Virus, malware, trojan [RESOLVED]

Just an update the computer is back to her good ole' slow ways. i would post a log but have class in 15 minutes. Again thanks for looking.

Hello ejs5069, and welcome to Geeks To Go! My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again.

Sorry for the delay as you can tell we are quite busy these days, please do the following

ComboFix

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log here in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix 08-09-22.06 - Evan 2008-09-23 17:05:39.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.294 [GMT -4:00]
Running from: C:\Users\Evan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 17:01 . 2008-09-23 17:01 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-09-16 20:47 . 2008-09-16 20:48 <DIR> d-------- C:\Program Files\ERUNT
2008-09-16 15:39 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-16 15:39 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-16 15:39 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-16 15:39 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-16 15:38 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-16 15:38 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-16 15:38 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-16 15:38 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-16 15:38 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-09 18:14 . 2008-07-30 19:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 18:14 . 2008-07-30 23:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-09 18:14 . 2008-07-30 23:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 18:12 . 2008-06-25 23:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 16:22 . 2008-09-09 16:22 <DIR> d-------- C:\Windows\871DF2BE41D24334AC33839AF16FC8FE.TMP
2008-09-08 15:03 . 2008-09-08 15:03 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-08 15:01 . 2008-09-08 15:01 <DIR> d-------- C:\Program Files\iTunes
2008-09-08 15:01 . 2008-09-08 15:01 <DIR> d-------- C:\Program Files\iPod
2008-09-03 22:04 . 2008-09-03 22:04 <DIR> d-------- C:\New Folder (2)
2008-09-03 00:43 . 2008-09-03 00:43 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-01 18:22 . 2008-09-01 18:22 <DIR> d-------- C:\Users\Evan\AppData\Roaming\Malwarebytes
2008-09-01 18:22 . 2008-09-01 18:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-01 18:22 . 2008-09-01 18:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-01 18:22 . 2008-09-16 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 18:22 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-01 18:22 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:39 . 2008-08-24 22:10 <DIR> d-------- C:\Users\Evan\AppData\Roaming\Symantec
2008-08-24 14:25 . 2008-09-16 15:32 <DIR> d-------- C:\Program Files\Norton 360
2008-08-24 14:16 . 2008-08-31 19:00 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-08-24 14:16 . 2008-08-31 19:00 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-08-24 14:16 . 2008-08-31 19:00 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-08-24 14:14 . 2008-08-31 19:00 <DIR> d-------- C:\Program Files\Symantec
2008-08-24 14:13 . 2008-08-31 13:03 <DIR> d-------- C:\Users\All Users\Symantec
2008-08-24 14:13 . 2008-08-31 13:03 <DIR> d-------- C:\ProgramData\Symantec
2008-08-24 14:13 . 2008-08-31 13:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 01:15 --------- d-----w C:\Users\Evan\AppData\Roaming\uTorrent
2008-09-10 05:23 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 05:06 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 18:58 --------- d-----w C:\Program Files\Bonjour
2008-09-03 04:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 15:43 --------- d-----w C:\ProgramData\McAfee
2008-08-22 04:32 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 13:03 --------- d-----w C:\Program Files\Google
2008-08-20 21:24 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-17 01:08 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-15 23:12 --------- d-----w C:\Users\Evan\AppData\Roaming\iolo
2008-08-15 22:32 --------- d-----w C:\Program Files\iolo
2008-08-15 22:29 --------- d-----w C:\ProgramData\iolo
2008-08-15 22:13 --------- d-----w C:\Program Files\Common Files\Authentium
2008-08-11 17:47 --------- d-----w C:\Program Files\Safari
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-30 21:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-23 00:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-11 03:29 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-05-03 06:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-03 06:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-03 06:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-20 1862144]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 C:\Windows\sttray.exe]

