0

As soon as I start my laptop, the system tries to send 10s of 100s of e-mail messages with various subjects. Symantec seems to detect this and stops sending them. But it opens up a lot of pop-ups non-stop which prevents me from opening any application. (Including Norton protection center).
Any help is greatly appreciated!

3
Contributors
8
Replies
9
Views
8 Years
Discussion Span
Last Post by jholland1964
0

Have you tried booting into Safe Mode? You should be able to run your anti-virus/malware software from there. If you can download MalwareBytes Anti-Malware, run it and post the results here, someone should be able to see what's going on.

0

Have you tried booting into Safe Mode? You should be able to run your anti-virus/malware software from there. If you can download MalwareBytes Anti-Malware, run it and post the results here, someone should be able to see what's going on.

A very good idea. Also, do not connect to the internet when running the scan. If needed, disconnect or turn off the modem so that it cannot get online while doing the scan.
Judy

0

Thanks.
I downloaded Malware bytes (Anti-Malware) from cnet [http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button]. It found the following files as affected and quarantined them. The symantec pop-up message has stopped now :-). However, the machine is still very slow. (The CPU constantly peaks to 100% even though no activity). Also I am not able to access flash drive through USB port. (which was working fine before the virus attack).

List of files found by malware bytes. (I am guessing this is what asked me to post)

Malwarebytes' Anti-Malware 1.36
Database version: 1983
Windows 5.1.2600 Service Pack 2

4/14/2009 8:50:59 PM
mbam-log-2009-04-14 (20-50-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 146547
Time elapsed: 38 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 6
Registry Keys Infected: 58
Registry Values Infected: 20
Registry Data Items Infected: 10
Folders Infected: 5
Files Infected: 63

Memory Processes Infected:
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\yopareza.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pajazeba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\wiqlusv.dll (Trojan.Vundo.V) -> Delete on reboot.
C:\WINDOWS\system32\hsf73ikmdf3f.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ds43g4nfjkn93.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed876cfd-2cca-4841-a073-c333415279a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ed876cfd-2cca-4841-a073-c333415279a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a0-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a0-94f3-42bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a0-94f3-42bd-f434-3604812c8955} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b0f8bcab-09bf-4103-9d46-ad55988990e1} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{243361a8-3697-4811-a74b-1be379caa00e} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e46c1720-2b1b-429b-8600-a96a39f981bb} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevancetext.linker.1 (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d25f921-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\irumyow (Trojan.Kobcka) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\irumyow (Trojan.Kobcka) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\irumyow (Trojan.Kobcka) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\at1394 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7d9de199-e689-4e3e-a9b7-e0b5df29b6bc} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d9de199-e689-4e3e-a9b7-e0b5df29b6bc} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed876cfd-2cca-4841-a073-c333415279a8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afisicx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\restore (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sopidkc (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fci (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdctxte (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\784760a2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tikelalulo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7b74533e (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2ba40a2-74f3-42bd-f434-2604812c8954} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a0-94f3-42bd-f434-3604812c8955} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Virus.Virut) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Virus.Virut) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Virus.Virut) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\knoqaj (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: wiqlusv.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yopareza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yopareza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pajazeba.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yohohela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alehohoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ratijipe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\pajazeba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kesibahi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\wiqlusv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hsf73ikmdf3f.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\ds43g4nfjkn93.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\yopareza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\kpss\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\reader_s.exe (Virus.Virut) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvtl.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\jurj.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\i386\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Program Files\ypsnu.dll (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Dialer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\at1394.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdfvie.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rofefuzi.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vimopihu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN3.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN6.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN9.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BNE.tmp (Trojan.Kobcka) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRTF.tmp (Trojan.Refpron) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.ex_ (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\egovapon.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3361\SVCHOST.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\fkajlvl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ovmhmkie.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afisicx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpszxyd.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\w.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\putevama.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wunufaku.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\winlognn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\kpss\Local Settings\Temp\1689025358.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdctxte.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

