0

My Windows XP machine was recently infected with a virus. I received the virus from advertising on a website. My virus scanner (avast!) told me there were infected files in my temporary internet folder and it spread from there. The alerts were killing me, so I disabled it and manually removed the virus.

The virus was called "Antivirus System Pro" - a virus posing as antivirus software. After finding instructions on how to do so, I removed each of the files associated with the virus.
http://remove-malware.net/how-to-remove-antivirus-system-pro-rogue-anti-spyware/

But now, I can't run Mozilla Firefox - the browser I was running when my machine became contaminated. When I double click firefox.exe, my Task Manager displays Firefox for a split second, but it quickly disappears from the list. No window ever comes out.

In desperation, I tried to run Internet Explorer. A window comes up, but the program quickly freezes and never successfully loads a page.

I'm using Google Chrome right now.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:22 AM, on 6/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Luther Vespers\Desktop\Virus Killers\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\LUTHER VESPERS\Application Data\Mozilla\Profiles\default\ztgzpvyj.slt\prefs.js)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Luther Vespers\Application Data\Mozilla\Firefox\Profiles\g5e2b0xi.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Luther Vespers\Application Data\Mozilla\Firefox\Profiles/g5e2b0xi.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [luwahejeso] Rundll32.exe "C:\WINDOWS\system32\fokubino.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [luwahejeso] Rundll32.exe "C:\WINDOWS\system32\fokubino.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170653378703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ,
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9444 bytes


Anything helps. Thanks.

3
Contributors
9
Replies
10
Views
8 Years
Discussion Span
Last Post by gerbil
0

This may prove to be an obvious and useless answer if you've already done it and not mentioned that you did (or if you did and I just didn't notice), but did you try removing firefox from your system and then re-installing? As for IE, you can remove and then re-install it using your windows XP CD.

0

Yes, I've re-installed Firefox. I did not, however, select the option to remove my personal data and customizations. I'd rather not unless I have to.
I even tried installing it in a separate folder and running that Firefox, but the same problem occurs.

0

Bit of infection still in there, so for a start:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].

MBAM can still be installed and updated without a connection. Using a flashdrive on another system, download & save the installer file from http://www.majorgeeks.com/Malwarebyt...are_d5756.html, then dl the latest updates file: http://www.gt500.org/malwarebytes/database.jsp , both to a thumbdrive.
Run the installer, when it completes uncheck the Launch and Update boxes to finish. Next, dclick the mbam-rules.exe file, it will install into MBAM.
Start MBAM via the icon and ...
Finally, another HJT log plus your comments.

0

I ran Malwarebytes' Anti-Malware. I'd done so before, but as I was running it a second time, Avast gave me a couple of alerts and I deleted those files. So the Anti-Malware log shows no malicious files detected.

My browsers remain unchanged.

Here is my latest HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:11 PM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Luther Vespers\Desktop\Virus Killers\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\LUTHER VESPERS\Application Data\Mozilla\Profiles\default\ztgzpvyj.slt\prefs.js)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Luther Vespers\Application Data\Mozilla\Firefox\Profiles\g5e2b0xi.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Luther Vespers\Application Data\Mozilla\Firefox\Profiles/g5e2b0xi.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [luwahejeso] Rundll32.exe "C:\WINDOWS\system32\fokubino.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [luwahejeso] Rundll32.exe "C:\WINDOWS\system32\fokubino.dll",s (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170653378703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL ,
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 9286 bytes

0

Ok, we shall try this, MBAM is blind to them for some reason.
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : disconnect from the web, turn off your Antivirus, Antispyware and Firewall for the duration of this scan. Don't forget to reset them before you go back on the web!
- to run it dclick the Combofix.exe icon and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply, with a fresh hijackthis log.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

0

Hey, I'm posting this from Firefox!
Combofix seemed to do the trick.

Here is the log:

ComboFix 09-06-14.02 - Luther Vespers 06/14/2009 19:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1364 [GMT -7:00]
Running from: c:\documents and settings\Luther Vespers\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000111_.tmp.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.

