And finally the Combofix log:

ComboFix 09-02-15.01 - Ronaldo Garces 2009-02-19 20:25:35.6 - NTFSx86
Running from: c:\documents and settings\Ronaldo Garces\Desktop\ComboFix.exe.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-18 20:22 . 2009-02-18 20:22 <DIR> d-------- C:\_OTMoveIt
2009-02-16 10:26 . 2009-02-16 10:39 <DIR> d-------- c:\documents and settings\Ronaldo Garces\DoctorWeb
2009-02-16 08:20 . 2009-02-16 08:20 <DIR> d-------- C:\rsit
2009-02-11 23:17 . 2009-02-12 00:49 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-11 23:10 . 2009-02-18 20:11 <DIR> d-------- c:\program files\CleanUp!
2009-02-07 15:47 . 2009-02-07 15:47 <DIR> d-------- c:\program files\ERUNT
2009-02-05 23:31 . 2009-02-05 23:31 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 01:23 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-16 05:00 --------- d-----w c:\program files\Yahoo!
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2006-02-25 05:33 57,304 -c--a-w c:\documents and settings\Ronaldo Garces\Application Data\GDIPFONTCACHEV1.DAT
2009-02-20 01:10 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-02-20 01:10 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-20 01:10 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-02-20 01:10 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-02-20 01:10 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-20 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-19_ 7.45.23.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 12:22:12 414,264 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-20 00:50:27 414,264 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-19 12:23:03 20,585 ----a-w c:\windows\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll
+ 2009-02-20 01:18:10 20,585 ----a-w c:\windows\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll
- 2009-02-19 12:22:56 36,947 ----a-w c:\windows\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll
+ 2009-02-20 01:17:45 36,947 ----a-w c:\windows\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll
- 2009-02-19 12:22:55 135,270 ----a-w c:\windows\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll
+ 2009-02-20 01:17:43 135,270 ----a-w c:\windows\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll
- 2009-02-19 12:22:44 815,185 ----a-w c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
+ 2009-02-20 01:17:21 815,185 ----a-w c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
- 2009-02-19 12:23:04 28,787 ----a-w c:\windows\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll
+ 2009-02-20 01:18:12 28,787 ----a-w c:\windows\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll
- 2009-02-19 12:23:05 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll
+ 2009-02-20 01:18:13 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll
- 2009-02-19 12:23:03 24,674 ----a-w c:\windows\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll
+ 2009-02-20 01:18:10 24,674 ----a-w c:\windows\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll
- 2009-02-19 12:23:06 36,981 ----a-w c:\windows\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll
+ 2009-02-20 01:18:15 36,981 ----a-w c:\windows\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll
- 2009-02-19 12:22:49 24,676 ----a-w c:\windows\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll
+ 2009-02-20 01:17:32 24,676 ----a-w c:\windows\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll
- 2009-02-19 12:22:47 20,571 ----a-w c:\windows\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll
+ 2009-02-20 01:17:27 20,571 ----a-w c:\windows\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll
- 2009-02-19 12:22:59 24,671 ----a-w c:\windows\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll
+ 2009-02-20 01:17:53 24,671 ----a-w c:\windows\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll
- 2009-02-19 12:22:57 28,753 ----a-w c:\windows\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll
+ 2009-02-20 01:17:47 28,753 ----a-w c:\windows\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll
- 2009-02-19 12:23:07 41,057 ----a-w c:\windows\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
+ 2009-02-20 01:18:16 41,057 ----a-w c:\windows\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
- 2009-02-19 12:23:06 24,678 ----a-w c:\windows\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll
+ 2009-02-20 01:18:16 24,678 ----a-w c:\windows\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll
- 2009-02-19 12:23:06 24,675 ----a-w c:\windows\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll
+ 2009-02-20 01:18:16 24,675 ----a-w c:\windows\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll
- 2009-02-19 12:22:57 90,197 ----a-w c:\windows\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll
+ 2009-02-20 01:17:47 90,197 ----a-w c:\windows\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll
- 2009-02-19 12:23:07 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll
+ 2009-02-20 01:18:17 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll
- 2009-02-19 12:22:50 28,770 ----a-w c:\windows\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll
+ 2009-02-20 01:17:34 28,770 ----a-w c:\windows\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll
- 2009-02-19 12:23:00 819,261 ----a-w c:\windows\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