C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-20 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-06-20 45056]
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-07-16 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
--a------ 2008-06-10 16:18 785520 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{277C9A17-320C-450C-AD0F-FF55D993A4DC}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{DBB73E0C-F4E0-441B-A63C-7C44D21632A6}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3BC07FE0-F4EB-4245-9566-BC30D71B9188}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{99F425BB-4A88-4A0B-A55F-8E16626D6B41}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{515724F5-9289-4773-9CAE-E9C160A51666}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43B0245E-1329-4D06-ABA0-FF199FEECD95}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA87FB63-0A4A-4A5F-9121-4385A17ACB4B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D32A4ABF-8A8D-49DE-9C62-44A4544F5975}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B455AC22-3B6D-4215-AED3-BCA3FD67B07D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CB057F0F-2C06-46DD-A116-C677E3C63B5D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AEB93ED4-FC24-457F-A8F2-1B1ACEFD406C}"= UDP:990:LocalSubnet:LocalSubnet|IF={DEE3175E-847C-4D72-B30C-084D5A9929A7}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{26329D8F-820F-45FF-923C-AA281A88EE2E}"= UDP:990:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{89D667AB-3920-464D-9389-2B332F61F142}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{36629C8D-BCA8-42FE-89B8-8412F14801BA}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{B9917582-4CCB-4EB7-9B28-99513831D530}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{7DB99203-B1FE-4494-9324-F553DB2394F1}"= UDP:999:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{74C6570B-37C7-4EAA-A729-1C965FABBD9A}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{45086113-A19D-430E-981D-C4A1401F7D3A}"= UDP:990:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{031A539C-50DE-456C-BC74-8FBCF1BAF52F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FF7B95D4-42FF-4706-8F16-5A6EA8B17821}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DFC21607-A7B6-4BAA-BE4F-CBCA4AE481AE}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{07716993-B88E-4909-B06F-5101C7AC1351}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{88629EF9-5DAB-4BDF-AD60-C000DB73DFA8}"= UDP:5721:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{6F05DAF9-7D77-403F-A39F-AD6C17C765A5}"= UDP:1034:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{62C43350-82B2-43DE-9144-85338AD90889}"= UDP:5678:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{1EF8809E-7493-42E7-B832-15FD45E2BF3B}"= UDP:999:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{383EE6A8-96C1-43A1-A03E-A025CB358DC5}"= UDP:26675:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{14E2C0F7-AF5A-4446-9D63-04517036E711}"= UDP:990:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{A3D193D3-5A48-4FC1-B7EC-23B36D91648E}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{F3D5C407-D90F-4711-B2B2-67CA218943D0}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{135F5333-F477-4EFD-8655-54B2CE78BBE1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{519F70E9-8121-46DE-B501-7E0446A71A13}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B1097FE-9877-4647-818B-B73EC4502CCD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D6809436-F829-47C0-A023-42C76CAADE6B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7FF85C5C-8A3D-4A4D-9505-E45531ED3962}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7C50284F-F632-44E2-8994-4A5B22CD23DE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{13650342-E706-4FB0-BC62-B2AE01F5B63A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{00BC51DC-90FC-4260-B281-2FDDD73CE55F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080918.001\IDSvix86.sys [2008-09-12 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a7ded9-474f-11dc-b092-00188bd6b794}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12a9989-2f2c-11dc-a293-00188bd6b794}]
\shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\fvxyw36u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://espn.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - c:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 17:10:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 17:12:47
ComboFix-quarantined-files.txt 2008-09-23 21:12:38

Pre-Run: 63,139,287,040 bytes free
Post-Run: 63,108,304,896 bytes free

240 --- E O F --- 2008-09-10 05:31:32





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:37 PM, on 9/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Evan\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12391 bytes


thanks bhowett

Hi ejs5069,

Please do the following...

Real-time protection can interfere with Scanners

Disable Windows Defender until the computer is clean

• Open Windows Defender
• Select Tools and then General Settings
• Under Real Time Protection Options uncheck Turn on real-time protection
• Select Save

Don't forget to re-enable it, when your computer is clean.

=========================================================================

ComboFix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
C:\Windows\871DF2BE41D24334AC33839AF16FC8FE.TMP
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a7ded9-474f-11dc-b092-00188bd6b794}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12a9989-2f2c-11dc-a293-00188bd6b794}]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

=========================================================================

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

=========================================================================

ATF Cleaner

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

=========================================================================

Kaspersky

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

=========================================================================

Needed in your next reply:

Combofix log
Kaspersky results

Also let me know how things are running with your system

ComboFix 08-09-22.06 - Evan 2008-09-23 19:00:59.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.382 [GMT -4:00]
Running from: C:\Users\Evan\Desktop\ComboFix.exe
Command switches used :: C:\Users\Evan\Desktop\New Folder (4)\CFScript.txt

FILE ::
C:\Windows\871DF2BE41D24334AC33839AF16FC8FE.TMP
.