2009-06-15 02:36 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-15 02:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-13 17:40 . 2009-06-13 17:40 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-07 17:29 . 2009-06-07 17:29 -------- d-----w- c:\program files\The Game Creators
2009-06-04 04:21 . 2009-06-14 22:34 -------- d-----w- c:\program files\Steam
2009-06-03 06:04 . 2009-06-03 06:05 -------- d-----w- c:\documents and settings\Luther Vespers\Java Eclipse
2009-06-03 05:49 . 2009-06-03 05:49 -------- d-----w- c:\program files\Sun
2009-05-16 20:21 . 2009-05-16 20:22 476413 ----a-w- c:\documents and settings\Luther Vespers\lab14MU.exe
2009-05-16 20:10 . 2009-05-16 20:10 477028 ----a-w- c:\documents and settings\Luther Vespers\file2.exe
2009-05-16 18:33 . 2009-05-16 18:33 500299 ----a-w- c:\documents and settings\Luther Vespers\out_file_function.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 20:06 . 2006-10-29 03:10 -------- d-----w- c:\program files\Starcraft
2009-06-13 17:40 . 2009-04-26 06:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 22:20 . 2009-06-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-06-11 23:06 . 2007-05-17 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-11 20:08 . 2008-06-30 07:17 -------- d-----w- c:\program files\Diablo II
2009-06-09 04:48 . 2009-03-10 02:10 1 ----a-w- c:\documents and settings\Luther Vespers\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-07 17:29 . 2006-10-29 02:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-07 17:24 . 2006-10-29 02:45 84816 ----a-w- c:\documents and settings\Luther Vespers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 07:25 . 2009-06-07 07:23 -------- d-----w- c:\program files\Microsoft DirectX SDK (August 2007)
2009-06-03 05:49 . 2008-12-27 01:13 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-03 05:47 . 2006-12-11 04:42 -------- d-----w- c:\program files\Java
2009-06-03 05:10 . 2006-11-02 00:58 -------- d-----w- c:\documents and settings\Luther Vespers\Application Data\uTorrent
2009-05-26 20:20 . 2009-04-26 06:21 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 20:19 . 2009-04-26 06:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-25 08:58 . 2006-10-29 03:26 -------- d-----w- c:\program files\Trillian
2009-05-17 07:29 . 2009-05-04 23:38 475713 ----a-w- c:\documents and settings\Luther Vespers\vector.exe
2009-05-16 18:15 . 2009-05-14 00:26 476382 ----a-w- c:\documents and settings\Luther Vespers\G03456148-lab16.exe
2009-05-14 00:16 . 2009-05-13 04:07 475129 ----a-w- c:\documents and settings\Luther Vespers\lab16.exe
2009-05-12 03:55 . 2007-10-19 03:56 -------- d-----w- c:\documents and settings\Luther Vespers\Application Data\dvdcss
2009-05-11 22:34 . 2009-05-11 22:34 -------- d-----w- c:\program files\Musitek
2009-05-11 22:24 . 2009-05-11 22:24 -------- d-----w- c:\program files\Transcribe!
2009-05-11 02:57 . 2009-05-07 02:42 476307 ----a-w- c:\documents and settings\Luther Vespers\lab15.exe
2009-05-11 02:53 . 2009-04-01 01:40 -------- d-----w- c:\documents and settings\Luther Vespers\Application Data\Dev-Cpp
2009-05-10 19:34 . 2009-05-10 19:34 4878336 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\102\install\Legions.exe
2009-05-10 19:34 . 2009-05-10 19:34 3727720 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\102\install\d3dx9_35.dll
2009-05-10 19:34 . 2009-05-10 19:34 345088 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\102\install\fmodex.dll
2009-05-10 19:27 . 2009-05-10 19:27 971544 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\101\install\d3dx9_31.dll
2009-05-10 19:27 . 2009-05-10 19:27 60416 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\101\install\OpenAL32.dll
2009-05-10 19:27 . 2009-05-10 19:27 4214784 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\101\install\ThinkTanks.exe
2009-05-10 19:27 . 2009-05-10 19:27 316416 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\101\install\fmodex.dll
2009-05-10 19:27 . 2009-05-10 19:27 270336 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\101\install\d3dx8dll.dll
2009-05-10 19:27 . 2009-05-10 19:27 1338728 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\101\install\d3dx9_33.dll
2009-05-10 19:09 . 2009-05-10 19:08 -------- d-----w- c:\documents and settings\Luther Vespers\Application Data\GarageGames
2009-05-10 19:09 . 2009-05-10 19:09 61136 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\100\install\xinput9_1_0.dll
2009-05-10 19:09 . 2009-05-10 19:09 4308992 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\100\install\marbleBlast.exe
2009-05-10 19:09 . 2009-05-10 19:09 316416 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\100\install\fmodex.dll
2009-05-10 19:09 . 2009-05-10 19:09 3495784 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\100\install\d3dx9_33.dll
