BleepingComputer.com: Cannot run MBAM, HiJack This, or install AVG.

Thanks. I'l notify ComboFix author and post back here with further instructions asap.

Hi again,

I need you to run a little test.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
@echo off
PEV PLIST >Plist00
PEV -fs32 -filesPlist00 -t!o -output:Plist01
PEV -fs32 -filesPlist01 -t!g -c##f#b#d#i#k#g# -output:Plist02
Zip -mq UploadThis PList0?
del %0

Double-click on fixes.bat file to execute it. Let me know if that causes BSOD.

No, it did not cause the Blue Screen of Death. It opened up a window, the window closed without seeing any scripts, and the fixes file diappeared from the desktop.

Ok. Thanks for testing. Please post a fresh rsit log.

Here is a fresh RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-11-23 07:45:53
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 38 GB (50%) free of 76 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:59 AM, on 11/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\mxtask2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1247701221125
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PC FineTune Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe

--
End of file - 6171 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]
ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2008-11-04 255472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]
ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2008-11-04 415216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]
ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2008-11-04 280048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2008-11-04 873968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-11-20 266240]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\System32\qbubjogw.exe"="C:\WINDOWS\System32\qbubjogw.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\azvyue.exe"="C:\WINDOWS\System32\azvyue.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\ssywx.exe"="C:\WINDOWS\System32\ssywx.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\qvvcq.exe"="C:\WINDOWS\System32\qvvcq.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\jqbfdhz.exe"="C:\WINDOWS\System32\jqbfdhz.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\apkprhx.exe"="C:\WINDOWS\System32\apkprhx.exe:*:Enabled:Ultimate Tool"
"C:\youre.exe"="C:\youre.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\zoyyyz.exe"="C:\WINDOWS\System32\zoyyyz.exe:*:Enabled:Ultimate Tool"
"C:\WINDOWS\System32\msbiygma.exe"="C:\WINDOWS\System32\msbiygma.exe:*:Enabled:Ultimate Tool"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setup.exe