0

Thanks for your help.
Here is the output from HijackThis:
**********************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:51 PM, on 4/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN7.tmp
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\kpss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\kpss\reader_s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\downloads\HiJackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: C:\WINDOWS\system32\yaubfh983ind.dll - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\kpss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [] C:\WINDOWS\TEMP\ao6wjb1jx.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\kpss\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [tikelalulo] Rundll32.exe "C:\WINDOWS\system32\ratijipe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [tikelalulo] Rundll32.exe "C:\WINDOWS\system32\ratijipe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\i5rtw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\i5rtw.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\kpss\reader_s.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\i5rtw.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.viduthalai.com/wfplayer/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://remote.schwab.com/svordp/,DanaInfo=terminal.schwab.com+msrdp.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://remote.schwab.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - AppInit_DLLs: ,
O22 - SharedTaskScheduler: as3iur98wajkef3wgf3 - {A5AF42A3-94F3-42BD-F634-0604832C897D} - C:\WINDOWS\system32\yaubfh983ind.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14916 bytes

0

More remaining:
download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.

0

I was not able to run ComboFix in normal mode. I was getting different error messages. For what it is worth, I did it in Safe mode and attached it. Please see if this provides any useful information. Thanks a lot for your help!.

******************************

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kpss\reader_s.exe
c:\windows\system32\IPHACTION.dll
c:\windows\system32\IpSvchostF.dll
c:\windows\system32\ntos.exe
c:\windows\system32\reader_s.exe
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\audio.dll.cla
c:\windows\system32\wsnpoem\video.dll
c:\windows\temp\2026485604.exe
c:\windows\temp\2407423104.exe
c:\windows\temp\2408673104.exe

c:\windows\system32\userinit.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Service_protect
-------\Service_restore


