go.google virus issues

First of all,

Pls try running Combo Fix in Safe Mode.

Then see what happens.

Then download the latest Hijackthis from here, and run a scan and post the log.

Thanks,

Cohen

ComboFix 08-12-18.01 - Administrator 2008-12-19 1:18:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254.8 [GMT -5:00]
Running from: c:\temp\combifix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\My Documents\My Documents.url
c:\documents and settings\Administrator\My Documents\My Music\My Music.url
c:\documents and settings\Administrator\My Documents\My Pictures\My Pictures.url
c:\documents and settings\Administrator\My Documents\My Videos\My Video.url
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll
c:\documents and settings\All Users\Application Data\svhost.exe
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\drivers\TDSSpcuu.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSlmjf.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSocum.dll
c:\windows\system32\TDSSqahc.dll
c:\windows\system32\TDSSqrwn.log
c:\windows\system32\TDSSshkx.log
c:\windows\system32\TDSSurxb.dll
c:\windows\system32\TDSSwgqt.dat
c:\windows\system32\TDSSxekj.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\vmreg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-19 01:07 . 2008-12-19 01:09 2,885,135 -ra------ c:\temp\combifix.exe
2008-12-19 01:06 . 2008-12-19 01:06 3,029,915 --a------ c:\temp\combifix.zip
2008-12-19 00:39 . 2008-12-19 00:39 <DIR> d-------- c:\temp\cfix
2008-12-19 00:38 . 2008-12-19 00:38 273,752 --a------ c:\temp\cfix.zip
2008-12-18 22:35 . 2008-12-18 22:35 <DIR> d-------- C:\sUBs
2008-12-18 22:25 . 2008-12-18 22:46 <DIR> d-------- c:\temp\crazy
2008-12-18 22:23 . 2008-12-18 22:23 <DIR> d-------- c:\temp\crazy123
2008-12-18 22:22 . 2008-12-18 22:22 <DIR> d-------- c:\program files\temp
2008-12-18 22:22 . 2008-12-18 22:22 2,539,400 --a------ c:\temp\crazy123.exe
2008-12-18 21:55 . 2008-12-18 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 21:55 . 2008-12-18 21:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-18 21:55 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-18 21:55 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-18 21:44 . 2008-12-18 22:35 0 --a------ C:\~
2008-12-18 21:42 . 2008-12-18 22:35 <DIR> d-------- c:\temp\crzyness.exe
2008-12-18 21:41 . 2008-12-18 21:41 273,752 --a------ c:\temp\crazyness.zip
2008-12-18 20:00 . 2008-12-18 20:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2008-12-18 19:58 . 2008-12-18 19:58 <DIR> d-------- c:\program files\Lavasoft
2008-12-18 19:58 . 2008-12-18 19:58 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-18 18:13 . 2008-12-18 18:13 <DIR> d-------- c:\program files\Hitman Pro 3
2008-12-18 18:13 . 2008-12-18 18:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hitman Pro 3
2008-12-18 18:13 . 2008-12-18 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hitman Pro
2008-12-18 17:30 . 2008-09-08 22:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 06:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-19 06:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-19 03:38 --------- d-----w c:\program files\MegaMud
2008-12-19 02:31 --------- d-----w c:\program files\MMUD Explorer
2008-12-18 22:14 --------- d-----w c:\program files\Google
2008-12-15 21:08 --------- d-----w c:\program files\mIRC
2008-11-14 00:45 --------- d-----w c:\program files\BabasChess
2008-11-08 03:38 --------- d-----w c:\program files\4t Tray Minimizer
2008-10-25 12:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-20 16:44 36,864 ----a-w c:\documents and settings\Administrator\timeseal.exe
2008-03-05 20:20 557,056 ----a-w c:\documents and settings\Administrator\GoToAssist_phone__317_en.exe
2008-02-12 17:52 69,416 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-08-03 14:19 92,064 -c--a-w c:\documents and settings\Administrator\mqdmmdm.sys
2007-08-03 14:19 9,232 -c--a-w c:\documents and settings\Administrator\mqdmmdfl.sys
2007-08-03 14:19 79,328 -c--a-w c:\documents and settings\Administrator\mqdmserd.sys
2007-08-03 14:19 66,656 -c--a-w c:\documents and settings\Administrator\mqdmbus.sys
2007-08-03 14:19 6,208 -c--a-w c:\documents and settings\Administrator\mqdmcmnt.sys
2007-08-03 14:19 5,936 -c--a-w c:\documents and settings\Administrator\mqdmwhnt.sys
2007-08-03 14:19 4,048 -c--a-w c:\documents and settings\Administrator\mqdmcr.sys
2007-08-03 14:19 25,600 -c--a-w c:\documents and settings\Administrator\usbsermptxp.sys
2007-08-03 14:19 22,768 -c--a-w c:\documents and settings\Administrator\usbsermpt.sys
2006-02-09 13:32 20,921,040 -c--a-w c:\program files\AdbeRdr705_enu_full.exe
2006-02-09 10:59 494,704 -c--a-w c:\program files\ytb02_efgsip.exe
2006-02-09 10:55 6,811,904 -c--a-w c:\program files\psa2011se_us.exe
2004-11-28 19:22 600,281 -c--a-w c:\program files\stickies.exe
2004-06-19 14:10 1,613 -c--a-w c:\program files\uninstal.log
2003-06-06 23:36 727,020 -c--a-w c:\program files\iodrv-w2kxp-x86-403.exe
2003-06-06 23:04 8,616,972 -c--a-w c:\program files\ioware-w32-x86-402.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - c:\program files\4t Tray Minimizer\4t-min.exe [2008-11-07 1091584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-11-17 23:11 118784 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
--a------ 2002-08-13 13:30 86016 c:\program files\Iomega\DriveIcons\Imgicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2003-06-04 14:18 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2004-02-22 22:44 32881 c:\program files\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\User Space Manager]
--a--c--- 2001-03-14 12:49 20563 c:\program files\Intel\LDCM\BIN\USM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 CiSmBios;CiSmBios;c:\windows\system32\drivers\CiSmBios.sys [2003-06-04 13656]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-13 99376]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys []
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys []
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-08-03 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-08-03 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-08-03 21504]
S3 PCDRDRV;Pcdr CPU Helper Driver;c:\windows\system32\drivers\PCDRDRV.sys []