======List of files/folders created in the last 1 months======

2009-11-21 14:00:59 ----SHD---- C:\Config.Msi
2009-11-21 13:14:07 ----D---- C:\8adb8fefd5dcc7ce8c68f0
2009-11-21 13:13:59 ----SD---- C:\Combo-Fix
2009-11-21 12:57:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-21 12:57:17 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-21 12:57:17 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2009-11-20 16:50:33 ----D---- C:\WINDOWS\system32\NtmsData
2009-11-18 07:18:20 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-11-18 07:00:23 ----A---- C:\Boot.bak
2009-11-18 07:00:13 ----RASHD---- C:\cmdcons
2009-11-18 05:37:59 ----A---- C:\WINDOWS\zip.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\SWSC.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\SWREG.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\sed.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\PEV.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\MBR.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\grep.exe
2009-11-17 05:32:19 ----D---- C:\WINDOWS\ERDNT
2009-11-17 05:30:32 ----D---- C:\Qoobox
2009-11-12 13:27:55 ----A---- C:\WINDOWS\system32\muweb.dll
2009-11-12 13:27:55 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-12 13:27:55 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-11-09 18:36:58 ----D---- C:\Program Files\trend micro
2009-11-09 18:36:57 ----D---- C:\rsit
2009-11-09 14:41:06 ----D---- C:\Program Files\Microsoft Security Essentials
2009-11-09 14:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2009-11-09 14:32:31 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-09 14:29:37 ----D---- C:\Program Files\Windows Defender
2009-11-09 14:24:30 ----D---- C:\WINDOWS\Prefetch
2009-11-09 14:19:58 ----N---- C:\WINDOWS\system32\proxycfg.exe
2009-11-09 14:19:58 ----N---- C:\WINDOWS\system32\logman.exe
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\bthserv.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\bthci.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir50_qcx.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir50_qc.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir50_32.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir41_qcx.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir41_qc.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\d3d9.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2p.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmpasf.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmp.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmidx.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmerror.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\twext.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\slserv.exe
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\slgen.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wshbth.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\slrundll.exe
2009-11-09 14:17:08 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-11-09 14:16:40 ----A---- C:\WINDOWS\002220_.tmp
2009-11-09 11:38:47 ----D---- C:\Documents and Settings\user\Application Data\Sun
2009-11-07 22:18:20 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-07 14:02:07 ----D---- C:\Documents and Settings\user\Application Data\AVG8
2009-11-07 10:33:04 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-06 21:00:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-06 21:00:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-06 20:33:14 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-11-22 20:40:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-22 20:18:00 ----D---- C:\WINDOWS\Temp
2009-11-22 20:16:54 ----SD---- C:\WINDOWS\Tasks
2009-11-22 20:14:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-21 14:01:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-21 14:00:59 ----SHD---- C:\WINDOWS\Installer
