Spyware detected warning

Hi Lindsey1080,

Welcome to DCF!

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt

New HijackThis log.

markamus,

 

Here is the second part, sorry if it is a pain.

 

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN
-------\Service_ApiMon
-------\Service_core


(((((((((((((((((((((((((   Files Created from 2008-07-20 to 2008-08-20  )))))))))))))))))))))))))))))))
.

2008-08-20 15:59 . 2008-08-20 16:05         d--hs----    C:\WINDOWS\SYSTEM32\wsnpoem
2008-08-20 04:06 . 2008-08-20 04:06         d--------    C:\Program Files\ThreatFire
2008-08-20 04:06 . 2008-08-20 04:06         d--------    C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-20 04:06 . 2008-04-24 16:52    51,520    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfFsMon.sys
2008-08-20 04:06 . 2008-04-24 16:52    38,208    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfSysMon.sys
2008-08-20 04:06 . 2008-04-24 16:52    33,088    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfNetMon.sys
2008-08-20 04:06 . 2008-04-24 16:52    12,608    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfKbMon.sys
2008-08-20 03:36 . 2008-08-20 03:36         d--------    C:\Program Files\Trend Micro
2008-08-14 12:57 . 2008-05-01 07:30    331,776    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-14 04:02 . 2008-08-20 16:04    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-08-14 04:02 . 2008-08-14 04:02    1,409    --a------    C:\WINDOWS\QTFont.for
2008-08-05 11:42 . 2008-08-15 10:37         d--------    C:\Documents and Settings\Brooke\Application Data\WeatherBug
2008-07-25 21:55 . 2008-07-25 21:56         d--------    C:\Documents and Settings\Mark\Application Data\Key Folder

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 23:03    ---------    d-----w    C:\Documents and Settings\Brooke\Application Data\Key Folder
2008-08-20 11:30    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\Key Folder
2008-08-20 09:15    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\WeatherBug
2008-08-15 03:14    ---------    d-----w    C:\Documents and Settings\Debra\Application Data\Key Folder
2008-07-24 00:53    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\AdobeUM
2008-07-09 05:26    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\HTML Executable
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 05:57    ---------    d-----w    C:\Documents and Settings\Brooke\Application Data\HTML Executable
2008-07-07 05:56    ---------    d-----w    C:\Program Files\Esthetician
2008-06-29 02:28    ---------    d-----w    C:\Program Files\LimeWire
2008-06-24 16:23    74,240    ----a-w    C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23    74,240    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49    18,432    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41    245,248    ----a-w    C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41    245,248    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41    148,992    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44    138,368    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10    272,128    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-04-13 22:09    1,024    ----a-w    C:\Documents and Settings\Lindsey\Application Data\Ex.exe
2008-05-07 04:29    848    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39c384ac-7c58-48f7-a467-8e6e939702f7}]
2007-07-27 18:50    171520    --a------    C:\WINDOWS\system32\itgxcor.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96396318-7F31-4719-9131-87E8666EB4AB}]
2008-08-20 16:01    0    d--hs----    \

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2005-08-05 15:08 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-09-09 18:35 1597440]
"Key"="C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe" [2008-05-04 16:18 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 02:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 02:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52 380928]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [2004-05-21 16:12 64512]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 14:30 290816]
"HostManager"="C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe" [2005-08-02 12:33 159832]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-04-14 10:50 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-04-14 10:50 185456]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 01:44 1836544]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 10:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-17 00:02 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Key"="C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe" [2008-05-04 16:18 229376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"ThreatFire"="C:\Program Files\ThreatFire\TFTray.exe" [2008-04-24 16:52 259392]

C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-01-12 20:13:29 217088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130183905\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{20DD9560-F534-47C0-917E-28B8DDD42FDE} - C:\WINDOWS\system32\jkkll.dll
HKCU-Run-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
HKLM-Run-lphctv3j0e96g - C:\WINDOWS\system32\lphctv3j0e96g.exe
Notify-jkkll - C:\WINDOWS\system32\jkkll.dll
Notify-vtuuutt - vtuuutt.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\rfr5ovjf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 16:05:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\iSafe.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\WINDOWS\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Completion time: 2008-08-20 16:16:43 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-20 23:15:33

Pre-Run: 25,662,324,736 bytes free
Post-Run: 29,318,299,648 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

329    --- E O F ---    2008-08-20 21:46:48

 markamus,

 

Thank you so much, my new log exceeds 20,000 characters so I will try and fit it in 2 messages.  Here is the first part...