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-12-16 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 20:19]

2008-12-18 c:\windows\Tasks\User_Feed_Synchronization-{B137FE7E-DE0C-44E8-88FE-0C57A60D5063}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{96EBBE6A-2864-4345-B32B-26EE9BE524B5} - (no file)
WebBrowser-{5BED3930-2E9E-76D8-BACC-80DF2188D455} - (no file)
WebBrowser-{144A6B24-0EBC-4D89-BF09-A06A718E57B5} - (no file)
MSConfigStartUp-ADUserMon - c:\program files\Iomega\AutoDisk\ADUserMon.exe
MSConfigStartUp-NBJ - c:\program files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-Propel Accelerator - c:\program files\EarthLink TotalAccess\Accelerator\PropelAC.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.verizon.net/central/vzc.portal
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\vzTCPConfig.dll - O16 -: vzTCPConfig
hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
c:\windows\Downloaded Program Files\OSD22.OSD

c:\windows\system32\BSTIEPrintCtl1.dll - O16 -: {A7EA8AD2-287F-11D3-B120-006008C39542}
hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
c:\windows\Downloaded Program Files\default.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 01:27:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpcuu.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2008-12-19 1:30:38
ComboFix-quarantined-files.txt 2008-12-19 06:29:36

Pre-Run: 12,451,921,920 bytes free
Post-Run: 12,543,066,112 bytes free

208 --- E O F --- 2008-12-18 06:17:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:39:11, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\LDCM\bin\ssm.exe
C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
C:\PROGRA~1\Intel\LDCM\CI\CIMGR\CIMGR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MegaMud\megamud.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119718352375
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1119718227625
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel CI Manager - Intel Corporation - C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TMA Distribution - Unknown owner - C:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: win32sl - Smart Technology Enablers - C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE

--
End of file - 7358 bytes

Not sure if I should post this as I'm sure every situation can be different, but for anyone with similar issues of being blocked when trying to get either program, this link I found in another thread worked to get Combofix running. (had to rename it Combifix).

http://www.mediafire.com/?itn0bt0uult

There is an edit button provided so that you do not have to make new posts :).
It will be at the bottom of each of your posts.
I have merged some of them for you.

Also, move combofix out of the temp folder and place it on the desktop. If the temp files go, so does combofix.

Alright,

Can you pls do the following:

Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Then Run Hijackthis, scan, and post the fresh, new log.

Thanks,

Cohen

Malwarebytes' Anti-Malware 1.31
Database version: 1519
Windows 5.1.2600 Service Pack 3

12/19/2008 11:06:30 AM
mbam-log-2008-12-19 (11-06-13).txt

Scan type: Full Scan (C:\|)
Objects scanned: 155418
Time elapsed: 1 hour(s), 20 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\w123.w123mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\w123.w123mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95325092-62fc-473b-b32a-ae613278855b} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0dcd4f35-9fd5-420b-a9aa-fed0e2aecee0} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1840180-aec2-4583-aa54-cd93d51c37fe} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\mIRC\mirc.exe (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSlmjf.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSktkl.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSocum.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSurxb.dll.vir (Trojan.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpcuu.sys.vir (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP961\A0204339.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP961\A0204341.exe (Rogue.VirusHeat) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP963\A0204354.dll (Adware.Coupons) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP967\A0204611.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP1035\A0221367.sys (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP1035\A0221368.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP1035\A0221369.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP1035\A0221370.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{5957536B-FE28-46E3-81A5-DE8A72C7D3BF}\RP1035\A0221371.dll (Trojan.TDSS) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\xrrrdvipdr.dll (Trojan.FakeAlert) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:45, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\LDCM\bin\IIDS.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\LDCM\bin\ssm.exe
C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
C:\PROGRA~1\Intel\LDCM\CI\CIMGR\CIMGR.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\WINDOWS\system32\wuauclt.exe
C:\temp\crazy\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MegaMud\megamud.exe
C:\Program Files\MegaMud\megamud.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/central/vzc.portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119718352375
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1119718227625
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec Eraser Service (EraserSvc10823) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel CI Manager - Intel Corporation - C:\Program Files\Intel\LDCM\ci\cimgr\CiMgrLdr.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel IIDS - Intel Corporation - C:\Program Files\Intel\LDCM\bin\IIDS.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel SSM - Intel Corporation - C:\Program Files\Intel\LDCM\bin\ssm.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TMA Distribution - Unknown owner - C:\WINDOWS\system32\cba\lcfinst.exe
O23 - Service: win32sl - Smart Technology Enablers - C:\Program Files\Intel\DMI\BIN\WIN32SL.EXE

--
End of file - 7471 bytes

in your MBA-M log, there was no action taken with the files.

Pls read my instructions above, very carefully!

Then post back with the MBA-M log as well as a new HJT log.

Thanks,

Cohen