2009-11-21 12:57:17 ----RD---- C:\Program Files
2009-11-21 12:54:51 ----D---- C:\WINDOWS\system32\drivers
2009-11-21 12:53:20 ----D---- C:\WINDOWS\Minidump
2009-11-21 12:53:20 ----D---- C:\WINDOWS
2009-11-20 17:03:58 ----SHD---- C:\System Volume Information
2009-11-20 16:52:39 ----D---- C:\WINDOWS\repair
2009-11-20 16:52:36 ----D---- C:\WINDOWS\Registration
2009-11-20 16:50:33 ----D---- C:\WINDOWS\system32
2009-11-20 16:50:32 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-11-20 07:50:47 ----D---- C:\WINDOWS\system32\config
2009-11-18 08:09:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-18 07:28:49 ----D---- C:\WINDOWS\system32\wins
2009-11-18 07:00:23 ----RASH---- C:\boot.ini
2009-11-18 06:42:48 ----HD---- C:\WINDOWS\inf
2009-11-12 13:27:55 ----D---- C:\WINDOWS\Help
2009-11-09 14:45:26 ----D---- C:\WINDOWS\Debug
2009-11-09 14:41:42 ----D---- C:\WINDOWS\security
2009-11-09 14:40:59 ----A---- C:\WINDOWS\imsins.BAK
2009-11-09 14:40:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-09 14:28:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-09 14:25:55 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-09 14:24:57 ----A---- C:\WINDOWS\setuplog.txt
2009-11-09 14:24:04 ----D---- C:\WINDOWS\system32\wbem
2009-11-09 14:24:04 ----D---- C:\WINDOWS\AppPatch
2009-11-09 14:24:03 ----RSD---- C:\WINDOWS\Fonts
2009-11-09 14:22:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-09 14:20:21 ----A---- C:\WINDOWS\win.ini
2009-11-09 14:19:57 ----D---- C:\WINDOWS\system32\Setup
2009-11-09 14:19:57 ----D---- C:\WINDOWS\system32\oobe
2009-11-09 14:19:57 ----D---- C:\Program Files\Common Files\System
2009-11-09 14:19:56 ----D---- C:\WINDOWS\system32\mui
2009-11-09 14:19:56 ----D---- C:\WINDOWS\ime
2009-11-09 14:19:49 ----D---- C:\Program Files\Windows Media Player
2009-11-09 14:19:48 ----D---- C:\WINDOWS\PeerNet
2009-11-09 14:19:48 ----D---- C:\Program Files\Movie Maker
2009-11-09 14:19:47 ----D---- C:\WINDOWS\Media
2009-11-09 14:18:23 ----D---- C:\Program Files\Internet Explorer
2009-11-09 14:18:22 ----D---- C:\WINDOWS\system32\Restore
2009-11-09 14:18:22 ----D---- C:\WINDOWS\system32\npp
2009-11-09 14:18:22 ----D---- C:\WINDOWS\msagent
2009-11-09 14:18:20 ----D---- C:\WINDOWS\srchasst
2009-11-09 14:18:18 ----D---- C:\Program Files\NetMeeting
2009-11-09 14:18:17 ----D---- C:\WINDOWS\system32\Com
2009-11-09 14:18:14 ----D---- C:\Program Files\Windows NT
2009-11-09 14:18:14 ----D---- C:\Program Files\Outlook Express
2009-11-09 14:18:02 ----D---- C:\WINDOWS\system32\usmt
2009-11-09 14:18:01 ----D---- C:\WINDOWS\system
2009-11-09 14:17:08 ----RD---- C:\WINDOWS\Web
2009-11-09 14:17:00 ----RASH---- C:\NTDETECT.COM
2009-11-09 14:16:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-09 14:15:30 ----D---- C:\WINDOWS\EHome
2009-11-07 22:18:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-06 21:11:25 ----D---- C:\Program Files\ESET
2009-11-06 20:33:24 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2004-11-10 94976]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-12-12 1124097]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 jwgvxnhg;jwgvxnhg; \??\C:\WINDOWS\system32\drivers\jwgvxnhg.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 SABKUTIL;SABKUTIL; \??\C:\Documents and Settings\user\Desktop\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT2500.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 app_filter;app_filter; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-20 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-10-30 20543]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-11-20 110653]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-11-20 53313]
R2 PC FineTune Task Manager;PC FineTune Task Manager; C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe [2008-11-14 120088]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