 

ComboFix 08-08-19.05 - Brooke 2008-08-20 15:36:12.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.169 [GMT -7:00]
Running from: C:\Documents and Settings\Brooke\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brooke\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\interclick.com
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\interclick.com\ud.sol
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\static.youku.com
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\static.youku.com\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\static.youku.com\v1.0.0293\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Brooke\Cookies\brooke@2o7[1].txt
C:\Documents and Settings\Brooke\Cookies\brooke@ad.yieldmanager[2].txt
C:\Documents and Settings\Brooke\Cookies\brooke@ads.pointroll[1].txt
C:\Documents and Settings\Brooke\Cookies\brooke@advertising[1].txt
C:\Documents and Settings\Brooke\Cookies\brooke@ehg-uniontrib.hitbox[2].txt
C:\Documents and Settings\Brooke\Cookies\brooke@insightexpressai[2].txt
C:\Documents and Settings\Brooke\Cookies\brooke@rightmedia[1].txt
C:\Documents and Settings\Brooke\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\#SharedObjects\F45YSVKW\interclick.com
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\#SharedObjects\F45YSVKW\interclick.com\ud.sol
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Debra\Cookies\debra@2o7[1].txt
C:\Documents and Settings\Debra\Cookies\debra@ehg-interactivateinc.hitbox[1].txt
C:\Documents and Settings\Debra\Cookies\debra@insightexpressai[1].txt
C:\Documents and Settings\Debra\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\Kerri\Cookies\kerri@ad.yieldmanager[1].txt
C:\Documents and Settings\Kerri\Cookies\kerri@advertising[2].txt
C:\Documents and Settings\Kerri\Cookies\kerri@ehg-cbs.hitbox[1].txt
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\interclick.com
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\interclick.com\ud.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0204\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0213\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0233\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0234\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0235\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0236\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0237\v\swf\qplayer.swf\youku.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0241\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0247\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0254\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0255\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0261\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0270\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0272\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0275\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0277\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0279\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0281\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0282\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0287\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0293\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0294\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0296\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0298\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\#SharedObjects\8ELZNK44\static.youku.com\v1.0.0301\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\Lindsey\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Documents and Settings\Lindsey\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Lindsey\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\avtasks.dat
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\CookieList.dat
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\history.db
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\Logs\update.log
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
C:\Documents and Settings\Lindsey\Application Data\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Lindsey\Application Data\winantiviruspro2007freeinstall[1].exe
C:\Documents and Settings\Lindsey\Application Data\WinTouch
C:\Documents and Settings\Lindsey\Application Data\WinTouch\config.cfg.3b4d3d32c439bd831f679705c9932ef8
C:\Documents and Settings\Lindsey\Application Data\WinTouch\config.cfg.5fa4bceb2373fa630afea59b26fd5061
C:\Documents and Settings\Lindsey\Application Data\WinTouch\config.cfg.6d566a0b94a67930b158b3ae66567729
C:\Documents and Settings\Lindsey\Application Data\WinTouch\config.cfg.7eeee047b99c8498a17dfa2b7a3224ef
C:\Documents and Settings\Lindsey\Application Data\WinTouch\config.cfg.bdbbc01d6baffa0f675554f8182adc58
C:\Documents and Settings\Lindsey\Application Data\WinTouch\wintouch.cfg
C:\Documents and Settings\Lindsey\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Lindsey\Cookies\lindsey@mediatraffic[2].txt
C:\Documents and Settings\Lindsey\err.log
C:\Documents and Settings\Lindsey\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Lindsey\ResErrors.log
C:\Documents and Settings\Lindsey\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\LocalService\Application Data\wsnpoem
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
C:\Documents and Settings\Mark\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\NetworkService\Application Data\wsnpoem
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantivirus pro 2007
C:\Program Files\Common Files\winantivirus pro 2007\err.log
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\web buying
C:\Program Files\winpop
C:\Program Files\winpop\winpop.exe
C:\temp\ 0c2
C:\temp\ 0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\UWA7P
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\blphctv3j0e96g.scr
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\G9
C:\WINDOWS\SYSTEM32\llkkj.bak1
C:\WINDOWS\SYSTEM32\llkkj.bak2
C:\WINDOWS\SYSTEM32\llkkj.ini
C:\WINDOWS\SYSTEM32\llkkj.tmp
C:\WINDOWS\system32\lphctv3j0e96g.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\phctv3j0e96g.bmp
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\WINDOWS\TISKY009.exe
C:\WINDOWS\wr.txt

