Hello. I am getting popups from internet explorer and firefox when I am only using the firefox browser.
I ran Vundofix and VirtumondoBeGone but both found nothing.
Here is my malawarebytes and hijackthis logs.

MBAM
Malwarebytes' Anti-Malware 1.31
Database version: 1474
Windows 5.1.2600 Service Pack 2

12/31/2008 3:53:23 PM
mbam-log-2008-12-31 (15-53-20).txt

Scan type: Quick Scan
Objects scanned: 48292
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:25 PM, on 12/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [lagisilome] Rundll32.exe "C:\WINDOWS\system32\kolubagu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lagisilome] Rundll32.exe "C:\WINDOWS\system32\kolubagu.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O20 - AppInit_DLLs: wbsys.dll efccpz.dll ecyfut.dll adlfvc.dll mcnuhq.dll c:\windows\system32\ c:\windows\system32\wuyowoli.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4149 bytes

Also heres the Virtumondo Log
[12/31/2008, 16:21:27] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Badlands\Desktop\VirtumundoBeGone.exe" )
[12/31/2008, 16:21:33] - Detected System Information:
[12/31/2008, 16:21:33] - Windows Version: 5.1.2600, Service Pack 2
[12/31/2008, 16:21:33] - Current Username: Badlands (Admin)
[12/31/2008, 16:21:33] - Windows is in NORMAL mode.
[12/31/2008, 16:21:33] - Searching for Browser Helper Objects:
[12/31/2008, 16:21:33] - Finished Searching Browser Helper Objects
[12/31/2008, 16:21:33] - Finishing up...
[12/31/2008, 16:21:33] - Nothing found! Exiting...


Any help would be appreciated.

Remove those two entries found by Malwarebytes' if you haven't told it to delete them already.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKUS\S-1-5-19\..\Run: [lagisilome] Rundll32.exe "C:\WINDOWS\system32\kolubagu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [lagisilome] Rundll32.exe "C:\WINDOWS\system32\kolubagu.dll",s (User 'NETWORK SERVICE')

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\kolubagu.dll
C:\WINDOWS\system32\efccpz.dll
C:\WINDOWS\system32\ecyfut.dll
C:\WINDOWS\system32\adlfvc.dll
C:\WINDOWS\system32\mcnuhq.dll
c:\windows\system32\wuyowoli.dll

1. Download combofix at http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Only file I could find in system32 was c:\windows\system32\mcnuhq.dll but it wouldn't let me delete it. I than ran combofix which seems to have deleted it. Heres the log.

ComboFix 08-12-31.01 - Badlands 2009-01-01 20:26:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1575 [GMT -5:00]
Running from: c:\documents and settings\Badlands\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\akutihuy.ini
c:\windows\system32\awtrpOhf.dll
c:\windows\system32\jxerchlh.dll
c:\windows\system32\mcnuhq.dll
c:\windows\Tasks\ppsgcywb.job

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-31 16:34 . 2008-12-31 16:34 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 16:34 . 2008-12-31 16:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-31 16:13 . 2008-12-31 16:13 <DIR> d-------- C:\VundoFix Backups
2008-12-31 12:42 . 2008-12-31 12:42 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 02:35 . 2008-12-31 02:35 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-31 02:35 . 2008-12-31 02:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 18:38 . 2008-12-29 19:18 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Twain
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\program files\UltraMon
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\program files\Common Files\Realtime Soft
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Realtime Soft
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Realtime Soft
2008-12-08 00:54 . 2008-12-08 00:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 00:54 . 2008-12-08 00:54 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Malwarebytes
2008-12-08 00:54 . 2008-12-08 00:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 00:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 00:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 22:53 . 2008-12-07 22:53 <DIR> d-------- c:\program files\Lavasoft
2008-12-07 22:53 . 2008-12-07 22:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 19:07 . 2008-12-06 19:07 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-06 19:07 . 2008-12-06 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-06 19:06 . 2008-12-06 19:06 <DIR> d-------- c:\windows\Logs
2008-12-06 19:06 . 2008-12-06 19:06 <DIR> d-------- c:\program files\MSBuild
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-06 19:03 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-06 19:00 . 2008-12-06 19:00 <DIR> d-------- c:\windows\system32\xlive
2008-12-06 18:59 . 2008-12-06 18:59 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-06 01:54 . 2008-12-06 02:09 <DIR> d-------- c:\program files\Smart FLV Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 01:20 --------- d-----w c:\program files\Trillian
2008-12-31 21:34 --------- d-----w c:\program files\Java
2008-12-30 06:13 --------- d--h--w c:\documents and settings\Badlands\Application Data\Azureus
2008-12-29 08:47 --------- d-----w c:\program files\Steam
2008-12-23 04:12 --------- d--h--w c:\documents and settings\Badlands\Application Data\OpenOffice.org2
2008-12-08 03:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-07 00:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-02-08 22:42 22,328 ---ha-w c:\documents and settings\Badlands\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2007-12-16 693536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]