-----------------EOF-----------------

Hi,

On the last batch run you should had been left with UploadThis.zip file on your desktop. Can you find it? Please attach the file to your post.

Ok, attached is the uploadthis file

Hi,

Please download a fresh ComboFix version from one of the given links to your desktop:
Link 1
Link 2

After that, have protection software disabled and run ComboFix. Post back the resultant log.

Hooray, here is the resultant log:

ComboFix 09-11-22.02 - user 11/23/2009 17:10.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.591 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JR\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\documents and settings\user\Application Data\bcrypt.html
c:\recycler\S-1-5-21-682003330-1682526488-725345543-1004
c:\windows\system32\drivers\UACnqtirprqxf.sys
c:\windows\system32\UACdhxnsefxyy.dll
c:\windows\system32\UACmlkyxuirtn.dll
c:\windows\system32\UACpbaslwbpxo.db
c:\windows\system32\UACsjgpqfvphh.dat
c:\windows\system32\UACteparmkutv.dll
c:\windows\system32\UACtowkmbdupx.dll
c:\windows\system32\UACuboxjkvrns.dll
c:\windows\system32\UACuwybvkspmy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HWCLOCK
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-23 01:39 . 2009-11-23 01:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2009-11-21 20:07 . 2009-11-21 20:07 5941731 ----a-w- C:\Combo-Fix.zip
2009-11-21 19:14 . 2009-11-21 19:14 -------- d-----w- C:\8adb8fefd5dcc7ce8c68f0
2009-11-21 18:57 . 2009-11-21 18:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-21 18:57 . 2009-11-21 20:01 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-11-21 18:57 . 2009-11-21 20:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-20 22:50 . 2009-11-23 01:30 -------- d-----w- c:\windows\system32\NtmsData
2009-11-18 13:18 . 2009-11-18 13:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-11-18 11:56 . 2004-11-03 20:58 86144 ----a-r- c:\windows\system32\drivers\nvatabus_2.sys
2009-11-12 19:27 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-12 19:27 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-10 00:36 . 2009-11-23 13:45 -------- d-----w- c:\program files\trend micro
2009-11-10 00:36 . 2009-11-10 00:37 -------- d-----w- C:\rsit
2009-11-09 20:41 . 2009-11-09 20:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-09 20:32 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-09 20:29 . 2009-11-09 20:29 20072 ------w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-09 20:29 . 2009-11-09 20:29 -------- d-----w- c:\program files\Windows Defender
2009-11-09 20:17 . 2004-08-04 06:56 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-11-08 04:18 . 2009-11-08 04:44 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-07 20:02 . 2009-11-07 20:02 -------- d-----w- c:\documents and settings\user\Application Data\AVG8
2009-11-07 03:00 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 03:00 . 2009-11-08 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 03:00 . 2009-11-07 03:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-07 03:00 . 2009-09-10 20:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 02:22 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-07 02:21 . 2001-08-18 04:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-07 02:20 . 2001-08-17 18:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-11-07 02:19 . 2001-08-17 19:28 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2009-11-07 02:19 . 2001-08-17 19:28 241206 -c--a-w- c:\windows\system32\dllcache\el656se5.sys
2009-11-07 02:19 . 2001-08-17 18:11 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2009-11-07 02:19 . 2001-08-17 18:11 69194 -c--a-w- c:\windows\system32\dllcache\el656cd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 24653 -c--a-w- c:\windows\system32\dllcache\el574nd4.sys
2009-11-07 02:19 . 2001-08-17 18:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2009-11-07 02:19 . 2001-08-17 18:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 20:01 . 2009-07-24 06:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-09 20:21 . 2009-07-15 19:31 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-07 16:16 . 2009-07-24 07:05 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\EarthLink
2009-11-07 16:03 . 2009-11-07 02:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\EarthLink
2009-11-07 03:11 . 2007-06-21 16:15 -------- d-----w- c:\program files\ESET
2009-10-12 18:32 . 2009-07-20 14:39 -------- d-----w- c:\documents and settings\user\Application Data\MSN6
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-20 266240]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 app_filter;app_filter;c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [11/20/2004 5:01 AM 139264]
R2 PC FineTune Task Manager;PC FineTune Task Manager;c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe -Service --> c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe -Service [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 jwgvxnhg;jwgvxnhg;\??\c:\windows\system32\drivers\jwgvxnhg.sys --> c:\windows\system32\drivers\jwgvxnhg.sys [?]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\user\Desktop\SABKUTIL.sys --> c:\documents and settings\user\Desktop\SABKUTIL.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: EarthLink Google Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 17:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:eb,9a,45,b4,3f,41,43,01,85,ee,3a,44
"LastWPAEventLogged"=hex:d9,07,07,00,03,00,0f,00,13,00,24,00,2a,00,fd,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe
c:\progra~1\EARTHL~2\PCFINE~1\mxtask2.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-11-23 17:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-23 23:21

