Malwarebytes Log -Still infected after Combofix

M

mike1414

Member
Hey John, this is Mike from annoyances.org I did manage to get malwarebytes going after doing an uninstall/reinstall and update. Here is my log:

Malwarebytes' Anti-Malware 1.43
Database version: 3460
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/30/2009 9:02:27 PM
mbam-log-2009-12-30 (21-02-20).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201147
Time elapsed: 1 hour(s), 45 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\d4xw4jbgw7.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hp5m5m0t58.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsm32.sys.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\winsts.sys.vir (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\Ipripv32.dll.vir (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\ndisdrv.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\bwsb.gio (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\jawegafa.dll.vir (Trojan.Vundo) -> No action taken.

I noticed that it says "no action taken". I opted for deletion upon the completion of the scan. A message popped up saying all items were deleted and that a restart was required. I restarted and the malwarebytes program gave me no further messages.
 
Hi Mike,

I'm glad you made it over here. The cleanup required is a lot easier here then over at annoyances forum. As long as you had it remove those infections there is no need to rerun it. Now that you have ran malwarebytes please post a fresh hijackthis log by doing this.

Open hijackthis
click on do a system scan and save a log file
Copy and paste everything inside that log back here in a reply.
 
Thanks! Here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:19 AM, on 1/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\hijackthis\abc.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\mike kearney\Local Settings\Temp\{8ABDDA07-00D4-4433-8EEF-143901FD74EC}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" -r (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca257a13230842) (gupdate1ca257a13230842) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
Ok, here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:34 AM, on 1/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\mike kearney\Local Settings\Temp\{8ABDDA07-00D4-4433-8EEF-143901FD74EC}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca257a13230842) (gupdate1ca257a13230842) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5535 bytes
 
I'm gonna post your combofix log from the other forum just so we have a reference to it.

ComboFix 09-12-29.05 - mike kearney 12/30/2009 3:48.1.1 - x86
Running from: c:\documents and settings\mike kearney\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mike kearney\Local Settings\ApplicationData\{ADB9DE66-C0A8-417E-9F45-D16219CC8311}
c:\documents and settings\mike kearney\Local Settings\ApplicationData\{ADB9DE66-C0A8-417E-9F45-D16219CC8311}\chrome.manifest
c:\documents and settings\mike kearney\Local Settings\ApplicationData\{ADB9DE66-C0A8-417E-9F45-D16219CC8311}\chrome\content\_cfg.js
c:\documents and settings\mike kearney\Local Settings\ApplicationData\{ADB9DE66-C0A8-417E-9F45-D16219CC8311}\chrome\content\overlay.xul
c:\documents and settings\mike kearney\Local Settings\ApplicationData\{ADB9DE66-C0A8-417E-9F45-D16219CC8311}\install.rdf
c:\recycler\S-1-5-21-1198635662-2378406869-3249918468-500
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\windows\Install.txt
c:\windows\system32\41.exe
c:\windows\system32\certstore.dat
c:\windows\system32\d4xw4jbgw7.dll
c:\windows\system32\FInstall.sys
c:\windows\system32\flags.ini
c:\windows\system32\hp5m5m0t58.dll
c:\windows\system32\Install.txt
c:\windows\system32\lsm32.sys
c:\windows\system32\mefupojo.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uses32.dat
c:\windows\system32\winsts.sys
c:\windows\Temp\2264284574.exe
c:\windows\Temp\2987489412.exe
c:\windows\Temp\3086083162.exe
c:\windows\uqoniyan.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSRV
-------\Legacy_FASTNETSRV
-------\Legacy_IPRIP
-------\Legacy_WINSTS
-------\Service_BtwSrv
-------\Service_Iprip
-------\Service_winsts