((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 02:53 . 2009-04-17 02:53 10464 ----a-w c:\windows\system32\drivers\sfc.sys
2009-04-17 02:52 . 2009-04-17 02:52 64574 ----a-w c:\windows\system32\12.tmp
2009-04-17 02:52 . 2009-04-17 02:52 168 ----a-w c:\windows\system32\11.tmp
2009-04-17 02:50 . 2009-04-17 02:50 0 ------w c:\windows\system32\IpSvchostF.dll
2009-04-17 02:21 . 2009-04-17 02:22 71680 ----a-w c:\windows\system32\F.tmp
2009-04-17 02:21 . 2009-04-17 02:21 168 ----a-w c:\windows\system32\E.tmp
2009-04-17 00:39 . 2009-04-17 00:39 66560 ----a-w c:\windows\system32\gcc.exe
2009-04-17 00:39 . 2009-04-17 00:39 19420 ----a-w c:\windows\system32\2F.tmp
2009-04-17 00:39 . 2009-04-17 00:39 46080 ----a-w c:\windows\system32\2E.tmp
2009-04-17 00:38 . 2009-04-17 00:39 71680 ----a-w c:\windows\system32\25.tmp
2009-04-17 00:38 . 2009-04-17 00:38 168 ----a-w c:\windows\system32\24.tmp
2009-04-17 00:38 . 2009-04-17 00:38 15000 ----a-w c:\windows\system32\jh9fgo4ksdgf.dll
2009-04-17 00:38 . 2009-04-17 00:38 57344 ----a-w c:\windows\system32\ak1.exe
2009-04-17 00:15 . 2009-04-17 00:16 19420 ----a-w c:\windows\system32\23.tmp
2009-04-17 00:15 . 2009-04-17 00:15 66560 ----a-w c:\windows\system32\makehm.exe
2009-04-17 00:15 . 2009-04-17 00:15 46080 ----a-w c:\windows\system32\21.tmp
2009-04-17 00:14 . 2009-04-17 08:31 36864 ----a-w c:\windows\system32\dpcxool64.sys
2009-04-17 00:14 . 2009-04-17 00:15 71680 ----a-w c:\windows\system32\19.tmp
2009-04-17 00:13 . 2009-04-17 00:14 168 ----a-w c:\windows\system32\16.tmp
2009-04-15 22:42 . 2009-04-15 22:42 38 ----a-w C:\13.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\12.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\11.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\F.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\10.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\E.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\D.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\C.tmp
2009-04-15 22:42 . 2009-04-15 22:42 0 ----a-w C:\B.tmp
2009-04-15 22:42 . 2009-04-15 22:42 38 ----a-w C:\A.tmp
2009-04-15 22:42 . 2009-04-15 22:42 63488 ----a-w C:\8.tmp
2009-04-15 22:42 . 2009-04-15 22:42 15000 ----a-w c:\windows\system32\yaubfh983ind.dll
2009-04-15 01:44 . 2009-04-15 01:44 80 ----a-w c:\windows\system32\D.tmp
2009-04-15 01:41 . 2009-04-15 01:42 80 ----a-w c:\windows\system32\C.tmp
2009-04-15 01:30 . 2009-04-15 01:30 0 ----a-w c:\windows\system32\2.tmp
2009-04-15 01:28 . 2009-04-15 01:28 80 ----a-w c:\windows\system32\B.tmp
2009-04-15 00:09 . 2009-04-15 00:09 -------- d-----w c:\documents and settings\kpss\Application Data\Malwarebytes
2009-04-15 00:09 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 00:09 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 00:09 . 2009-04-15 00:09 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-14 23:46 . 2009-04-14 23:46 19420 ----a-w c:\windows\system32\13.tmp
2009-04-14 23:46 . 2009-04-14 23:46 80 ----a-w c:\windows\system32\10.tmp
2009-04-14 23:45 . 2009-04-17 00:13 15000 ----a-w c:\windows\system32\zfgh83jg3.dll
2009-04-14 00:25 . 2009-04-17 00:12 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-14 00:21 . 2009-04-14 00:21 74240 ----a-w c:\windows\system32\zlib.dll
2009-04-13 23:23 . 2009-04-13 23:23 64000 ----a-w c:\windows\system32\Winset20.exe
2009-04-13 00:13 . 2009-04-14 23:47 61440 ----a-w c:\windows\system32\tcpd.exe
2009-04-13 00:13 . 2009-04-13 00:13 20992 ----a-w c:\windows\system32\AUTMGR.EXE
2009-04-13 00:13 . 2009-04-13 00:13 984576 ----a-w c:\windows\system32\kernel32_check.dll
2009-04-13 00:12 . 2009-04-14 23:46 10240 ----a-w c:\windows\system32\Packer.dll
2009-04-13 00:12 . 2009-04-13 00:12 172032 ----a-w c:\windows\system32\tcpcon.dll
2009-04-13 00:12 . 2009-04-17 00:14 -------- d-----w c:\windows\system32\3361
2009-04-13 00:12 . 2009-04-13 00:12 108336 ----a-w c:\windows\system32\MSWINSCK.OCX
2009-04-13 00:12 . 2009-04-17 01:45 -------- d-----w c:\windows\dhcp
2009-04-13 00:03 . 2009-04-10 19:00 21704 ----a-w c:\windows\system32\kk.exe
2009-04-12 17:08 . 2009-04-17 02:53 16 ----a-w c:\windows\Qliqej.bin
2009-04-12 17:08 . 2009-04-12 17:08 -------- d-----w c:\documents and settings\kpss\Local Settings\Application Data\{1FC2D9E9-353A-445B-8503-8B223C8916AF}
2009-04-12 17:08 . 2009-04-14 00:20 1420 ----a-w c:\windows\Nmanesidacibis.dat
2009-04-12 15:14 . 2009-04-12 08:06 230912 ----a-w c:\windows\system32\w.ex_
2009-04-12 15:14 . 2009-04-10 19:00 21704 ----a-w c:\windows\system32\kk.ex_
2009-04-12 15:13 . 2009-04-12 15:13 213376 ----a-w c:\windows\system32\dllcache\ndis.sys
2009-04-12 15:13 . 2009-04-12 15:13 2 ----a-w C:\2017943565
2009-04-12 15:12 . 2009-04-12 15:12 174080 ----a-w C:\xnfd.exe
2009-04-02 16:00 . 2009-04-10 15:28 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-02 16:00 . 2009-04-02 16:00 1409 ----a-w c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 02:53 . 2009-04-17 02:53 36352 ----a-w c:\windows\system32\reader_s.exe
2009-04-17 02:53 . 2009-04-17 02:53 18944 ---ha-w c:\windows\system32\drivers\protect.sys
2009-04-17 02:53 . 2009-04-17 02:53 66560 ----a-w c:\windows\system32\codeblocks.exe
2009-04-17 02:53 . 2009-04-17 02:53 68096 ----a-w c:\windows\services.exe
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\21.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\20.tmp
2009-04-17 02:23 . 2009-04-17 02:23 38 ----a-w C:\1D.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\1F.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\1E.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\1C.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\1B.tmp
2009-04-17 02:23 . 2009-04-17 02:23 38 ----a-w C:\18.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\1A.tmp
2009-04-17 02:23 . 2009-04-17 02:23 0 ----a-w C:\19.tmp