Lindsey1080,

 

It's not a pain at all. That's how I prefer it to be posted.

 

 

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file:

C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe
* Click Open
* Please let me know the results.

_________________________________________________________________

Open Notepad and copy/paste all of the bolded blue text into the window:

File::

C:\WINDOWS\system32\itgxcor.dll

 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96396318-7F31-4719-9131-87E8666EB4AB}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39c384ac-7c58-48f7-a467-8e6e939702f7}]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next reply, please include the following:

1. The new Combofix log
2. A fresh HijackThis log
3. An update on how the PC is running

Again, you may split the post up into multiple posts so that all the information is posted.

markamus,

 

here is the results from virusscan.jotti.org:

 

  Scan taken on 22 Aug 2008 17:18:53 (GMT)
AntiVir     
Found DR/Delf.PBE.6
ArcaVir     
Found nothing
Avast     
Found Win32:Trojan-gen {Other}
AVG Antivirus     
Found nothing
BitDefender     
Found Trojan.Delf.Inject.Z
ClamAV     
Found nothing
CPsecure     
Found nothing
Dr.Web     
Found Trojan.MulDrop.15020
F-Prot Antivirus     
Found nothing
F-Secure Anti-Virus     
Found nothing
Fortinet     
Found nothing
Ikarus     
Found Trojan.Delf.PBE
Kaspersky Anti-Virus     
Found nothing
NOD32     
Found nothing
Norman Virus Control     
Found W32/Delf.BYDY
Panda Antivirus     
Found Generic
Sophos Antivirus     
Found nothing
VirusBuster     
Found nothing
VBA32     
Found Trojan.MulDrop.15020

Here is the new Combofix log:

 

ComboFix 08-08-21.02 - Brooke 2008-08-22 10:36:16.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.163 [GMT -7:00]
Running from: C:\Documents and Settings\Brooke\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brooke\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\system32\itgxcor.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\interclick.com
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\#SharedObjects\4BB7KP9R\interclick.com\ud.sol
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Brooke\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\itgxcor.dll
C:\WINDOWS\system32\wsnpoem

.
(((((((((((((((((((((((((   Files Created from 2008-07-22 to 2008-08-22  )))))))))))))))))))))))))))))))
.

2008-08-20 04:06 . 2008-04-24 16:52    12,608    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfKbMon.sys
2008-08-20 03:36 . 2008-08-20 03:36         d--------    C:\Program Files\Trend Micro
2008-08-14 12:57 . 2008-05-01 07:30    331,776    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-14 04:02 . 2008-08-22 09:28    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-08-14 04:02 . 2008-08-14 04:02    1,409    --a------    C:\WINDOWS\QTFont.for
2008-08-05 11:42 . 2008-08-15 10:37         d--------    C:\Documents and Settings\Brooke\Application Data\WeatherBug
2008-07-25 21:55 . 2008-07-25 21:56         d--------    C:\Documents and Settings\Mark\Application Data\Key Folder