((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2008-09-23 17:01 . 2008-09-23 18:58 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-09-16 20:47 . 2008-09-16 20:48 <DIR> d-------- C:\Program Files\ERUNT
2008-09-16 15:39 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-09-16 15:39 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-09-16 15:39 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-09-16 15:39 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-09-16 15:38 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-09-16 15:38 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-09-16 15:38 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-09-16 15:38 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-09-16 15:38 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-09-09 18:14 . 2008-07-30 19:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 18:14 . 2008-07-30 23:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-09 18:14 . 2008-07-30 23:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 18:12 . 2008-06-25 23:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 16:22 . 2008-09-09 16:22 <DIR> d-------- C:\Windows\871DF2BE41D24334AC33839AF16FC8FE.TMP
2008-09-08 15:03 . 2008-09-08 15:03 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-08 15:01 . 2008-09-08 15:01 <DIR> d-------- C:\Program Files\iTunes
2008-09-08 15:01 . 2008-09-08 15:01 <DIR> d-------- C:\Program Files\iPod
2008-09-03 22:04 . 2008-09-03 22:04 <DIR> d-------- C:\New Folder (2)
2008-09-03 00:43 . 2008-09-03 00:43 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-01 18:22 . 2008-09-01 18:22 <DIR> d-------- C:\Users\Evan\AppData\Roaming\Malwarebytes
2008-09-01 18:22 . 2008-09-01 18:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-01 18:22 . 2008-09-01 18:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-01 18:22 . 2008-09-16 19:25 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 18:22 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-09-01 18:22 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-24 14:39 . 2008-08-24 22:10 <DIR> d-------- C:\Users\Evan\AppData\Roaming\Symantec
2008-08-24 14:25 . 2008-09-16 15:32 <DIR> d-------- C:\Program Files\Norton 360
2008-08-24 14:16 . 2008-08-31 19:00 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-08-24 14:16 . 2008-08-31 19:00 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-08-24 14:16 . 2008-08-31 19:00 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-08-24 14:14 . 2008-08-31 19:00 <DIR> d-------- C:\Program Files\Symantec
2008-08-24 14:13 . 2008-08-31 13:03 <DIR> d-------- C:\Users\All Users\Symantec
2008-08-24 14:13 . 2008-08-31 13:03 <DIR> d-------- C:\ProgramData\Symantec
2008-08-24 14:13 . 2008-08-31 13:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 01:15 --------- d-----w C:\Users\Evan\AppData\Roaming\uTorrent
2008-09-10 05:23 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 05:06 --------- d-----w C:\Program Files\Microsoft Works
2008-09-08 18:58 --------- d-----w C:\Program Files\Bonjour
2008-09-03 04:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-24 15:43 --------- d-----w C:\ProgramData\McAfee
2008-08-22 04:32 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 13:03 --------- d-----w C:\Program Files\Google
2008-08-20 21:24 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-17 01:08 --------- d-----w C:\Program Files\Enigma Software Group
2008-08-15 23:12 --------- d-----w C:\Users\Evan\AppData\Roaming\iolo
2008-08-15 22:32 --------- d-----w C:\Program Files\iolo
2008-08-15 22:29 --------- d-----w C:\ProgramData\iolo
2008-08-15 22:13 --------- d-----w C:\Program Files\Common Files\Authentium
2008-08-11 17:47 --------- d-----w C:\Program Files\Safari
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-30 21:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-07-23 00:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-11 03:29 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-05-03 06:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-05-03 06:19 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-05-03 06:19 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_17.11.31.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-23 03:40:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-23 21:18:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-23 03:40:31 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-09-23 21:18:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-23 03:43:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-09-23 21:22:11 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-09-23 03:43:28 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-23 21:22:17 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-09-23 21:22:17 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-09-23 05:57:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-23 22:30:31 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-23 05:57:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-23 22:30:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-23 05:57:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-23 22:30:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-23 03:45:30 14,330 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-547222373-1237774912-1167122385-1000_UserData.bin
+ 2008-09-23 21:22:00 14,330 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-547222373-1237774912-1167122385-1000_UserData.bin
- 2008-09-23 03:45:21 71,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-09-23 21:22:00 71,794 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-22 17:07:30 55,762 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-23 21:21:41 55,920 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-20 1862144]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 C:\Windows\sttray.exe]