c:\documents and settings\Badlands\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-05 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-08 16:10 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Badlands^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Badlands\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Badlands^Start Menu^Programs^Startup^Registration .LNK]
path=c:\documents and settings\Badlands\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-15 03:14 577536 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 11:51 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
--a------ 2007-07-26 15:05 20480 c:\program files\GIGABYTE\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 15:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 19:25 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-08 16:42 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2006-12-14 21:58 208896 c:\windows\system32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2006-12-14 21:58 69632 c:\windows\system32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys2]
-ra------ 2006-12-14 21:59 217088 c:\windows\system32\WinSys2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 05:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-05 03:08 16380416 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\dark messiah might and magic multi-player\\mm.exe"=
"c:\\Program Files\\GTR2\\GTR2.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 Ip6fmimin;Ip6fmimin; []
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Badlands\Application Data\Mozilla\Firefox\Profiles\lmob0f1r.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 20:30:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NUL
L*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-725345543-261903793-839522115-1003
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NUL
L*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-725345543-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NUL
L*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-725345543-261903793-839522115-1003
@Allowed: (Full) (S-1-5-21-725345543-261903793-839522115-1003)
@Allowed: (Full) (S-1-5-21-725345543-261903793-839522115-1003)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-725345543-261903793-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NUL
L*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NUL
L*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-725345543-261903793-839522115-1003
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NUL
L*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
.
**************************************************************************
.
Completion time: 2009-01-01 20:34:14 - machine was rebooted [Badlands]
ComboFix-quarantined-files.txt 2009-01-02 01:34:12

Pre-Run: 323,627,700,224 bytes free
Post-Run: 323,853,197,312 bytes free

235 --- E O F --- 2008-02-05 02:40:01

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

New combofix log.

ComboFix 09-01-01.01 - Badlands 2009-01-02 2:31:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1492 [GMT -5:00]
Running from: c:\documents and settings\Badlands\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Badlands\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\sw20.exe
c:\windows\system32\sw24.exe
c:\windows\system32\WinSys2.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sw20.exe
c:\windows\system32\sw24.exe
c:\windows\system32\WinSys2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ip6fmimin


((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-01 22:06 . 2009-01-01 22:06 <DIR> d-------- c:\program files\Launchy
2009-01-01 22:06 . 2009-01-01 22:06 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Launchy
2008-12-31 16:34 . 2008-12-31 16:34 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 16:34 . 2008-12-31 16:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-31 16:13 . 2008-12-31 16:13 <DIR> d-------- C:\VundoFix Backups
2008-12-31 12:42 . 2008-12-31 12:42 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 02:35 . 2008-12-31 02:35 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-31 02:35 . 2008-12-31 02:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 18:38 . 2008-12-29 19:18 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Twain
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\program files\UltraMon
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\program files\Common Files\Realtime Soft
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Realtime Soft
2008-12-23 23:24 . 2008-12-23 23:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Realtime Soft
2008-12-08 00:54 . 2008-12-08 00:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 00:54 . 2008-12-08 00:54 <DIR> d-------- c:\documents and settings\Badlands\Application Data\Malwarebytes
2008-12-08 00:54 . 2008-12-08 00:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 00:54 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 00:54 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 22:53 . 2008-12-07 22:53 <DIR> d-------- c:\program files\Lavasoft
2008-12-07 22:53 . 2008-12-07 22:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-06 19:07 . 2008-12-06 19:07 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-06 19:07 . 2008-12-06 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3
2008-12-06 19:06 . 2008-12-06 19:06 <DIR> d-------- c:\windows\Logs
2008-12-06 19:06 . 2008-12-06 19:06 <DIR> d-------- c:\program files\MSBuild
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-06 19:04 . 2008-12-06 19:04 <DIR> d-------- c:\program files\Reference Assemblies
2008-12-06 19:03 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-06 19:00 . 2008-12-06 19:00 <DIR> d-------- c:\windows\system32\xlive
2008-12-06 18:59 . 2008-12-06 18:59 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-06 01:54 . 2008-12-06 02:09 <DIR> d-------- c:\program files\Smart FLV Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 07:31 --------- d-----w c:\program files\Trillian
2008-12-31 21:34 --------- d-----w c:\program files\Java
2008-12-30 06:13 --------- d--h--w c:\documents and settings\Badlands\Application Data\Azureus
2008-12-29 08:47 --------- d-----w c:\program files\Steam
2008-12-23 04:12 --------- d--h--w c:\documents and settings\Badlands\Application Data\OpenOffice.org2
2008-12-08 03:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-07 00:07 --------- d--h--w c:\program files\InstallShield Installation Information
2008-02-08 22:42 22,328 ---ha-w c:\documents and settings\Badlands\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 12:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-01_20.33.35.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-02 07:35:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2009-01-02 07:35:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2007-12-16 693536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]

c:\documents and settings\Badlands\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-02-05 3581680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-01-01 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-03-08 16:10 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Badlands^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Badlands\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Badlands^Start Menu^Programs^Startup^Registration .LNK]
path=c:\documents and settings\Badlands\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BandwidthMonitor]
--a------ 2008-08-15 03:14 577536 c:\program files\BandwidthMonitor\BWMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 11:51 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
--a------ 2007-07-26 15:05 20480 c:\program files\GIGABYTE\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
--a------ 2008-08-01 15:36 1103216 c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
--a------ 2007-09-04 19:25 81920 c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-08 16:42 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 05:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-07-05 03:08 16380416 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\dark messiah might and magic multi-player\\mm.exe"=
"c:\\Program Files\\GTR2\\GTR2.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\pikazml@aol.com\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 UltraMonUtility;UltraMon Utility Driver;\??\c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 11776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048]
.
Contents of the 'Scheduled Tasks' folder

2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Badlands\Application Data\Mozilla\Firefox\Profiles\lmob0f1r.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 02:35:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-01-02 2:39:45 - machine was rebooted [Badlands]
ComboFix-quarantined-files.txt 2009-01-02 07:39:43
ComboFix2.txt 2009-01-02 01:34:15

Pre-Run: 323,762,573,312 bytes free
Post-Run: 323,677,134,848 bytes free

217 --- E O F --- 2008-02-05 02:40:01

Delete this folder:

c:\documents and settings\Badlands\Application Data\Twain

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.

Let me know how that goes

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.