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 17:06    ---------    d-----w    C:\Documents and Settings\Brooke\Application Data\Key Folder
2008-08-21 02:24    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\Key Folder
2008-08-20 09:15    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\WeatherBug
2008-08-15 03:14    ---------    d-----w    C:\Documents and Settings\Debra\Application Data\Key Folder
2008-07-24 00:53    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\AdobeUM
2008-07-09 05:26    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\HTML Executable
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 05:57    ---------    d-----w    C:\Documents and Settings\Brooke\Application Data\HTML Executable
2008-07-07 05:56    ---------    d-----w    C:\Program Files\Esthetician
2008-06-29 02:28    ---------    d-----w    C:\Program Files\LimeWire
2008-06-24 16:23    74,240    ----a-w    C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23    74,240    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49    18,432    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41    245,248    ----a-w    C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41    245,248    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41    148,992    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44    138,368    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10    272,128    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-04-13 22:09    1,024    ----a-w    C:\Documents and Settings\Lindsey\Application Data\Ex.exe
2008-05-07 04:29    848    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2005-08-05 15:08 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-09-09 18:35 1597440]
"Key"="C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe" [2008-05-04 16:18 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 02:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 02:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52 380928]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [2004-05-21 16:12 64512]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 14:30 290816]
"HostManager"="C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe" [2005-08-02 12:33 159832]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-04-14 10:50 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-04-14 10:50 185456]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 01:44 1836544]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 10:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-17 00:02 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Key"="C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe" [2008-05-04 16:18 229376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-01-12 20:13:29 217088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130183905\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 10:50:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-22 10:58:53
ComboFix-quarantined-files.txt  2008-08-22 17:58:06
ComboFix2.txt  2008-08-20 23:16:45

Pre-Run: 30,288,355,328 bytes free
Post-Run: 30,280,736,768 bytes free

136    --- E O F ---    2008-08-20 21:46:48

My computer is working well, just like it did before the malware.  Thanks so much

 

Here is the new Hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:05 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Key] C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Key] C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.0.20/pool2/pool-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.0.20/freecell2/freecell2-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.0.20/poppit2/poppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.0.20/spider/spider-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turbo22/turbo22-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 13153 bytes

Open Notepad and copy/paste the bolded blue text into the window:

Folder::
C:\Documents and Settings\Mark\Application Data\Key Folder
C:\Documents and Settings\Brooke\Application Data\Key Folder
C:\Documents and Settings\Lindsey\Application Data\Key Folder


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Key"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Key"=-


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

 

 

Run an online virus scan called Kaspersky from HERE.

• 1. At the main page. Press on " Accept". After reading the contents.
  
  2. At the next window Select Update. Allow the Database to update.
  
  Note: If prompted to run or update your Java, then follow the prompts to do so. Kaspersky requires Java to run.
  
  3. Once the Database has finished, under the Scan icon Select My Computer to start the scan. The scan may take a few minutes to complete.
  
  4. Select Scan Report.
  
  5. If any threats were found they will appear in the report
  
  6. Select "Save error report as"
  
  Then in the file name just type in kaspersky
  
  Under "save as type" select text .txt
  
  Save it to your Desktop.

Copy and post the results of the Kaspersky Online scan. If no threats were found then report that as well

 

In your next reply, please include the following:

1. The Kaspersky Online scan
2. A fresh HijackThis log
3. An update on how the PC is running

 

Here is the Kaspersky log:

 

KASPERSKY ONLINE SCANNER 7 REPORT
 Friday, August 22, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Friday, August 22, 2008 18:44:27
 Records in database: 1124860
--------------------------------------------------------------------------------

Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\

Scan statistics:
    Files scanned: 86214
    Threat name: 23
    Infected objects: 42
    Suspicious objects: 0
    Duration of the scan: 02:34:39