((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 05:28 . 2009-12-30 05:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-30 05:28 . 2009-12-30 05:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-30 05:28 . 2009-12-30 05:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-30 05:27 . 2009-12-30 05:27 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-30 05:27 . 2009-12-30 05:27 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-30 05:27 . 2009-12-30 05:27 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-30 05:10 . 2009-12-30 05:10 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-30 05:10 . 2009-12-30 05:10 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-30 05:08 . 2009-12-30 12:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-30 05:08 . 2009-12-30 05:08 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-30 04:58 . 2009-12-30 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\KasperskyLab Setup Files
2009-12-30 04:54 . 2009-12-30 04:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-12-30 04:48 . 2009-12-12 02:05 3613560 ----a-w- c:\documents and settings\mike kearney\Application Data\Simply Super Software\Trojan Remover\eah2.exe
2009-12-30 03:39 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-30 03:39 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-30 03:39 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-30 03:39 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-30 03:39 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\program files\Trojan Remover
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Simply Super Software
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-30 03:36 . 2009-12-30 03:36 -------- d--h--w- c:\windows\PIF
2009-12-30 02:13 . 2009-12-30 02:13 -------- d-----w- c:\program files\Unlocker
2009-12-30 01:01 . 2009-12-04 00:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 01:01 . 2009-12-04 00:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 00:12 . 2009-12-30 00:12 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Mozilla
2009-12-29 12:26 . 2009-12-29 12:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{17EA73DB-FD78-405F-9671-ADC2592A928A}
2009-12-29 11:57 . 2009-12-29 11:57 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-29 10:56 . 2009-12-29 10:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2009-12-29 10:55 . 2009-12-29 10:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-29 01:02 . 2009-12-30 10:19 0 ----a-w- c:\windows\Tqizakok.bin
2009-12-29 01:02 . 2009-12-30 04:48 120 ----a-w- c:\windows\Cxorezivanomozol.dat
2009-12-28 23:51 . 2009-12-30 03:43 707072 ----a-w- c:\windows\system32\drivers\iehertki.sys.vir
2009-12-28 23:51 . 2009-09-29 23:58 24576 ----a-w- c:\windows\system32\winupdate86.exe.vir
2009-12-28 23:51 . 2009-09-29 23:58 24576 ----a-w- c:\windows\system32\winlogon86.exe.vir
2009-12-12 01:48 . 2009-12-12 01:48 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Canon
2009-12-12 01:24 . 2002-05-24 11:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2009-12-12 01:24 . 2009-12-12 01:24 -------- d-----w- C:\CanoScan
2009-12-12 01:24 . 2003-09-18 01:35 339968 ----a-w- c:\windows\system32\N067UFW.DLL
2009-12-12 01:24 . 2002-09-12 09:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2009-12-08 22:28 . 2009-12-08 22:28 -------- d-----w- c:\program files\dcmsvc
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\documents and settings\mike kearney\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2009-12-08 22:27 . 2009-12-08 22:26 38784 ----a-w- c:\documents and settings\mike kearney\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\program files\Warner Bros. Digital Copy Manager
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-02 19:16 . 2009-12-02 19:16 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 12:10 . 2007-02-21 05:32 15285 ----a-w- c:\windows\system32\tablet.dat
2009-12-30 10:26 . 2009-09-15 23:30 22 ----a-w- c:\program files\SigurdServerPublicBeta0.5.1.zip
2009-12-30 05:02 . 2007-08-02 19:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 04:48 . 2007-08-02 07:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-30 03:36 . 2009-08-24 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 00:16 . 2009-08-25 11:47 -------- d-----w- c:\program files\Google
2009-12-12 01:26 . 2009-11-04 01:11 -------- d-----w- c:\program files\Canon
2009-12-12 01:26 . 2003-05-04 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-05 21:15 . 2008-10-03 13:08 -------- d-----w- c:\documents and settings\mike kearney\Application Data\uTorrent
2009-12-03 23:41 . 2005-06-28 09:18 57832 ----a-w- c:\documents and settings\mike kearney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-17 05:30 . 2009-11-17 05:30 20151 ----a-w- c:\windows\bubblegun.zip
2009-11-17 05:30 . 2009-11-17 05:30 24040 ----a-w- c:\windows\mathematics_boredom.zip
2009-11-16 14:26 . 2009-11-16 14:26 177024 ----a-w- c:\documents and settings\mike kearney\Application Data\Mozilla\Firefox\Profiles\wk3iehz3.default\FlashGot.exe
2009-11-12 09:37 . 2009-11-12 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2009-11-10 14:45 . 2009-11-10 14:45 184 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-10 14:45 . 2009-11-10 14:45 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-10 14:45 . 2009-11-10 14:45 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-11-10 14:45 . 2009-11-10 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-11-10 14:45 . 2009-08-15 10:19 -------- d-----w- c:\program files\iTunes
2009-11-10 14:44 . 2009-11-10 14:44 -------- d-----w- c:\program files\Last.fm
2009-11-09 08:56 . 2009-11-09 08:56 21860 ----a-w- c:\windows\Brownwood.zip
2009-11-04 01:13 . 2009-11-04 01:04 -------- d-----w- c:\program files\iXi Tools
2009-11-04 01:10 . 2009-11-04 01:10 -------- d-----w- c:\program files\A40WI410EN
2009-10-21 04:34 . 2009-10-21 04:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-15 05:18 . 2009-10-15 05:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-09 02:27 . 2009-10-16 09:59 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-03 03:39 . 2009-10-03 03:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-09-15 23:35 . 2009-09-15 23:35 2802441 ----a-w- c:\program files\SigurdClientPublicBeta0.4.4.zip
2008-11-13 01:31 . 2009-01-23 06:55 1639116 ----a-w- c:\program files\revosetup.exe
2008-10-04 09:22 . 2009-01-23 07:05 1426904 ----a-w- c:\program files\disk-defrag-setup.exe
2008-07-08 18:14 . 2009-09-15 23:36 2832443 ----a-w- c:\program files\SigurdClientPublicBeta0.4.4.exe
2008-04-12 06:37 . 2008-04-12 06:37 1206366 ----a-w- c:\program files\wrar371.exe
2007-08-07 05:38 . 2007-08-07 05:37 6448349 ----a-w- c:\program files\realalt152.exe
2006-09-15 10:33 . 2008-04-12 06:39 5984 ----a-w- c:\program files\audition20.gif
2006-09-15 10:33 . 2008-04-12 06:39 3408 ----a-w- c:\program files\audition20.nfo
2005-08-15 10:39 . 2005-08-15 10:39 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-06-12 12:21 . 2005-06-12 12:20 2304909 ----a-w- c:\program files\idasetup.exe
2005-06-12 09:39 . 2005-06-12 09:39 4709512 ----a-w- c:\program files\ymsgrie.exe
2005-06-11 13:45 . 2005-06-11 13:45 420974 ----a-w- c:\program files\XviD-04102002-1.exe
2005-06-11 13:43 . 2005-06-11 13:43 217329 ----a-w- c:\program files\gspot221.exe
2005-06-11 13:38 . 2005-06-11 13:38 867146 ----a-w- c:\program files\xvidcore-1.1.0-beta2.zip
2005-06-11 13:35 . 2005-06-11 13:35 379173 ----a-w- c:\program files\xvid-1[1].0.2.exe
2005-06-11 11:23 . 2005-06-11 11:23 2314920 ----a-w- c:\program files\LimeWireWin.exe
2005-06-11 11:21 . 2005-06-11 11:21 3241550 ----a-w- c:\program files\absetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"iHP-100"="c:\program files\iRiver\iHP100\iHPDetect.exe" [2003-10-01 28672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26
15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21
340456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2005-3-16 113664]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-4 77824]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli inwscp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\sigurdACPSERVER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\mike kearney\\Desktop\\mplayerc.exe"=
"c:\\Program Files\\FLVPlayer\\flvplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24218:TCP"= 24218:TCP:BitComet 24218 TCP
"24218:UDP"= 24218:UDP:BitComet 24218 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009
9:18 PM 36880]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe
[1/19/2007 1:41 AM 24652]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009
2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009
7:39 PM 19472]
S2 gupdate1ca257a13230842;Google Update Service (gupdate1ca257a13230842);c:\program
files\Google\Update\GoogleUpdate.exe [8/25/2009 3:49 AM 133104]
S3 ndisdrv;ndisdrv;c:\windows\system32\ndisdrv.sys [8/4/2004 2304]
.
Contents of the 'Scheduled Tasks' folder