Pre-Run: 39,821,787,136 bytes free
Post-Run: 40,168,480,768 bytes free

- - End Of File - - 714A74B35BD2AEF87BBE5FA689022CCB

Great Please provide a fresh rsit log now.

Here is the fresh RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-11-24 07:51:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 38 GB (50%) free of 76 GB
Total RAM: 1023 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:35 AM, on 11/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\EARTHL~2\PCFINE~1\mxtask2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1247701221125
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: PC FineTune Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe

--
End of file - 5813 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{512ACF1B-64D9-4928-B382-A80556F28DB4}]
ElnkPubBHO Class - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll [2008-11-04 255472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9579D574-D4D8-4335-9560-FE8641A013BD}]
ElnkProtectionBHO Class - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll [2008-11-04 415216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E713904C-DF05-4C79-BBAD-02DB923253BE}]
ElnkLegacyUninstBHO Class - C:\Program Files\EarthLink\Toolbar\uninsttb.dll [2008-11-04 280048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C7768536-96F8-4001-B1A2-90EE21279187} - EarthLink Toolbar - C:\Program Files\EarthLink\Toolbar\Toolbar.dll [2008-11-04 873968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"=C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-11-20 266240]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88204]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-11-23 17:21:41 ----D---- C:\WINDOWS\temp
2009-11-23 17:21:40 ----A---- C:\ComboFix.txt
2009-11-21 14:00:59 ----D---- C:\Config.Msi
2009-11-21 13:14:07 ----D---- C:\8adb8fefd5dcc7ce8c68f0
2009-11-21 12:57:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-21 12:57:17 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-21 12:57:17 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2009-11-20 16:50:33 ----D---- C:\WINDOWS\system32\NtmsData
2009-11-18 07:18:20 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-11-18 07:00:23 ----A---- C:\Boot.bak
2009-11-18 07:00:13 ----RASHD---- C:\cmdcons
2009-11-18 05:37:59 ----A---- C:\WINDOWS\zip.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\SWSC.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\SWREG.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\sed.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\PEV.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\MBR.exe
2009-11-18 05:37:59 ----A---- C:\WINDOWS\grep.exe
2009-11-17 05:32:19 ----D---- C:\WINDOWS\ERDNT
2009-11-17 05:30:32 ----D---- C:\Qoobox
2009-11-12 13:27:55 ----A---- C:\WINDOWS\system32\muweb.dll
2009-11-12 13:27:55 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-12 13:27:55 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-11-09 18:36:58 ----D---- C:\Program Files\trend micro
2009-11-09 18:36:57 ----D---- C:\rsit
2009-11-09 14:41:06 ----D---- C:\Program Files\Microsoft Security Essentials
2009-11-09 14:40:56 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2009-11-09 14:32:31 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-09 14:29:37 ----D---- C:\Program Files\Windows Defender
2009-11-09 14:24:30 ----D---- C:\WINDOWS\Prefetch
2009-11-09 14:19:58 ----N---- C:\WINDOWS\system32\proxycfg.exe
2009-11-09 14:19:58 ----N---- C:\WINDOWS\system32\logman.exe
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\bthserv.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\bthci.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-11-09 14:19:53 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir50_qcx.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir50_qc.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir50_32.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir41_qcx.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ir41_qc.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\dxdiagn.dll
2009-11-09 14:19:52 ----N---- C:\WINDOWS\system32\d3d9.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\p2p.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mspmsnsv.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mp4sdmod.dll
2009-11-09 14:19:51 ----N---- C:\WINDOWS\system32\mp43dmod.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmspdmod.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmsdmoe2.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmpasf.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmp.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmidx.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\wmerror.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\twext.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\slserv.exe
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-11-09 14:19:50 ----N---- C:\WINDOWS\system32\slgen.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wuaueng1.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wuauclt1.exe