File name / Threat name / Threats count
C:\Documents and Settings\Brooke\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-46e9455c    Infected: Exploit.Java.Gimsh.a    1
C:\Documents and Settings\Brooke\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-36e25203.zip    Infected: Exploit.Java.Gimsh.a    1
C:\Documents and Settings\Debra\Application Data\Key Folder\ddd882.dll    Infected: Trojan-Spy.Win32.Pophot.ato    1
C:\Documents and Settings\Debra\Application Data\Key Folder\sql2005.dll    Infected: Backdoor.Win32.Delf.hzf    1
C:\Documents and Settings\Lindsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1ab034e7-3373c3a1.zip    Infected: Exploit.Java.Gimsh.b    1
C:\Documents and Settings\Lindsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-49c4e1e4.zip    Infected: Exploit.Java.Gimsh.a    1
C:\Documents and Settings\Lindsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-7213a68f.zip    Infected: Exploit.Java.Gimsh.b    1
C:\Documents and Settings\Lindsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-700d5770.zip    Infected: Exploit.Java.Gimsh.b    1
C:\Documents and Settings\Lindsey\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-5f9fa1e2.zip    Infected: Exploit.Java.Gimsh.a    1
C:\Documents and Settings\Lindsey\Incomplete\T-3545425-smith 9th ave reggie full.mp3    Infected: Trojan-Downloader.WMA.Wimad.n    1
C:\Documents and Settings\Lindsey\Shared\Louis XIV - Guilt By Association.mp3    Infected: Trojan-Downloader.WMA.Wimad.n    1
C:\Program Files\Common Files\ozmw\ozmwa.exe    Infected: Trojan-Downloader.Win32.TSUpdate.l    1
C:\Program Files\Common Files\ozmw\ozmwp.exe    Infected: Trojan-Downloader.Win32.TSUpdate.f    1
C:\QooBox\Quarantine\C\Documents and Settings\Brooke\Application Data\Key Folder\ddd882.dll.vir    Infected: Trojan-Spy.Win32.Pophot.ato    1
C:\QooBox\Quarantine\C\Documents and Settings\Brooke\Application Data\Key Folder\sql2005.dll.vir    Infected: Backdoor.Win32.Delf.hzf    1
C:\QooBox\Quarantine\C\Documents and Settings\Lindsey\Application Data\Key Folder\ddd882.dll.vir    Infected: Trojan-Spy.Win32.Pophot.ato    1
C:\QooBox\Quarantine\C\Documents and Settings\Lindsey\Application Data\Key Folder\sql2005.dll.vir    Infected: Backdoor.Win32.Delf.hzf    1
C:\QooBox\Quarantine\C\Documents and Settings\Lindsey\Application Data\winantiviruspro2007freeinstall[1].exe.vir    Infected: not-a-virus:Downloader.Win32.WinFixer.o    1
C:\QooBox\Quarantine\C\Documents and Settings\Lindsey\Application Data\WinTouch\WinTouch.exe.vir    Infected: Trojan-Downloader.Win32.Agent.kic    1
C:\QooBox\Quarantine\C\Documents and Settings\Mark\Application Data\Key Folder\ddd882.dll.vir    Infected: Trojan-Spy.Win32.Pophot.ato    1
C:\QooBox\Quarantine\C\Documents and Settings\Mark\Application Data\Key Folder\sql2005.dll.vir    Infected: Backdoor.Win32.Delf.hzf    1
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir    Infected: not-a-virus:Downloader.Win32.WinFixer.t    1
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1122OinAdmin.exe.vir    Infected: Trojan-Downloader.Win32.PurityScan.eh    1
C:\QooBox\Quarantine\C\Program Files\WinPop\winpop.exe.vir    Infected: not-a-virus:AdWare.Win32.Rond.c    1
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir    Infected: Trojan-Downloader.Win32.Small.buy    1
C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir    Infected: not-a-virus:AdWare.Win32.Mostofate.u    1
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir    Infected: not-a-virus:AdWare.Win32.Rond.c    1
C:\QooBox\Quarantine\C\WINDOWS\b128.exe.vir    Infected: Trojan-Downloader.Win32.PurityScan.eh    1
C:\QooBox\Quarantine\C\WINDOWS\b128.exe.vir    Infected: not-a-virus:AdWare.Win32.Mostofate.u    1
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir    Infected: Trojan-Dropper.Win32.Agent.bfr    1
C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir    Infected: not-a-virus:AdWare.Win32.Mostofate.u    1
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe.vir    Infected: not-a-virus:Downloader.Win32.WinFixer.o    1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\a.exe.vir    Infected: Trojan-Downloader.Win32.Small.abni    1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\itgxcor.dll.vir    Infected: not-a-virus:AdWare.Win32.Agent.co    1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lphctv3j0e96g.exe.vir    Infected: Backdoor.Win32.Agent.pjv    1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ntos.exe.vir    Infected: Trojan-Spy.Win32.Zbot.eeb    1
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\WinNB58.dll.vir    Infected: not-a-virus:AdWare.Win32.Mirar.r    1
C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir    Infected: not-a-virus:AdWare.Win32.ZenoSearch.o    1
C:\WINDOWS\SYSTEM32\ohtmreem.exe    Infected: not-a-virus:AdWare.Win32.HotBar.bw    1
C:\WINDOWS\SYSTEM32\pucedsbg.exe    Infected: not-a-virus:AdWare.Win32.180Solutions.ay    3