C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-20 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-06-20 45056]
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-07-16 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
--a------ 2008-06-10 16:18 785520 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{277C9A17-320C-450C-AD0F-FF55D993A4DC}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{DBB73E0C-F4E0-441B-A63C-7C44D21632A6}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3BC07FE0-F4EB-4245-9566-BC30D71B9188}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{99F425BB-4A88-4A0B-A55F-8E16626D6B41}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{515724F5-9289-4773-9CAE-E9C160A51666}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43B0245E-1329-4D06-ABA0-FF199FEECD95}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BA87FB63-0A4A-4A5F-9121-4385A17ACB4B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D32A4ABF-8A8D-49DE-9C62-44A4544F5975}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B455AC22-3B6D-4215-AED3-BCA3FD67B07D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{CB057F0F-2C06-46DD-A116-C677E3C63B5D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{AEB93ED4-FC24-457F-A8F2-1B1ACEFD406C}"= UDP:990:LocalSubnet:LocalSubnet|IF={DEE3175E-847C-4D72-B30C-084D5A9929A7}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{26329D8F-820F-45FF-923C-AA281A88EE2E}"= UDP:990:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{89D667AB-3920-464D-9389-2B332F61F142}"= UDP:5721:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{36629C8D-BCA8-42FE-89B8-8412F14801BA}"= UDP:1034:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{B9917582-4CCB-4EB7-9B28-99513831D530}"= UDP:5678:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{7DB99203-B1FE-4494-9324-F553DB2394F1}"= UDP:999:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{74C6570B-37C7-4EAA-A729-1C965FABBD9A}"= UDP:26675:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{45086113-A19D-430E-981D-C4A1401F7D3A}"= UDP:990:LocalSubnet:LocalSubnet|IF={BE00EBF2-5CD5-4981-8B68-A63A685E5158}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{031A539C-50DE-456C-BC74-8FBCF1BAF52F}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FF7B95D4-42FF-4706-8F16-5A6EA8B17821}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{DFC21607-A7B6-4BAA-BE4F-CBCA4AE481AE}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{07716993-B88E-4909-B06F-5101C7AC1351}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{88629EF9-5DAB-4BDF-AD60-C000DB73DFA8}"= UDP:5721:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{6F05DAF9-7D77-403F-A39F-AD6C17C765A5}"= UDP:1034:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{62C43350-82B2-43DE-9144-85338AD90889}"= UDP:5678:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{1EF8809E-7493-42E7-B832-15FD45E2BF3B}"= UDP:999:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{383EE6A8-96C1-43A1-A03E-A025CB358DC5}"= UDP:26675:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{14E2C0F7-AF5A-4446-9D63-04517036E711}"= UDP:990:LocalSubnet:LocalSubnet|IF={2DA67923-A207-4CEE-A680-635B319D6033}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"{A3D193D3-5A48-4FC1-B7EC-23B36D91648E}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{F3D5C407-D90F-4711-B2B2-67CA218943D0}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{135F5333-F477-4EFD-8655-54B2CE78BBE1}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{519F70E9-8121-46DE-B501-7E0446A71A13}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8B1097FE-9877-4647-818B-B73EC4502CCD}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D6809436-F829-47C0-A023-42C76CAADE6B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7FF85C5C-8A3D-4A4D-9505-E45531ED3962}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7C50284F-F632-44E2-8994-4A5B22CD23DE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{13650342-E706-4FB0-BC62-B2AE01F5B63A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{00BC51DC-90FC-4260-B281-2FDDD73CE55F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080918.001\IDSvix86.sys [2008-09-12 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - COMHOST
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 19:05:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-23 19:07:21
ComboFix-quarantined-files.txt 2008-09-23 23:07:15
ComboFix2.txt 2008-09-23 21:12:49

Pre-Run: 66,103,861,248 bytes free
Post-Run: 66,065,399,808 bytes free

242 --- E O F --- 2008-09-10 05:31:32

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, September 24, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 24, 2008 00:37:24
Records in database: 1252623
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 111903
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:52:33

No malware has been detected. The scan area is clean.

The selected area was scanned.



My computer seems to be running fine now. Ever since this started it has gone back and forth from [bleep] to good. I'm starting to think this might be hardware related. The computer randomly shut down 3 times today. Each time i seem to be holding it in the same place. Yesterday my computer was running fine and towards the end of the day it turned to [bleep]. Today when I turned it on it was running smooth as could be. Then there was a period of about an hour that the computer seemed rather sluggish and like i said before it is running fine again. Hope that helps lol

Hi ejs5069,

Well your clean of malware, but what concerns me is the loud noises …

Over the past several weeks my computer has been randomly shutting, making loud noises, and has also had 100% cpu usage.

So you might want to post in the tech forums, and let them know you were cleared on the malware forum.

ComboFix Removal
Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

===============================================

This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have. . I know you already have some of these items like antivirus or firewall, but I like to include them anyway incase you ever need them or want to change them.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.