dat
2008-11-01 22:34 . 2008-11-01 22:34 12,258 --a------ c:\windows\qenuwodi.db
2008-11-01 22:34 . 2008-11-01 22:34 10,121 --a------ c:\program files\Common Files\upomado.vbs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 16:36 --------- d-----w c:\program files\eSignal
2008-11-13 03:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 03:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-05 16:58 --------- d-----w c:\program files\Common Files\Real
2008-11-03 18:02 --------- d-----w c:\program files\Real
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 561152]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-07-16 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-07-16 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-04-13 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
D-Link AirPlus G Wireless Utility.lnk - c:\program files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe [2008-02-12 782412]
D-Link REG Utility.lnk - c:\program files\D-Link\AirPlus G Wireless Adapter Utility\Reg.exe [2008-02-12 24576]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 59080]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 69632]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eSignal\\winros.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware 2007\\lsupdatemanager.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware 2007\\Ad-Aware2007.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\7-Zip\\7zFMn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys [2003-04-27 8704]
R3 st3wolf;st3wolf;c:\windows\system32\DRIVERS\st3wolf.sys [2003-04-27 99360]
S3 csaudio;USB2.0 Audio Device Driver;c:\windows\system32\DRIVERS\CsAud.sys [2003-03-24 11008]
S3 DCamUSB20GAB;Hi-speed USB 2.0 TVBOX;c:\windows\system32\Drivers\GMini20.sys [2003-07-17 73156]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c001de0-b269-11dd-8e7b-000d56389311}]
\Shell\¶}±Ò(&O)\command - RECYCLER\UcHelp.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{001D98AC-22DC-457F-86FC-6E24E722B58f} - (no file)
BHO-{0ECC566D-22DC-457F-86FC-6E24E722B58f} - (no file)
BHO-{3B3159B7-22DC-457F-86FC-6E24E722B58f} - (no file)
BHO-{4AD6994B-74DB-5B5A-8C3A-5BC00222849F} - (no file)
BHO-{4E83C91C-27DA-5B5C-8C3A-5BC0022285CE} - (no file)
BHO-{9a03795a-88d7-4b4f-bedc-ac05fc5d467b} - (no file)
Toolbar-SITEguard - (no file)
ShellExecuteHooks-{75ABCF92-9764-4DFA-A83F-5142C3905052} - (no file)
Notify-AutorunsDisabled - pmnkJyax.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\JZhang\Application Data\Mozilla\Firefox\Profiles\n87hygh0.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 21:21:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\hpzipm12.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-11-14 21:26:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-15 02:26:17

Pre-Run: 21,407,784,960 bytes free
Post-Run: 21,281,964,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

205


ComboFix looked to have removed a lot. It did say I had rootkits before it rebooted and started up in safe mode to complete it's scan. I've already run full scans with SAS, MAM, Adaware, and A-squared in regular and safe mode. They found lots of Trojans and other malware. Also ran a full AVIRA AV scan, and that came up w/ stuff too. Can't get Spybot to install. Also, can't get to ther Windows Update site to do updates even though the computer is online and will go to other sites, no problem. Should I run Panda scan for rootkits?

Thanks.

 

[ceewi1]

You appear to have a flash drive infection, among other things. This may have infected any other machines that the flash drive was plugged into, so I suggest you check those as well.

Please plug any flash drives you have into your computer.

Please set Windows to show hidden files:

• From any folder, select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

Please navigate to each flash drive and look for a folder named Recycler. If found, see if it contains a file called UcHelp.exe. If so, delete that file and any others within the Recycler folder.

• Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  

  File::
  c:\program files\Common Files\adydu.pif
  c:\program files\Common Files\ypoky.dat
  c:\windows\qenuwodi.db
  c:\program files\Common Files\upomado.vbs
  
  Registry::
  [-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6c001de0-b269-11dd-8e7b-000d56389311}]

• Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.
  
  
  
  
  
  
  
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.

CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please post

• The ComboFix log
• A new HijackThis log
• A new log with Malwarebytes' Antimalware
• An update on how your system is running now