+ 2009-02-20 01:17:56 819,261 ----a-w c:\windows\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
- 2009-02-19 12:23:06 77,941 ----a-w c:\windows\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll
+ 2009-02-20 01:18:15 77,941 ----a-w c:\windows\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll
- 2009-02-19 12:22:50 94,273 ----a-w c:\windows\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll
+ 2009-02-20 01:17:33 94,273 ----a-w c:\windows\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll
- 2009-02-19 12:22:56 24,665 ----a-w c:\windows\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll
+ 2009-02-20 01:17:46 24,665 ----a-w c:\windows\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll
- 2009-02-19 12:23:02 90,219 ----a-w c:\windows\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll
+ 2009-02-20 01:18:05 90,219 ----a-w c:\windows\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll
- 2009-02-19 12:22:52 1,040,497 ----a-w c:\windows\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
+ 2009-02-20 01:17:37 1,040,497 ----a-w c:\windows\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
- 2009-02-19 12:23:05 61,541 ----a-w c:\windows\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll
+ 2009-02-20 01:18:13 61,541 ----a-w c:\windows\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll
- 2009-02-19 12:22:48 77,919 ----a-w c:\windows\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll
+ 2009-02-20 01:17:29 77,919 ----a-w c:\windows\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll
- 2009-02-19 12:23:04 32,879 ----a-w c:\windows\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
+ 2009-02-20 01:18:11 32,879 ----a-w c:\windows\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
- 2009-02-19 12:22:48 28,767 ----a-w c:\windows\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll
+ 2009-02-20 01:17:30 28,767 ----a-w c:\windows\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll
- 2009-02-19 12:22:59 94,295 ----a-w c:\windows\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll
+ 2009-02-20 01:17:50 94,295 ----a-w c:\windows\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll
- 2009-02-19 12:23:03 110,692 ----a-w c:\windows\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll
+ 2009-02-20 01:18:09 110,692 ----a-w c:\windows\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll
- 2009-02-19 12:22:58 131,149 ----a-w c:\windows\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
+ 2009-02-20 01:17:48 131,149 ----a-w c:\windows\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
- 2009-02-19 12:23:02 24,682 ----a-w c:\windows\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll
+ 2009-02-20 01:18:05 24,682 ----a-w c:\windows\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll
- 2009-02-19 12:23:02 32,865 ----a-w c:\windows\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll
+ 2009-02-20 01:18:04 32,865 ----a-w c:\windows\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll
- 2009-02-19 12:23:01 28,769 ----a-w c:\windows\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll
+ 2009-02-20 01:18:01 28,769 ----a-w c:\windows\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll
- 2009-02-19 12:23:04 20,589 ----a-w c:\windows\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll
+ 2009-02-20 01:18:11 20,589 ----a-w c:\windows\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll
- 2009-02-19 12:23:18 28,762 ----a-w c:\windows\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll
+ 2009-02-20 01:18:35 28,762 ----a-w c:\windows\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll
- 2009-02-19 12:23:01 20,567 ----a-w c:\windows\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
+ 2009-02-20 01:18:00 20,567 ----a-w c:\windows\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-02 124232]
"AV-Update-9"="c:\program files\Symantec AntiVirus\vpdn_lu.exe" [2004-08-02 79176]
"LiveUpdate Runner"="c:\program files\LiveUpdate Runner\GSB_NAV_LU.exe" [2004-10-14 290816]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SunServer"="c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 290816]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\Ronaldo Garces\Start Menu\Programs\Startup\
Shortcut to wofi.exe.lnk - c:\program files\WoFi\wofi.exe [2004-11-08 1515585]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-01 57344]
SlimServer Tray Tool.lnk - c:\program files\SlimServer\SlimTray.exe [2006-04-25 1183813]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
none [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2005-05-29 13:01 118784 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-08-02 173392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1c05e84-93e4-11db-b0b8-0012f05e1fbf}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Ronaldo Garces\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 20:31:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
Completion time: 2009-02-19 20:34:26
ComboFix-quarantined-files.txt 2009-02-20 01:33:08
ComboFix2.txt 2009-02-19 12:47:47
ComboFix3.txt 2009-02-18 01:34:56
ComboFix4.txt 2009-02-16 20:56:30

Pre-Run: 11,724,648,448 bytes free
Post-Run: 11,714,367,488 bytes free

238 --- E O F --- 2009-02-11 07:01:06

Hello.. First of all, I need to ask..