The selected area was scanned.

markamus,

 

Here is the new combofix log:

 

ComboFix 08-08-21.02 - Brooke 2008-08-22 12:35:13.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.183 [GMT -7:00]
Running from: C:\Documents and Settings\Brooke\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brooke\Desktop\CFScript.txt
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brooke\Application Data\Key Folder
C:\Documents and Settings\Brooke\Application Data\Key Folder\ddd882.dll
C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe
C:\Documents and Settings\Brooke\Application Data\Key Folder\sql2005.dll
C:\Documents and Settings\Lindsey\Application Data\Key Folder
C:\Documents and Settings\Lindsey\Application Data\Key Folder\ddd882.dll
C:\Documents and Settings\Lindsey\Application Data\Key Folder\filewins.exe
C:\Documents and Settings\Lindsey\Application Data\Key Folder\sql2005.dll
C:\Documents and Settings\Mark\Application Data\Key Folder
C:\Documents and Settings\Mark\Application Data\Key Folder\ddd882.dll
C:\Documents and Settings\Mark\Application Data\Key Folder\filewins.exe
C:\Documents and Settings\Mark\Application Data\Key Folder\sql2005.dll

.
(((((((((((((((((((((((((   Files Created from 2008-07-22 to 2008-08-22  )))))))))))))))))))))))))))))))
.

2008-08-22 12:48 . 2008-08-22 12:48         d--------    C:\Documents and Settings\Brooke\Application Data\Key Folder
2008-08-20 04:06 . 2008-04-24 16:52    12,608    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfKbMon.sys
2008-08-20 03:36 . 2008-08-20 03:36         d--------    C:\Program Files\Trend Micro
2008-08-14 12:57 . 2008-05-01 07:30    331,776    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-14 04:02 . 2008-08-22 12:53    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-08-14 04:02 . 2008-08-14 04:02    1,409    --a------    C:\WINDOWS\QTFont.for
2008-08-05 11:42 . 2008-08-15 10:37         d--------    C:\Documents and Settings\Brooke\Application Data\WeatherBug

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 09:15    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\WeatherBug
2008-08-15 03:14    ---------    d-----w    C:\Documents and Settings\Debra\Application Data\Key Folder
2008-07-24 00:53    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\AdobeUM
2008-07-09 05:26    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\HTML Executable
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 05:57    ---------    d-----w    C:\Documents and Settings\Brooke\Application Data\HTML Executable
2008-07-07 05:56    ---------    d-----w    C:\Program Files\Esthetician
2008-06-29 02:28    ---------    d-----w    C:\Program Files\LimeWire
2008-06-24 16:23    74,240    ----a-w    C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23    74,240    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49    18,432    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41    245,248    ----a-w    C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41    245,248    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41    148,992    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44    138,368    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10    272,128    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-04-13 22:09    1,024    ----a-w    C:\Documents and Settings\Lindsey\Application Data\Ex.exe
2008-05-07 04:29    848    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2005-08-05 15:08 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-09-09 18:35 1597440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 02:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 02:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52 380928]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [2004-05-21 16:12 64512]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 14:30 290816]
"HostManager"="C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe" [2005-08-02 12:33 159832]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-04-14 10:50 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-04-14 10:50 185456]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 01:44 1836544]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 10:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-17 00:02 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]

C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-01-12 20:13:29 217088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130183905\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 12:55:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\msi.dll
-> ?:\WINDOWS\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\iSafe.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2008-08-22 13:07:02 - machine was rebooted
ComboFix-quarantined-files.txt  2008-08-22 20:05:49
ComboFix2.txt  2008-08-22 17:58:59
ComboFix3.txt  2008-08-20 23:16:45