2009-12-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-25
11:47]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 11:49]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 11:49]

2009-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886504741-119066451-3215704493-1005Core.job
- c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009-12-27 10:06]

2009-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886504741-119066451-3215704493-1005UA.job
- c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2009-12-27 10:06]
.
.
------- Supplementary Scan -------
.
IE: Download ALL with IDA
IE: Download with IDA
FF - ProfilePath - c:\documents and settings\mike kearney\Application Data\Mozilla\Firefox\Profiles\wk3iehz3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}
- c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {17EA73DB-FD78-405F-9671-ADC2592A928A} - c:\documents
and settings\Administrator\Local Settings\Application Data\{17EA73DB-FD78-405F-9671-ADC2592A928A}\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{1fe7cf78-e54c-47aa-a5ac-a51b4258fdc6} - (no file)
BHO-{65e2fd86-b80b-4ded-ecaa-6ff5287d6fe0} - c:\windows\uqoniyan.dll
HKCU-Run-Aim6 - (no file)
HKLM-Run-Izabacajuhiqijoy - c:\windows\uqoniyan.dll
HKU-Default-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
SharedTaskScheduler-{80a8497a-9a16-4670-91ef-7f1ac7c581ae} - (no file)
AddRemove-HijackThis - c:\documents and settings\mike kearney\Desktop\hijackthis\HijackThis.exe
AddRemove-XviD Media Codec - c:\program files\XviD\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 04:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?6?4?5???????
???B?????????????H 'lsass.exe'(1296)
c:\windows\inwscp.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\tabhook.dll
c:\windows\inwscp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-12-30 04:18:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-30 12:18

Pre-Run: 36,389,343,232 bytes free
Post-Run: 37,333,491,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin
/fastdetect

- - End Of File - - 4638FCB381E3C366D658CEEACF5F6E03
 
Please rerun hijackthis and place a check next to these items.