2009-05-10 19:09 . 2009-05-10 19:09 319488 ----a-w- c:\documents and settings\Luther Vespers\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\100\install\d3dx8dll.dll
2009-05-09 20:13 . 2009-05-09 19:17 475567 ----a-w- c:\documents and settings\Luther Vespers\permutations.exe
2009-05-09 04:41 . 2006-10-29 03:33 -------- d-----w- c:\program files\World of Warcraft
2009-05-07 15:32 . 2001-08-23 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 02:04 . 2009-05-03 20:07 518519 ----a-w- c:\documents and settings\Luther Vespers\reverse.exe
2009-05-03 20:18 . 2009-05-02 03:44 477803 ----a-w- c:\documents and settings\Luther Vespers\lab14.exe
2009-05-03 17:20 . 2009-05-03 17:20 475303 ----a-w- c:\documents and settings\Luther Vespers\atol.exe
2009-05-02 01:58 . 2009-05-01 02:26 476431 ----a-w- c:\documents and settings\Luther Vespers\cmd_argument.exe
2009-04-30 03:25 . 2009-04-30 03:25 40960 ----a-r- c:\documents and settings\Luther Vespers\Application Data\Microsoft\Installer\{A65D967F-BD6F-400C-B717-EF6299A0F660}\NewShortcut12_F6CCFCBB78B24D589ADCC69A2655ECF1.exe
2009-04-30 03:25 . 2009-04-30 03:25 40960 ----a-r- c:\documents and settings\Luther Vespers\Application Data\Microsoft\Installer\{A65D967F-BD6F-400C-B717-EF6299A0F660}\NewShortcut1_358BA633EFF048B0BD8E12EA48D18ABB.exe
2009-04-30 03:25 . 2009-04-30 03:25 40960 ----a-r- c:\documents and settings\Luther Vespers\Application Data\Microsoft\Installer\{A65D967F-BD6F-400C-B717-EF6299A0F660}\ARPPRODUCTICON.exe
2009-04-30 03:24 . 2009-04-30 03:24 -------- d-----w- c:\program files\REA
2009-04-29 04:56 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-10-29 02:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 01:00 . 2009-04-27 00:41 -------- d-----w- c:\program files\Stardock
2009-04-27 00:55 . 2009-04-27 00:52 -------- d-----w- c:\documents and settings\Luther Vespers\Application Data\Stardock
2009-04-27 00:52 . 2009-04-27 00:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-04-27 00:52 . 2009-04-27 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-04-26 06:21 . 2009-04-26 06:21 -------- d-----w- c:\documents and settings\Luther Vespers\Application Data\Malwarebytes
2009-04-26 06:21 . 2009-04-26 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-23 00:27 . 2009-04-23 00:27 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-23 00:26 . 2009-04-23 00:26 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-04-23 00:25 . 2009-04-23 00:25 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-04-23 00:25 . 2009-04-23 00:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-04-23 00:24 . 2009-04-23 00:23 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-04-23 00:22 . 2009-04-23 00:22 -------- d-----w- c:\program files\Microsoft SDKs
2009-04-23 00:21 . 2009-01-04 06:58 177920 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-22 07:20 . 2009-04-22 07:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-22 07:20 . 2009-04-22 07:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-17 12:26 . 2001-08-23 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 03:15 . 2009-04-17 03:15 152576 ----a-w- c:\documents and settings\Luther Vespers\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-15 14:51 . 2001-08-23 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 23:19 . 2009-04-13 23:19 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-08 14:57 . 2009-04-27 00:52 2674832 -c--a-w- c:\documents and settings\All Users\Application Data\{62902F53-D725-44F9-B385-979CC0E00E8A}\shareware.exe
2009-03-20 22:25 . 2009-03-20 22:25 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 23:32 . 2006-09-19 23:44 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-11-13 06:11 . 2006-10-31 01:20 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-06 16:42 . 2006-10-29 03:41 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-13 29744]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"WebcamMaxMoniter"="c:\program files\WebcamMax\CAMTHINS.exe" [2007-03-07 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-06 413696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-03 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-04 16206848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\Luther Vespers\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Sauerbraten\\bin\\sauerbraten.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51075:TCP"= 51075:TCP:uTorrent
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/2/2008 4:07 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2008 4:07 PM 20560]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [1/10/2007 10:39 PM 243584]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/30/2006 6:20 PM 29744]
S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [12/11/2006 6:37 PM 3680]