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wshbth.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wmvdmoe2.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\system32\wmspdmoe.dll
2009-11-09 14:19:49 ----N---- C:\WINDOWS\slrundll.exe
2009-11-09 14:17:08 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-11-09 14:16:40 ----A---- C:\WINDOWS\002220_.tmp
2009-11-09 11:38:47 ----D---- C:\Documents and Settings\user\Application Data\Sun
2009-11-07 22:18:20 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-07 14:02:07 ----D---- C:\Documents and Settings\user\Application Data\AVG8
2009-11-07 10:33:04 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-06 21:00:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-06 21:00:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-06 20:33:14 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-11-24 07:47:34 ----SD---- C:\WINDOWS\Tasks
2009-11-24 07:45:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-23 17:43:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-23 17:21:42 ----D---- C:\WINDOWS\system32\drivers
2009-11-23 17:21:41 ----D---- C:\WINDOWS
2009-11-23 17:17:35 ----A---- C:\WINDOWS\system.ini
2009-11-23 17:16:11 ----D---- C:\WINDOWS\system32\config
2009-11-23 17:14:35 ----D---- C:\WINDOWS\system32
2009-11-23 17:14:35 ----D---- C:\WINDOWS\AppPatch
2009-11-23 17:14:35 ----D---- C:\Program Files\Common Files
2009-11-21 14:01:01 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-21 14:00:59 ----SHD---- C:\WINDOWS\Installer
2009-11-21 12:57:17 ----RD---- C:\Program Files
2009-11-21 12:53:20 ----D---- C:\WINDOWS\Minidump
2009-11-20 17:03:58 ----SHD---- C:\System Volume Information
2009-11-20 16:52:39 ----D---- C:\WINDOWS\repair
2009-11-20 16:52:36 ----D---- C:\WINDOWS\Registration
2009-11-20 16:50:32 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-11-18 08:09:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-18 07:28:49 ----D---- C:\WINDOWS\system32\wins
2009-11-18 07:00:23 ----RASH---- C:\boot.ini
2009-11-18 06:42:48 ----HD---- C:\WINDOWS\inf
2009-11-12 13:27:55 ----D---- C:\WINDOWS\Help
2009-11-09 14:45:26 ----D---- C:\WINDOWS\Debug
2009-11-09 14:41:42 ----D---- C:\WINDOWS\security
2009-11-09 14:40:59 ----A---- C:\WINDOWS\imsins.BAK
2009-11-09 14:40:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-09 14:28:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-09 14:25:55 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-09 14:24:57 ----A---- C:\WINDOWS\setuplog.txt
2009-11-09 14:24:04 ----D---- C:\WINDOWS\system32\wbem
2009-11-09 14:24:03 ----RSD---- C:\WINDOWS\Fonts
2009-11-09 14:22:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-09 14:20:21 ----A---- C:\WINDOWS\win.ini
2009-11-09 14:19:57 ----D---- C:\WINDOWS\system32\Setup
2009-11-09 14:19:57 ----D---- C:\WINDOWS\system32\oobe
2009-11-09 14:19:57 ----D---- C:\Program Files\Common Files\System
2009-11-09 14:19:56 ----D---- C:\WINDOWS\system32\mui
2009-11-09 14:19:56 ----D---- C:\WINDOWS\ime
2009-11-09 14:19:49 ----D---- C:\Program Files\Windows Media Player
2009-11-09 14:19:48 ----D---- C:\WINDOWS\PeerNet
2009-11-09 14:19:48 ----D---- C:\Program Files\Movie Maker
2009-11-09 14:19:47 ----D---- C:\WINDOWS\Media
2009-11-09 14:18:23 ----D---- C:\Program Files\Internet Explorer
2009-11-09 14:18:22 ----D---- C:\WINDOWS\system32\Restore
2009-11-09 14:18:22 ----D---- C:\WINDOWS\system32\npp
2009-11-09 14:18:22 ----D---- C:\WINDOWS\msagent
2009-11-09 14:18:20 ----D---- C:\WINDOWS\srchasst
2009-11-09 14:18:18 ----D---- C:\Program Files\NetMeeting
2009-11-09 14:18:17 ----D---- C:\WINDOWS\system32\Com
2009-11-09 14:18:14 ----D---- C:\Program Files\Windows NT
2009-11-09 14:18:14 ----D---- C:\Program Files\Outlook Express
2009-11-09 14:18:02 ----D---- C:\WINDOWS\system32\usmt
2009-11-09 14:18:01 ----D---- C:\WINDOWS\system
2009-11-09 14:17:08 ----RD---- C:\WINDOWS\Web
2009-11-09 14:17:00 ----RASH---- C:\NTDETECT.COM
2009-11-09 14:16:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-09 14:15:30 ----D---- C:\WINDOWS\EHome
2009-11-07 22:18:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-06 21:11:25 ----D---- C:\Program Files\ESET
2009-11-06 20:33:24 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2004-11-10 94976]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2005-12-12 1124097]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2004-11-10 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2004-11-10 12928]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 jwgvxnhg;jwgvxnhg; \??\C:\WINDOWS\system32\drivers\jwgvxnhg.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 SABKUTIL;SABKUTIL; \??\C:\Documents and Settings\user\Desktop\SABKUTIL.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT2500.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 app_filter;app_filter; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-11-20 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-10-30 20543]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-11-20 110653]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-11-20 53313]
R2 PC FineTune Task Manager;PC FineTune Task Manager; C:\PROGRA~1\EARTHL~2\PCFINE~1\MXTask.exe [2008-11-14 120088]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