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Documents and Settings\mike kearney\Local Settings\Temp\{8ABDDA07-00D4-4433-8EEF-143901FD74EC}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe


Then click on fix checked.

You should also go into add/remove programs and uninstall anything that says viewpoint in it such as viewpoint manager, viewpoint media player.

Please delete the file combofix from your computer and download the latest version to your desktop.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

click on the bleeping computer link part way down the page. Remember to save the file to your desktop. After doing so, please do the following...

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
KILLALL

Files::
c:\windows\Tqizakok.bin
c:\windows\Cxorezivanomozol.dat
c:\windows\system32\drivers\iehertki.sys.vir
c:\windows\system32\winupdate86.exe.vir
c:\windows\system32\winlogon86.exe.vir

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
Okay. here's the second CF log :

ComboFix 10-01-03.05 - mike kearney 01/04/2010 4:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478.147 [GMT -8:00]
Running from: c:\documents and settings\mike kearney\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mike kearney\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2010-01-03 00:51 . 2007-07-31 19:57 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-01-03 00:51 . 2003-08-19 12:31 81920 ----a-w- c:\windows\system32\viscomwave.dll
2010-01-03 00:50 . 1998-06-18 07:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-01-03 00:50 . 2005-01-19 07:18 323584 ----a-w- c:\windows\system32\FoxImager.dll
2010-01-03 00:50 . 2010-01-03 00:50 -------- d-----w- c:\program files\Cheetah Burner
2010-01-02 13:04 . 2010-01-02 13:05 -------- d-----w- c:\program files\MediaMonkey
2010-01-02 11:14 . 2010-01-02 11:14 -------- d-----w- c:\program files\Trend Micro
2010-01-01 08:17 . 2010-01-01 08:17 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-31 02:37 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 02:37 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 02:37 . 2009-12-31 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 05:28 . 2009-12-30 05:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-30 05:28 . 2009-12-30 05:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-30 05:28 . 2009-12-30 05:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-30 05:27 . 2009-12-30 05:27 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-30 05:27 . 2009-12-30 05:27 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-30 05:27 . 2009-12-30 05:27 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-30 05:10 . 2009-12-30 05:10 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-30 05:10 . 2009-12-30 05:10 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-30 05:08 . 2010-01-04 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-30 05:08 . 2009-12-30 05:08 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-30 04:58 . 2009-12-30 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-30 04:48 . 2009-12-12 02:05 3613560 ----a-w- c:\documents and settings\mike kearney\Application Data\Simply Super Software\Trojan Remover\eah2.exe
2009-12-30 03:39 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-30 03:39 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-30 03:39 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-30 03:39 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-30 03:39 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\program files\Trojan Remover
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Simply Super Software
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-30 03:36 . 2009-12-30 03:36 -------- d--h--w- c:\windows\PIF
2009-12-30 02:13 . 2009-12-30 02:13 -------- d-----w- c:\program files\Unlocker
2009-12-29 12:26 . 2009-12-29 12:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{17EA73DB-FD78-405F-9671-ADC2592A928A}
2009-12-29 11:57 . 2009-12-29 11:57 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-29 10:56 . 2009-12-29 10:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2009-12-29 10:55 . 2009-12-29 10:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-29 01:02 . 2009-12-30 10:19 0 ----a-w- c:\windows\Tqizakok.bin
2009-12-29 01:02 . 2009-12-30 04:48 120 ----a-w- c:\windows\Cxorezivanomozol.dat
2009-12-28 23:51 . 2009-12-30 03:43 707072 ----a-w- c:\windows\system32\drivers\iehertki.sys.vir
2009-12-12 01:48 . 2009-12-12 01:48 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Canon
2009-12-12 01:24 . 2002-05-24 11:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2009-12-12 01:24 . 2009-12-12 01:24 -------- d-----w- C:\CanoScan
2009-12-12 01:24 . 2003-09-18 01:35 339968 ----a-w- c:\windows\system32\N067UFW.DLL
2009-12-12 01:24 . 2002-09-12 09:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2009-12-08 22:28 . 2009-12-08 22:28 -------- d-----w- c:\program files\dcmsvc