2009-04-17 02:23 . 2009-04-17 02:22 52736 ----a-w C:\16.tmp
2009-04-17 00:13 . 2009-04-17 00:12 -------- d-sh--r c:\program files\ThunMail
2009-04-17 00:12 . 2009-04-17 00:12 262 ----a-w C:\gadhq2g.log
2009-04-15 01:43 . 2005-06-10 03:27 90112 ----a-w c:\windows\DUMP8339.tmp
2009-04-15 01:32 . 2009-04-15 00:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 00:25 . 2007-04-21 22:14 -------- d-----w c:\program files\Google
2009-04-14 00:19 . 2005-12-24 23:33 -------- d-----w c:\documents and settings\kpss\Application Data\OpenOffice.org2
2009-04-13 23:19 . 2009-01-13 23:19 83456 --sha-w c:\windows\system32\yirotiko.exe
2009-04-13 03:13 . 2009-01-13 03:13 82432 --sha-w c:\windows\system32\zarubeve.exe
2009-04-13 03:13 . 2009-01-13 03:13 109056 --sha-w c:\windows\system32\lemilisa.dll
2009-04-12 15:13 . 2004-08-10 17:51 213376 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-12 15:12 . 2004-08-10 17:51 33792 ----a-w c:\windows\system32\svchost.exe
2009-04-12 15:12 . 2009-01-12 15:11 108544 --sha-w c:\windows\system32\loyuvejo.dll
2009-04-12 15:11 . 2009-01-12 15:11 101888 --sha-w c:\windows\system32\juvoguru.dll
2009-04-12 15:11 . 2009-01-12 15:11 64000 --sha-w c:\windows\system32\fufoyevo.exe
2009-04-12 03:11 . 2009-01-12 03:11 82432 --sha-w c:\windows\system32\jezemimu.exe
2009-04-07 18:56 . 2005-06-10 04:02 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-07 01:27 . 2007-04-19 02:52 -------- d--h--w c:\documents and settings\kpss\Application Data\Move Networks
2009-03-23 16:00 . 2006-04-02 23:30 -------- d-----w c:\program files\Norton SystemWorks
2009-02-09 10:19 . 2007-03-08 13:47 1846272 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:19 . 2004-08-10 17:51 1846272 ----a-w c:\windows\system32\win32k.sys
2008-10-06 16:00 . 2005-07-31 14:06 99272 ----a-w c:\documents and settings\kpss\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-14 12:05 . 2006-05-14 12:05 130 ----a-w c:\documents and settings\kpss\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-17_01.57.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-17 02:54 . 2009-04-17 02:54 16384 c:\windows\temp\Perflib_Perfdata_4d28.dat
+ 2009-04-17 02:53 . 2009-04-17 02:53 17376 c:\windows\system32\drivers\rjg9881.sys
- 2005-06-14 23:22 . 2009-04-17 01:51 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-14 23:22 . 2009-04-17 02:50 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-17 00:16 . 2009-04-17 00:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041620090417\index.dat
+ 2009-04-17 00:16 . 2009-04-17 02:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009041620090417\index.dat
- 2005-06-14 23:22 . 2009-04-17 01:51 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-06-14 23:22 . 2009-04-17 02:50 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-04-17 00:17 . 2009-04-17 02:37 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2009-04-17 00:17 . 2009-04-17 00:49 16384 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2005-06-14 23:22 . 2009-04-17 02:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-06-14 23:22 . 2009-04-17 01:51 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5BF49A0-94F3-42BD-F434-3604812C8955}]
2009-04-17 00:13 15000 ----a-w c:\windows\system32\zfgh83jg3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-04-27 6877184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1713664]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 4662776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 34816]
"Google Update"="c:\documents and settings\kpss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-14 39408]
"Diagnostic Manager"="c:\docume~1\kpss\LOCALS~1\Temp\2160835170.exe" [2009-04-17 166401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-04 364544]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 311296]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 626688]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 147515]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-23 53408]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-10-04 421888]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-10-04 405504]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-06-10 45568]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 102400]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 241664]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-17 303104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-14 299008]
"Knoqaj"="c:\windows\ahocipisozoq.dll" [2007-03-08 158208]
"services"="c:\windows\services.exe" [2009-04-17 68096]
"reader_s"="c:\windows\System32\reader_s.exe" [2009-04-17 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Resurections"="c:\windows\TEMP\sc6rf8pc5h.exe" [BU]
"reader_s"="c:\documents and settings\kpss\reader_s.exe" [2009-04-17 36352]
"Diagnostic Manager"="c:\windows\TEMP\472274124.exe" [2009-04-17 166401]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-9 45056]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-10-5 61440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"NoFolderOptions"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{A5AF42A3-94F3-42BD-F634-0604832C897D}"= "c:\windows\system32\yaubfh983ind.dll" [2009-04-15 15000]
"{D5BF49A0-94F3-42BD-F434-3604812C8955}"= "c:\windows\system32\zfgh83jg3.dll" [2009-04-17 15000]
"{D7BF4552-94F1-42BD-F434-3604812C856D}"= "c:\windows\system32\jh9fgo4ksdgf.dll" [2009-04-17 15000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\explorer.exe,c:\windows\system32\codeblocks.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-10-04 03:59 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\ThunMail\testabd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli wiqlusv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\3361\\svchost.exe"=