Pre-Run: 30,249,349,120 bytes free
Post-Run: 30,237,790,208 bytes free

161    --- E O F ---    2008-08-20 21:46:48

PC is running well, here is the new hijackthis log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:29 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.0.20/pool2/pool-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.0.20/freecell2/freecell2-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.0.20/poppit2/poppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.0.20/spider/spider-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turbo22/turbo22-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 12919 bytes

Clear your Java cache

• Close your Internet browser application.
• Click Start > Control Panel > Java Control Panel
• Under General > Temporary Internet Files, click the Delete Files button. The Delete Temporary Files dialog box will appear. Check all three options and click Ok.
• Click Ok on the Java Control Panel.

Note: If you are using Firefox as your internet browser, your PrivateData must also be cleared. After clearing the Java cache, open your Firefox browser then go to Tools > Clear Private Data. Uncheck all items except for Cache, then click the Clear Private Data Now button. Close your browser then restart it again.
-------------------------------------

Open Notepad and copy/paste the bolded blue text into the window:

Folder::
C:\Documents and Settings\Debra\Application Data\Key Folder
C:\Program Files\Common Files\ozmw


File::
C:\Documents and Settings\Lindsey\Incomplete\T-3545425-smith 9th ave reggie full.mp3
C:\Documents and Settings\Lindsey\Shared\Louis XIV - Guilt By Association.mp3

C:\WINDOWS\SYSTEM32\ohtmreem.exe
C:\WINDOWS\SYSTEM32\pucedsbg.exe




Save it to your desktop as CFScript.txt

Refering to the picture below, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

In your next reply, please include a fresh HijackThis log along with the Combofix log and an update on how the PC is running. 

PC is running well.  Here is the new combofix log:

 

ComboFix 08-08-23.03 - Brooke 2008-08-24 14:49:40.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.121 [GMT -7:00]
Running from: C:\Documents and Settings\Brooke\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brooke\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\Documents and Settings\Lindsey\Incomplete\T-3545425-smith 9th ave reggie full.mp3
C:\Documents and Settings\Lindsey\Shared\Louis XIV - Guilt By Association.mp3
C:\WINDOWS\SYSTEM32\ohtmreem.exe
C:\WINDOWS\SYSTEM32\pucedsbg.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Debra\Application Data\Key Folder
C:\Documents and Settings\Debra\Application Data\Key Folder\ddd882.dll
C:\Documents and Settings\Debra\Application Data\Key Folder\filewins.exe
C:\Documents and Settings\Debra\Application Data\Key Folder\sql2005.dll
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\#SharedObjects\F45YSVKW\interclick.com
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\#SharedObjects\F45YSVKW\interclick.com\ud.sol
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Debra\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Lindsey\Incomplete\T-3545425-smith 9th ave reggie full.mp3
C:\Documents and Settings\Lindsey\Shared\Louis XIV - Guilt By Association.mp3
C:\Program Files\Common Files\ozmw
C:\Program Files\Common Files\ozmw\ozmwa.exe
C:\Program Files\Common Files\ozmw\ozmwd\class-barrel
C:\Program Files\Common Files\ozmw\ozmwd\ozmwc.dll
C:\Program Files\Common Files\ozmw\ozmwd\vocabulary
C:\Program Files\Common Files\ozmw\ozmwp.exe
C:\WINDOWS\SYSTEM32\ohtmreem.exe
C:\WINDOWS\SYSTEM32\pucedsbg.exe

.
(((((((((((((((((((((((((   Files Created from 2008-07-24 to 2008-08-24  )))))))))))))))))))))))))))))))
.