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\documents and settings\mike kearney\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2009-12-08 22:27 . 2009-12-08 22:26 38784 ----a-w- c:\documents and settings\mike kearney\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\program files\Warner Bros. Digital Copy Manager
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 13:06 . 2007-02-21 05:32 15285 ----a-w- c:\windows\system32\tablet.dat
2010-01-04 12:45 . 2005-11-30 08:16 -------- d-----w- c:\program files\Viewpoint
2010-01-03 00:50 . 2003-05-04 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 13:15 . 2008-10-03 13:08 -------- d-----w- c:\documents and settings\mike kearney\Application Data\uTorrent
2009-12-31 15:38 . 2009-10-24 11:55 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Audacity
2009-12-30 10:26 . 2009-09-15 23:30 22 ----a-w- c:\program files\SigurdServerPublicBeta0.5.1.zip
2009-12-30 05:02 . 2007-08-02 19:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 04:48 . 2007-08-02 07:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-20 00:16 . 2009-08-25 11:47 -------- d-----w- c:\program files\Google
2009-12-12 01:26 . 2009-11-04 01:11 -------- d-----w- c:\program files\Canon
2009-12-03 23:41 . 2005-06-28 09:18 57832 ----a-w- c:\documents and settings\mike kearney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-17 05:30 . 2009-11-17 05:30 20151 ----a-w- c:\windows\bubblegun.zip
2009-11-17 05:30 . 2009-11-17 05:30 24040 ----a-w- c:\windows\mathematics_boredom.zip
2009-11-16 14:26 . 2009-11-16 14:26 177024 ----a-w- c:\documents and settings\mike kearney\Application Data\Mozilla\Firefox\Profiles\wk3iehz3.default\FlashGot.exe
2009-11-12 09:37 . 2009-11-12 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2009-11-10 14:45 . 2009-11-10 14:45 184 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-10 14:45 . 2009-11-10 14:45 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-10 14:45 . 2009-11-10 14:45 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-11-10 14:45 . 2009-11-10 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-11-10 14:45 . 2009-08-15 10:19 -------- d-----w- c:\program files\iTunes
2009-11-10 14:44 . 2009-11-10 14:44 -------- d-----w- c:\program files\Last.fm
2009-11-09 08:56 . 2009-11-09 08:56 21860 ----a-w- c:\windows\Brownwood.zip
2009-10-21 04:34 . 2009-10-21 04:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-15 05:18 . 2009-10-15 05:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-09 02:27 . 2009-10-16 09:59 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-15 23:35 . 2009-09-15 23:35 2802441 ----a-w- c:\program files\SigurdClientPublicBeta0.4.4.zip
2008-11-13 01:31 . 2009-01-23 06:55 1639116 ----a-w- c:\program files\revosetup.exe
2008-10-04 09:22 . 2009-01-23 07:05 1426904 ----a-w- c:\program files\disk-defrag-setup.exe
2008-07-08 18:14 . 2009-09-15 23:36 2832443 ----a-w- c:\program files\SigurdClientPublicBeta0.4.4.exe
2008-04-12 06:37 . 2008-04-12 06:37 1206366 ----a-w- c:\program files\wrar371.exe
2007-08-07 05:38 . 2007-08-07 05:37 6448349 ----a-w- c:\program files\realalt152.exe
2006-09-15 10:33 . 2008-04-12 06:39 5984 ----a-w- c:\program files\audition20.gif
2006-09-15 10:33 . 2008-04-12 06:39 3408 ----a-w- c:\program files\audition20.nfo
2005-08-15 10:39 . 2005-08-15 10:39 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-06-12 12:21 . 2005-06-12 12:20 2304909 ----a-w- c:\program files\idasetup.exe
2005-06-12 09:39 . 2005-06-12 09:39 4709512 ----a-w- c:\program files\ymsgrie.exe
2005-06-11 13:45 . 2005-06-11 13:45 420974 ----a-w- c:\program files\XviD-04102002-1.exe
2005-06-11 13:38 . 2005-06-11 13:38 867146 ----a-w- c:\program files\xvidcore-1.1.0-beta2.zip
2005-06-11 13:35 . 2005-06-11 13:35 379173 ----a-w- c:\program files\xvid-1[1].0.2.exe
2005-06-11 11:23 . 2005-06-11 11:23 2314920 ----a-w- c:\program files\LimeWireWin.exe
2005-06-11 11:21 . 2005-06-11 11:21 3241550 ----a-w- c:\program files\absetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"iHP-100"="c:\program files\iRiver\iHP100\iHPDetect.exe" [2003-10-01 28672]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-4 77824]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\sigurdACPSERVER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\mike kearney\\Desktop\\mplayerc.exe"=
"c:\\Program Files\\FLVPlayer\\flvplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24218:TCP"= 24218:TCP:BitComet 24218 TCP
"24218:UDP"= 24218:UDP:BitComet 24218 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca257a13230842;Google Update Service (gupdate1ca257a13230842);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2009 3:49 AM 133104]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-25 11:47]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 11:49]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 11:49]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886504741-119066451-3215704493-1005Core.job
- c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 10:06]