R1 88742f67;88742f67; [x]
R1 dbg9806;dbg9806; [x]
R1 ethuwovp;ethuwovp; [x]
R1 kct3a9c;kct3a9c; [x]
R1 khe184b;khe184b; [x]
R1 liad877;liad877; [x]
R1 nfc6b69;nfc6b69; [x]
R1 qnfd534;qnfd534; [x]
R1 rjg9881;rjg9881; [x]
R1 tqiee0f;tqiee0f; [x]
R3 restore;restore; [x]
S0 protect;protect; [x]
S1 NEOFLTR_530_11339;Juniper Networks TDI Filter Driver (NEOFLTR_530_11339);c:\windows\system32\Drivers\NEOFLTR_530_11339.SYS [2006-11-21 57063]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~3\NPROTECT.EXE [2005-10-03 95832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-04-04 106808]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROTECT
*NewlyCreated* - RJG9881
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - APPDRV
*Deregistered* - Arp1394
*Deregistered* - ASCTRM
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Automatic LiveUpdate Scheduler
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - drvnddm
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - EvtEng
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - iPodService
*Deregistered* - IPSec
*Deregistered* - IWCA
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LiveUpdate
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NEOFLTR_530_11339
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - NICCONFIGSVC
*Deregistered* - Nla
*Deregistered* - NPDriver
*Deregistered* - NPFMntor
*Deregistered* - Npfs
*Deregistered* - NProtectService
*Deregistered* - NSCService
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - omci
*Deregistered* - PartMgr
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - protect
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RegSrvc
*Deregistered* - rjg9881
*Deregistered* - RpcSs
*Deregistered* - S24EventMonitor
*Deregistered* - s24trans
*Deregistered* - SamSs
*Deregistered* - SAVRTPEL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfc
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SNDSrvc
*Deregistered* - SPBBCDrv
*Deregistered* - SPBBCSvc
*Deregistered* - Speed Disk service
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssrtln
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Symantec Core LC
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMIDSCO
*Deregistered* - symlcbrd
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tfsnboio
*Deregistered* - tfsncofs
*Deregistered* - tfsndrct
*Deregistered* - tfsndres
*Deregistered* - tfsnifs
*Deregistered* - tfsnopio
*Deregistered* - tfsnpool
*Deregistered* - tfsnudf
*Deregistered* - tfsnudfa
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - w32time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WLANKEEPER
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc119606-9ff6-11db-a491-00123fd6c627}]
\Shell\AutoRun\command - e:\jdsecure\Windows\JDSecure20.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-21 00:24]