--- Other Services/Drivers In Memory ---

*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}
.
Contents of the 'Scheduled Tasks' folder

2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2052111302-725345543-1003.job
- c:\documents and settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:58]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKCU-RunOnce-FFTI - c:\documents and settings\Luther Vespers\Application Data\Mozilla\Firefox\Profiles\g5e2b0xi.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
HKLM-Run-NWEReboot - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aol.com\free
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 19:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\netcfgx.dll:Zone.Identifier 49152 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1078081533-2052111302-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:91,9b,11,5f,0f,3b,0a,2b,af,b7,a4,e9,31,ea,97,52,37,d4,fe,95,07,
bc,fb,f9,24,42,bd,0f,9e,42,7c,2f,5a,de,0b,2b,76,06,68,b7,5d,5a,e7,fe,6f,11,\
"rkeysecu"=hex:c1,d5,c3,a8,5d,be,0f,f3,30,67,ea,1d,c1,cd,b1,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3788)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\CF31045.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-15 19:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 02:43

Pre-Run: 62,853,799,936 bytes free
Post-Run: 64,688,623,616 bytes free

250 --- E O F --- 2009-06-11 23:06


Additionally, my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:42 PM, on 6/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Luther Vespers\Desktop\Virus Killers\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\LUTHER VESPERS\Application Data\Mozilla\Profiles\default\ztgzpvyj.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Luther Vespers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170653378703
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8060 bytes


Thanks for the help, everyone.
If there's anything else I should do, let me know. As far as I can tell, my computer is virus free.

0

Well, that is interesting behaviour, not at all what I expected.
This is the file that concerned me.. it is a virus capable of spawning 100s of other files: C:\WINDOWS\system32\fokubino.dll
It was initiated by these keys:
O4 - HKUS\S-1-5-19\..\Run: [luwahejeso] Rundll32.exe "C:\WINDOWS\system32\fokubino.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [luwahejeso] Rundll32.exe "C:\WINDOWS\system32\fokubino.dll",s (User 'NETWORK SERVICE')
MBAM would not touch them; I expected to see them listed in the Combofix report, but no. And they are gone from your last HJT log.
All appears good with the logs now; i note that FF is working for you, how about IE?
If that file, fokubino.dll is inside the Combofix quarantine at C:Qoobox would you please go to this web page http://virusscan.jotti.org/, click browse and submit it for examination [instructions are on the page].
Post any positive result.
Then, go Start, Run..
combofix /u
Diablo II. Dated, but I still love that game. It's the scenery [or some of it], the concepts. I don't think any other game has come close. The writers really researched mid-eastern history and mythology.

0

Internet Explorer is now working - as well as it was designed to, anyways.
I checked the Combofix quarantine, and the only thing I found was a file called "_000111_.tmp.dll.vir" in the Quarantine\C\WINDOWS\system32 directory.

Diablo II... a phenomenal game. I played it for far too long. I hope Diablo III is just as good.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.