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886504741-119066451-3215704493-1005UA.job
- c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 10:06]
.
.
------- Supplementary Scan -------
.
IE: Download ALL with IDA
IE: Download with IDA
FF - ProfilePath - c:\documents and settings\mike kearney\Application Data\Mozilla\Firefox\Profiles\wk3iehz3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {17EA73DB-FD78-405F-9671-ADC2592A928A} - c:\documents and settings\Administrator\Local Settings\Application Data\{17EA73DB-FD78-405F-9671-ADC2592A928A}\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 05:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?6?4?5??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\tabhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-04 05:16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-04 13:15
ComboFix2.txt 2009-12-30 12:18

Pre-Run: 36,880,154,624 bytes free
Post-Run: 36,903,993,344 bytes free

- - End Of File - - DD505ED1BAF8AA6ABD7DE4B4FE4DDCEE
 
Oops my bad... put files instead of file in the code box.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
KILLALL

File::
c:\windows\Tqizakok.bin
c:\windows\Cxorezivanomozol.dat
c:\windows\system32\drivers\iehertki.sys.vir
c:\windows\system32\winupdate86.exe.vir
c:\windows\system32\winlogon86.exe.vir

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
I deleted the outdated version of combofix and downloaded the new one to run the program.

here's the new log:

ComboFix 10-01-04.01 - mike kearney 01/06/2010 18:31:57.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478.163 [GMT -8:00]
Running from: c:\documents and settings\mike kearney\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mike kearney\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\windows\Cxorezivanomozol.dat"
"c:\windows\system32\drivers\iehertki.sys.vir"
"c:\windows\system32\winlogon86.exe.vir"
"c:\windows\system32\winupdate86.exe.vir"
"c:\windows\Tqizakok.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Cxorezivanomozol.dat
c:\windows\system32\drivers\iehertki.sys.vir
c:\windows\Tqizakok.bin