2008-08-23 15:27 . 2008-08-24 11:01         d--------    C:\Documents and Settings\Lindsey\Application Data\Key Folder
2008-08-22 13:43 . 2008-06-10 02:32    73,728    --a------    C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-08-22 12:48 . 2008-08-24 14:20         d--------    C:\Documents and Settings\Brooke\Application Data\Key Folder
2008-08-20 04:06 . 2008-04-24 16:52    12,608    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\TfKbMon.sys
2008-08-20 03:36 . 2008-08-20 03:36         d--------    C:\Program Files\Trend Micro
2008-08-14 12:57 . 2008-05-01 07:30    331,776    ---------    C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-14 04:02 . 2008-08-24 14:19    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-08-14 04:02 . 2008-08-14 04:02    1,409    --a------    C:\WINDOWS\QTFont.for
2008-08-05 11:42 . 2008-08-15 10:37         d--------    C:\Documents and Settings\Brooke\Application Data\WeatherBug

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 20:43    ---------    d-----w    C:\Program Files\Java
2008-08-20 09:15    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\WeatherBug
2008-07-24 00:53    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\AdobeUM
2008-07-09 05:26    ---------    d-----w    C:\Documents and Settings\Lindsey\Application Data\HTML Executable
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32    253,952    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-07 05:57    ---------    d-----w    C:\Documents and Settings\Brooke\Application Data\HTML Executable
2008-07-07 05:56    ---------    d-----w    C:\Program Files\Esthetician
2008-06-29 02:28    ---------    d-----w    C:\Program Files\LimeWire
2008-06-24 16:23    74,240    ----a-w    C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23    74,240    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:49    18,432    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2008-06-20 17:41    245,248    ----a-w    C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41    245,248    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41    148,992    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44    138,368    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 13:10    272,128    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-04-13 22:09    1,024    ----a-w    C:\Documents and Settings\Lindsey\Application Data\Ex.exe
2008-05-07 04:29    848    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-08-20_16.14.17.98   )))))))))))))))))))))))))))))))))))))))))
.
- 2005-04-13 09:19:56    49,248    ----a-w    C:\WINDOWS\SYSTEM32\java.exe
+ 2008-06-10 08:21:01    135,168    ----a-w    C:\WINDOWS\SYSTEM32\java.exe
- 2005-04-13 09:20:04    49,250    ----a-w    C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-06-10 08:21:04    135,168    ----a-w    C:\WINDOWS\SYSTEM32\javaw.exe
- 2005-04-13 10:48:54    127,078    ----a-w    C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-06-10 09:32:34    139,264    ----a-w    C:\WINDOWS\SYSTEM32\javaws.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2005-08-05 15:08 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2004-09-09 18:35 1597440]
"Key"="C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe" [2008-05-04 16:18 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 12:33 1388544]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 15:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 00:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 00:05 122939]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 02:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 02:52 122880]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 05:52 380928]
"WildTangent CDA"="C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll" [2004-05-21 16:12 64512]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 14:30 290816]
"HostManager"="C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe" [2005-08-02 12:33 159832]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43 407032]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2006-04-14 10:50 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2006-04-14 10:50 185456]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 01:44 1836544]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [2005-05-25 10:35 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-17 00:02 185896]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"Key"="C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe" [2008-05-04 16:18 229376]

C:\Documents and Settings\Debra\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-01-12 20:13:29 217088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Common Files\\AOL\\1130183905\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 15:03:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-24 15:11:16
ComboFix-quarantined-files.txt  2008-08-24 22:10:32
ComboFix2.txt  2008-08-22 20:07:07
ComboFix3.txt  2008-08-22 17:58:59
ComboFix4.txt  2008-08-20 23:16:45

Pre-Run: 29,695,598,592 bytes free
Post-Run: 29,939,494,912 bytes free

162    --- E O F ---    2008-08-20 21:46:48

Here is the new hijackthis log:

 

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:43 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\AOL\1130183905\ee\AOLServiceHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.aol.com/_ads/adsPopup2.htm?0
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130183905\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Key] C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Key] C:\Documents and Settings\Brooke\Application Data\Key Folder\filewins.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-8.0.0.20/pool2/pool-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.0.20/freecell2/freecell2-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-8.0.0.20/poppit2/poppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.0.20/spider/spider-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-8.0.0.20/turbo22/turbo22-en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 13333 bytes

Still a few things to do.

Open Notepad and copy/paste the bolded blue text into the window:

Folder::
C:\Documents and Settings\Brooke\Application Data\Key Folder
C:\Documents and Settings\Debra\Application Data\Key Folder


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

Please post back with the new Combofix log.