-----------------EOF-----------------

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
jwgvxnhg
File::
c:\windows\system32\drivers\jwgvxnhg.sys

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• Make sure that the option Remove found threats is UNchecked.
  
• Click Scan
  
• Wait for the scan to finish
  
• Post back the report and above mentioned ComboFix resultant log. How's the system running?

I followed your directions and here are the resultant log:

PS. I did not allow ComboFix to update.

Eset log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\UACuboxjkvrns.dll.vir Win32/Olmarik.JQ trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACnqtirprqxf.sys.vir Win32/Olmarik.JQ trojan
C:\System Volume Information\_restore{075D2CAA-A840-4D76-8511-4E00BD7D2DF9}\RP62\A0023445.dll Win32/Olmarik.JQ trojan

CF log:

ComboFix 09-11-22.02 - user 11/24/2009 10:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.665 [GMT -6:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

FILE ::
"c:\windows\system32\drivers\jwgvxnhg.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_jwgvxnhg


((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-23 01:39 . 2009-11-23 01:39 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2009-11-21 20:07 . 2009-11-21 20:07 5941731 ----a-w- C:\Combo-Fix.zip
2009-11-21 19:14 . 2009-11-21 19:14 -------- d-----w- C:\8adb8fefd5dcc7ce8c68f0
2009-11-21 18:57 . 2009-11-21 18:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-21 18:57 . 2009-11-21 20:01 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-11-21 18:57 . 2009-11-21 20:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-20 22:50 . 2009-11-23 01:30 -------- d-----w- c:\windows\system32\NtmsData
2009-11-18 13:18 . 2009-11-18 13:18 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-11-18 11:56 . 2004-11-03 20:58 86144 ----a-r- c:\windows\system32\drivers\nvatabus_2.sys
2009-11-12 19:27 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-12 19:27 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-10 00:36 . 2009-11-24 13:51 -------- d-----w- c:\program files\trend micro
2009-11-10 00:36 . 2009-11-10 00:37 -------- d-----w- C:\rsit
2009-11-09 20:41 . 2009-11-09 20:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-11-09 20:32 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-09 20:29 . 2009-11-09 20:29 20072 ------w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-09 20:29 . 2009-11-09 20:29 -------- d-----w- c:\program files\Windows Defender
2009-11-09 20:17 . 2004-08-04 06:56 2897920 ------w- c:\windows\system32\xpsp2res.dll
2009-11-08 04:18 . 2009-11-08 04:44 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-07 20:02 . 2009-11-07 20:02 -------- d-----w- c:\documents and settings\user\Application Data\AVG8
2009-11-07 03:00 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 03:00 . 2009-11-08 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 03:00 . 2009-11-07 03:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-07 03:00 . 2009-09-10 20:53 18520 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 02:22 . 2001-08-18 04:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-07 02:21 . 2001-08-18 04:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-07 02:20 . 2001-08-17 18:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-11-07 02:19 . 2001-08-17 19:28 634134 -c--a-w- c:\windows\system32\dllcache\el656ct5.sys
2009-11-07 02:19 . 2001-08-17 19:28 241206 -c--a-w- c:\windows\system32\dllcache\el656se5.sys
2009-11-07 02:19 . 2001-08-17 18:11 77386 -c--a-w- c:\windows\system32\dllcache\el656nd5.sys
2009-11-07 02:19 . 2001-08-17 18:11 69194 -c--a-w- c:\windows\system32\dllcache\el656cd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 69692 -c--a-w- c:\windows\system32\dllcache\el575nd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 26141 -c--a-w- c:\windows\system32\dllcache\el589nd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 55999 -c--a-w- c:\windows\system32\dllcache\el556nd5.sys
2009-11-07 02:19 . 2001-08-17 18:10 24653 -c--a-w- c:\windows\system32\dllcache\el574nd4.sys
2009-11-07 02:19 . 2001-08-17 18:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2009-11-07 02:19 . 2001-08-17 18:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 20:01 . 2009-07-24 06:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-09 20:21 . 2009-07-15 19:31 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-07 16:16 . 2009-07-24 07:05 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\EarthLink
2009-11-07 16:03 . 2009-11-07 02:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\EarthLink
2009-11-07 03:11 . 2007-06-21 16:15 -------- d-----w- c:\program files\ESET
2009-10-12 18:32 . 2009-07-20 14:39 -------- d-----w- c:\documents and settings\user\Application Data\MSN6
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2004-11-20 266240]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-12-12 88204]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 app_filter;app_filter;c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [11/20/2004 5:01 AM 139264]
R2 PC FineTune Task Manager;PC FineTune Task Manager;c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe -Service --> c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe -Service [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 SABKUTIL;SABKUTIL;\??\c:\documents and settings\user\Desktop\SABKUTIL.sys --> c:\documents and settings\user\Desktop\SABKUTIL.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-11-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: EarthLink Google Search - c:\program files\EarthLink\Toolbar\SearchUI.dll/search.html
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-24 10:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:eb,9a,45,b4,3f,41,43,01,85,ee,3a,44
"LastWPAEventLogged"=hex:d9,07,07,00,03,00,0f,00,13,00,24,00,2a,00,fd,02
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\progra~1\EARTHL~2\PCFINE~1\MXTask.exe
c:\progra~1\EARTHL~2\PCFINE~1\mxtask2.exe
c:\windows\system32\wscntfy.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-11-24 10:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 16:42
ComboFix2.txt 2009-11-23 23:21

Pre-Run: 40,129,925,120 bytes free
Post-Run: 40,105,418,752 bytes free

- - End Of File - - B9D731B0D3A1D46EA7C0642BA17E7D9A

Good. Those ESET findings will be removed when ComboFix is uninstalled and system restore resetted. Instructions for those are below. You may follow them unless there're still some issues left


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
  
• Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

• Double-click OTC.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
    
  • In a very basic sense, they are used to locate webpages.
    
  • We can customize a hosts file so that it blocks certain webpages.
    
  • However, it can slow down certain computers.
    
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  
  
  • Click the start button (at the lower left hand corner of your screen)
    
  • Click run
    
  • In the dialog box, type services.msc
    
  • hit enter, then locate dns client
    
  • Highlight it, then double-click it.
    
  • On the dropdown box, change the setting from automatic to manual.
    
  • Click ok

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

The computer runs fine with the exception of on every boot the error "Windows Registry Recovery' "One of the files containing the system’s registry had to be recovered by use of a log or alternate copy. The recovery was successful." Afdter I click the OK button the OS runs fines.

Do you have any ideas or suggestions?