.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-03 00:51 . 2007-07-31 19:57 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-01-03 00:51 . 2003-08-19 12:31 81920 ----a-w- c:\windows\system32\viscomwave.dll
2010-01-03 00:50 . 1998-06-18 07:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-01-03 00:50 . 2005-01-19 07:18 323584 ----a-w- c:\windows\system32\FoxImager.dll
2010-01-03 00:50 . 2010-01-03 00:50 -------- d-----w- c:\program files\Cheetah Burner
2010-01-02 13:04 . 2010-01-02 13:05 -------- d-----w- c:\program files\MediaMonkey
2010-01-02 11:14 . 2010-01-02 11:14 -------- d-----w- c:\program files\Trend Micro
2010-01-01 08:17 . 2010-01-01 08:17 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0001.dat.drv
2009-12-31 02:37 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 02:37 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 02:37 . 2009-12-31 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 05:28 . 2009-12-30 05:28 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-30 05:28 . 2009-12-30 05:28 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-30 05:28 . 2009-12-30 05:28 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-30 05:27 . 2009-12-30 05:27 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-12-30 05:27 . 2009-12-30 05:27 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-30 05:27 . 2009-12-30 05:27 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2009-12-30 05:10 . 2009-12-30 05:10 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-30 05:10 . 2009-12-30 05:10 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-30 05:08 . 2010-01-06 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-30 05:08 . 2009-12-30 05:08 -------- d-----w- c:\program files\Kaspersky Lab
2009-12-30 04:58 . 2009-12-30 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-30 04:48 . 2009-12-12 02:05 3613560 ----a-w- c:\documents and settings\mike kearney\Application Data\Simply Super Software\Trojan Remover\eah2.exe
2009-12-30 03:39 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-30 03:39 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-30 03:39 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-30 03:39 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-30 03:39 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\program files\Trojan Remover
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Simply Super Software
2009-12-30 03:39 . 2009-12-30 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-30 03:36 . 2009-12-30 03:36 -------- d--h--w- c:\windows\PIF
2009-12-30 02:13 . 2009-12-30 02:13 -------- d-----w- c:\program files\Unlocker
2009-12-29 12:26 . 2009-12-29 12:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{17EA73DB-FD78-405F-9671-ADC2592A928A}
2009-12-29 11:57 . 2009-12-29 11:57 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2009-12-29 10:56 . 2009-12-29 10:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
2009-12-29 10:55 . 2009-12-29 10:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-12-12 01:48 . 2009-12-12 01:48 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Canon
2009-12-12 01:24 . 2002-05-24 11:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2009-12-12 01:24 . 2009-12-12 01:24 -------- d-----w- C:\CanoScan
2009-12-12 01:24 . 2003-09-18 01:35 339968 ----a-w- c:\windows\system32\N067UFW.DLL
2009-12-12 01:24 . 2002-09-12 09:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2009-12-08 22:28 . 2009-12-08 22:28 -------- d-----w- c:\program files\dcmsvc
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\documents and settings\mike kearney\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2009-12-08 22:27 . 2009-12-08 22:26 38784 ----a-w- c:\documents and settings\mike kearney\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\program files\Warner Bros. Digital Copy Manager
2009-12-08 22:27 . 2009-12-08 22:27 -------- d-----w- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 02:42 . 2007-02-21 05:32 15285 ----a-w- c:\windows\system32\tablet.dat
2010-01-04 12:45 . 2005-11-30 08:16 -------- d-----w- c:\program files\Viewpoint
2010-01-03 00:50 . 2003-05-04 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-02 13:15 . 2008-10-03 13:08 -------- d-----w- c:\documents and settings\mike kearney\Application Data\uTorrent
2009-12-31 15:38 . 2009-10-24 11:55 -------- d-----w- c:\documents and settings\mike kearney\Application Data\Audacity
2009-12-30 10:26 . 2009-09-15 23:30 22 ----a-w- c:\program files\SigurdServerPublicBeta0.5.1.zip
2009-12-30 05:02 . 2007-08-02 19:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-30 04:48 . 2007-08-02 07:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-20 00:16 . 2009-08-25 11:47 -------- d-----w- c:\program files\Google
2009-12-12 01:26 . 2009-11-04 01:11 -------- d-----w- c:\program files\Canon
2009-12-03 23:41 . 2005-06-28 09:18 57832 ----a-w- c:\documents and settings\mike kearney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-17 05:30 . 2009-11-17 05:30 20151 ----a-w- c:\windows\bubblegun.zip
2009-11-17 05:30 . 2009-11-17 05:30 24040 ----a-w- c:\windows\mathematics_boredom.zip
2009-11-16 14:26 . 2009-11-16 14:26 177024 ----a-w- c:\documents and settings\mike kearney\Application Data\Mozilla\Firefox\Profiles\wk3iehz3.default\FlashGot.exe
2009-11-12 09:37 . 2009-11-12 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2009-11-10 14:45 . 2009-11-10 14:45 184 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-11-10 14:45 . 2009-11-10 14:45 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-11-10 14:45 . 2009-11-10 14:45 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstITW\unins000.exe
2009-11-10 14:45 . 2009-11-10 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-11-10 14:45 . 2009-08-15 10:19 -------- d-----w- c:\program files\iTunes
2009-11-10 14:44 . 2009-11-10 14:44 -------- d-----w- c:\program files\Last.fm
2009-11-09 08:56 . 2009-11-09 08:56 21860 ----a-w- c:\windows\Brownwood.zip
2009-10-21 04:34 . 2009-10-21 04:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-15 05:18 . 2009-10-15 05:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-15 23:35 . 2009-09-15 23:35 2802441 ----a-w- c:\program files\SigurdClientPublicBeta0.4.4.zip
2008-11-13 01:31 . 2009-01-23 06:55 1639116 ----a-w- c:\program files\revosetup.exe
2008-10-04 09:22 . 2009-01-23 07:05 1426904 ----a-w- c:\program files\disk-defrag-setup.exe
2008-07-08 18:14 . 2009-09-15 23:36 2832443 ----a-w- c:\program files\SigurdClientPublicBeta0.4.4.exe
2008-04-12 06:37 . 2008-04-12 06:37 1206366 ----a-w- c:\program files\wrar371.exe
2007-08-07 05:38 . 2007-08-07 05:37 6448349 ----a-w- c:\program files\realalt152.exe
2006-09-15 10:33 . 2008-04-12 06:39 5984 ----a-w- c:\program files\audition20.gif
2006-09-15 10:33 . 2008-04-12 06:39 3408 ----a-w- c:\program files\audition20.nfo
2005-08-15 10:39 . 2005-08-15 10:39 22040920 ----a-w- c:\program files\iTunesSetup.exe
2005-06-12 12:21 . 2005-06-12 12:20 2304909 ----a-w- c:\program files\idasetup.exe
2005-06-12 09:39 . 2005-06-12 09:39 4709512 ----a-w- c:\program files\ymsgrie.exe
2005-06-11 13:45 . 2005-06-11 13:45 420974 ----a-w- c:\program files\XviD-04102002-1.exe
2005-06-11 13:38 . 2005-06-11 13:38 867146 ----a-w- c:\program files\xvidcore-1.1.0-beta2.zip
2005-06-11 13:35 . 2005-06-11 13:35 379173 ----a-w- c:\program files\xvid-1[1].0.2.exe
2005-06-11 11:23 . 2005-06-11 11:23 2314920 ----a-w- c:\program files\LimeWireWin.exe
2005-06-11 11:21 . 2005-06-11 11:21 3241550 ----a-w- c:\program files\absetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-14 229438]
"iHP-100"="c:\program files\iRiver\iHP100\iHPDetect.exe" [2003-10-01 28672]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-12-4 77824]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\DFBHD.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\sigurdACPSERVER.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\mike kearney\\Desktop\\mplayerc.exe"=
"c:\\Program Files\\FLVPlayer\\flvplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24218:TCP"= 24218:TCP:BitComet 24218 TCP
"24218:UDP"= 24218:UDP:BitComet 24218 UDP