2009-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2891349550-1652811976-2068321220-1006.job
- c:\documents and settings\kpss\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 18:18]

2009-04-11 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - kpss.job
- c:\progra~1\NORTON~2\NORTON~2\Navw32.exe [2005-09-24 05:03]

2009-04-06 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2005-10-06 02:02]

2009-04-12 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell4me.com/myway
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: aol.com\free
FF - ProfilePath - c:\documents and settings\kpss\Application Data\Mozilla\Firefox\Profiles\9dnz4f8i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 22:51
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

? [36888]
? [42668]
? [50340]
? [49528]
? [49620]

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\codeblocks.exe 66560 bytes executable
c:\windows\system32\11.tmp 168 bytes
c:\windows\system32\12.tmp 71680 bytes executable
c:\windows\system32\15.tmp 19420 bytes executable
c:\windows\system32\17.tmp 0 bytes
c:\windows\system32\reader_s.exe 36352 bytes executable

scan completed successfully
hidden files: 6

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\tcpcon.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\program files\Neoteris\Secure Application Manager\samnsp.dll
c:\windows\system32\IPHACTION.dll
c:\windows\system32\ImgUtil.dll

- - - - - - - > 'lsass.exe'(1056)
c:\windows\wiqlusv.dll

- - - - - - - > 'explorer.exe'(102424)
c:\windows\system32\zlib.dll
c:\program files\Neoteris\Secure Application Manager\samnsp.dll
c:\windows\wiqlusv.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\ahocipisozoq.dll
c:\windows\system32\yaubfh983ind.dll
c:\windows\system32\zfgh83jg3.dll
c:\windows\system32\jh9fgo4ksdgf.dll
c:\windows\system32\browselc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\progra~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\windows\system32\rundll32.exe
c:\windows\temp\441278486.exe
.
**************************************************************************
.
Completion time: 2009-04-17 23:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-17 03:18
ComboFix2.txt 2009-04-17 02:01

Pre-Run: 10,749,812,736 bytes free
Post-Run: 10,884,964,352 bytes free

538 --- E O F --- 2009-03-12 10:44
********************************

0

Your computer is grossly infected, that is for sure and frankly am not certain this can be fixed without a reformat of the computer.
You have a huge number of TEMP files on there. Please run this program CCleaner to get rid of all of these.
Then reboot the computer, update MBA-M and run a Full System scan with it, REMOVE EVERYTHING found.
Reboot and then run a new HJT scan and post back with both logs.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.