Is this a home or work computer?.. Do you make this computer as server on a network?


Lets do this first...


Please download Dr.Web CureIt to the Desktop:

• Please reboot into Safe Mode
• Once you are in Safe Mode, double-click the launch.exe or cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
• Click the green arrow button at the right, and the scan will start.
• After the scan finished, click Select all
• Click on Cure and choose Move incurable
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your Desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)

How is the computer now?

I mistakenly clicked "Delete Incurable" instead of "Move Incurable" because I couldn't recall the instructions. Does that make a difference? In any case, the computer is definitely working better. Also, it is a home computer, not a server on a network. Are we close?

Here is the Dr. Web report:

ComboFix.exe.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Ronaldo Garces\Desktop\ComboFix.exe.exe/data002;Probably BATCH.Virus;;
ComboFix.exe.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Ronaldo Garces\Desktop\ComboFix.exe.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Ronaldo Garces\Desktop;Archive contains infected objects;;
ComboFix.exe.exe;C:\Documents and Settings\Ronaldo Garces\Desktop;Container contains infected objects;Moved.;
UACgchlouob.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.365;Deleted.;
UACimavbnma.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.365;Deleted.;
UACmfdudxlg.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.365;Incurable.Deleted.;
UACrfqquwpd.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.365;Incurable.Deleted.;
UACvuyexwie.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.365;Deleted.;
A0303343.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP917;Trojan.Packed.365;Deleted.;
A0303344.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP917;Trojan.Packed.365;Deleted.;
A0303345.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP917;Trojan.Packed.365;Deleted.;
A0303346.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP917;Probably Trojan.Packed.365;Incurable.Deleted.;
A0303367.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP917;Probably BATCH.Virus;Incurable.Deleted.;
A0303440.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP917;Probably BATCH.Virus;Incurable.Deleted.;
A0303501.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP918;Probably Trojan.Packed.365;Incurable.Deleted.;
A0303515.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP918;Probably BATCH.Virus;Incurable.Deleted.;
A0303531.EXE;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP918;Program.PsExec.170;Incurable.Deleted.;
A0303647.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP919;Probably BATCH.Virus;Incurable.Deleted.;
A0305790.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP919\A0305790.exe/data002;Probably BATCH.Virus;;
A0305790.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP919\A0305790.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP919;Archive contains infected objects;;
A0305790.exe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP919;Container contains infected objects;Moved.;

Download avz4.zip from HERE

• Unzip it to your desktop to a folder named avz4
• Double click on AVZ.exe to run it.
• Run an update by clicking the Auto Update button on the Right of the Log window:
• Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again



1. Start AVZ.
2. Choose from the menu File => Standard scripts and mark the 3. Healing/Quarantine and Advanced System Investigation check box.
3. Click on the Execute selected scripts.
4. Automatic scanning, healing and system check will be executed.
5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
7. All applications will work properly after the system restart.

• After that, please restart AVZ again,
• From the "File" menu, choose "Standard Scripts"
• Put a check next to item 2: Advanced System Investigation
• Click Execute selected scripts
• At the next prompt, click the OK button
• Let the scan run and click "OK" when the completion prompt pops up
• Now Close out of the Standard Scripts window, and exit AVZ
• Navigate to the avz4 folder and locate the folder LOG
• Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
• Attach virusinfo_syscheck.htm to your next reply

This post has been edited by fenzodahl512: Feb 20 2009, 12:49 PM

OK, attached is the virusinfo.syscheck.htm file...

Hello..

1. How many antivirus that present in the computer?.. I see CA and Symantec antivirus.. Please uninstall ALL of them but leave only ONE antivirus running in the computer..

2. Are you a programmer?.. Do you programs in PERL language?

3. How's the computer now?

OK, not sure I understand your first point, but I uninstalled CA but left Symantec running. I am not a PERL programmer... the computer seems to be running well. Is there anything else that needs to be done?

Thanks for all your help!

Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.

• Make sure you have internet connection..
• Double-click OTCleanIt.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread



Have a safe and happy computing day!


Regards
fenzodahl512

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.