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 gupdate1ca257a13230842;Google Update Service (gupdate1ca257a13230842);c:\program files\Google\Update\GoogleUpdate.exe [8/25/2009 3:49 AM 133104]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-25 11:47]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 11:49]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-25 11:49]

2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886504741-119066451-3215704493-1005Core.job
- c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 10:06]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2886504741-119066451-3215704493-1005UA.job
- c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-27 10:06]
.
.
------- Supplementary Scan -------
.
IE: Download ALL with IDA
IE: Download with IDA
FF - ProfilePath - c:\documents and settings\mike kearney\Application Data\Mozilla\Firefox\Profiles\wk3iehz3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\mike kearney\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {17EA73DB-FD78-405F-9671-ADC2592A928A} - c:\documents and settings\Administrator\Local Settings\Application Data\{17EA73DB-FD78-405F-9671-ADC2592A928A}\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 20:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?6?4?5??`???? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1544)
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\tabhook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2010-01-06 20:34:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 04:34
ComboFix2.txt 2010-01-04 13:16
ComboFix3.txt 2009-12-30 12:18

Pre-Run: 36,643,557,376 bytes free
Post-Run: 36,578,222,080 bytes free

- - End Of File - - 9DC9A896D9774512047A0F394474950B
 
Hi Mike,

Your log looks good now. How is your system running now?

Just a couple things to do now.

Please go into add/remove programs and uninstall anything that has viewpoint in it such as viewpoint media player, viewpoint manager. It's considered foistware and is not needed on a system.

Go ahead and run a fresh hijackthis scan and post the log from it so we can verify everything is clean now.
 
Sorry it took me so long to post. I didn't see the "page 2" link at the bottom and was waiting for a reply myself. My system has been running pretty stable since the first Combofix run. But I wanted to stick with it and get as clean as I can. I'm running a trial of Kaspersky antivirus. Which of the free antivirus progs would you recommend? From what I understand, AVG and Avira are two good ones. I've run both and Avira seems to run a lot faster. For some reason though, I didn't have an antivirus running on my laptop at the time of infection.

Anyway, here's my HT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:04 PM, on 1/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca257a13230842) (gupdate1ca257a13230842) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4845 bytes


*** oh yeah, and I already removed all of the viewpoint crap I could find. I use Revo Uninstall to get all the leftover crap in the registry that the Windows uninstaller misses.
 
Last edited:
Hi Mike,

Just so you know you can subscribe to any thread so when someone replies you get an email confirmation to the email address that you supplied when you signed up for an account. The subscribe button is down in the additional options area when you reply to a post. It will say "thread subscription" and you can set that to either instant email notification or daily email notification depending on what you want.

I run AVG free edition and love it with no problems whatsoever. If you aren't sure of what to use, you can always install one and see how it goes and then install another one and test that for awhile until you find one you like. Just make sure that you only have 1 antivirus installed at any given time as having 2 installed is bad for a system.

Your log is clean. The main program you want to use though is a malware scanner like malwarebytes or superantispyware. You want to run one of them every few days just to keep your system clean. The antivirus program you can run once a week and be okay.
 
Last edited:
Thank you for all of the help and advice! When you talk about running an antivirus once a week, you're talking about a system scan right?
 
Yes, and usually you want to start the scan and walk away for a couple hours until it finishes. You really don't want to be doing anything on the computer while its scanning.
 
Your welcome Mike. Just wanted to recommend to you to stay here at this forum as its a lot better than annoyances forum. There are some veterans over there that are just down right mean to you.
 
You must log in or register to reply here.
Back
Top