Please ananyze this Hijackthis

[Puddle Jumper]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:16 AM, on 5/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5B087F63-41FB-471C-B23E-A4CC41A3B742} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [ccube_Cleanup] "C:\DOCUME~1\Wright\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKLM\..\RunOnce: [ccube_Uninstall_Lock] "C:\DOCUME~1\Wright\LOCALS~1\Temp\cazz_001.exe" /null
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O20 - Winlogon Notify: ddabc - C:\WINDOWS\System32\ddabc.dll (file missing)
O20 - Winlogon Notify: mlljg - C:\WINDOWS\System32\mlljg.dll (file missing)
O20 - Winlogon Notify: ssttr - C:\WINDOWS\System32\ssttr.dll (file missing)
O20 - Winlogon Notify: vturq - C:\WINDOWS\System32\vturq.dll (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5369 bytes

 

[Osiris]

I need you to run combofix and then malwarebytes and post their logs, I see some nasties but not sure if they are active or not.

 

[Puddle Jumper]

Thanks for looking over the log Osiris. Here are the additional logs you requested.

Combofix Log

ComboFix 10-05-16.02 - Wright 05/17/2010  13:15:54.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.503.88 [GMT -4:00]
Running from: c:\documents and settings\Wright\Desktop\Temp\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\amoahkju.ini
c:\windows\system32\anvtatiy.ini
c:\windows\system32\bacrqgoi.ini
c:\windows\system32\banaqwnn.ini
c:\windows\system32\bggeteey.ini
c:\windows\system32\blfvanja.ini
c:\windows\system32\bpimjdyo.ini
c:\windows\system32\cbadd.bak1
c:\windows\system32\cbadd.ini
c:\windows\system32\chlpwvrq.ini
c:\windows\system32\ctkvunpe.ini
c:\windows\system32\cwyecxck.ini
c:\windows\system32\dabpeyls.ini
c:\windows\system32\dpadiwxk.ini
c:\windows\system32\dryacfgy.ini
c:\windows\system32\eefuicih.ini
c:\windows\system32\ekjgnwbr.ini
c:\windows\system32\ellrmqut.ini
c:\windows\system32\ervruajm.ini
c:\windows\system32\fewepejg.ini
c:\windows\system32\fqnggjbn.ini
c:\windows\system32\frxhckxe.ini
c:\windows\system32\fsspffju.ini
c:\windows\system32\fufxvrni.ini
c:\windows\system32\fuyfrsya.ini
c:\windows\system32\gcxlyefj.ini
c:\windows\system32\gjllm.bak1
c:\windows\system32\gjllm.ini
c:\windows\system32\hesxovqw.ini
c:\windows\system32\hfjiepyi.ini
c:\windows\system32\hmsuwfgh.ini
c:\windows\system32\hrwnvglp.ini
c:\windows\system32\huvmfxac.ini
c:\windows\system32\ieiievlx.ini
c:\windows\system32\iyyxqtff.ini
c:\windows\system32\jjxduept.ini
c:\windows\system32\jlwxgele.ini
c:\windows\system32\jppgnvuj.ini
c:\windows\system32\kokpeter.ini
c:\windows\system32\kyodmhsc.ini
c:\windows\system32\lhkhruff.ini
c:\windows\system32\lwdvnuyk.ini
c:\windows\system32\mdhumptn.ini
c:\windows\system32\mfoclwyf.ini
c:\windows\system32\mjejdulv.ini
c:\windows\system32\mlkafhwb.ini
c:\windows\system32\mmmlxwrp.ini
c:\windows\system32\ngfdperf.ini
c:\windows\system32\nkfmjblb.ini
c:\windows\system32\nldajsvv.ini
c:\windows\system32\nmakskbp.ini
c:\windows\system32\nmjlofnk.ini
c:\windows\system32\oapfooof.ini
c:\windows\system32\obunoqiq.ini
c:\windows\system32\onnmp.ini2
c:\windows\system32\onnmp.tmp
c:\windows\system32\pnaeleio.ini
c:\windows\system32\pqsidhqh.ini
c:\windows\system32\prmdehyy.ini
c:\windows\system32\prscisaj.ini
c:\windows\system32\qcnpjhqf.ini
c:\windows\system32\qgoytwgd.ini
c:\windows\system32\qpnjmurv.ini
c:\windows\system32\qqnllsgs.ini
c:\windows\system32\qrutv.bak1
c:\windows\system32\qrutv.bak2
c:\windows\system32\qrutv.ini
c:\windows\system32\quwpsari.ini
c:\windows\system32\rbwgmbva.ini
c:\windows\system32\rpobqxme.ini
c:\windows\system32\rttss.bak1
c:\windows\system32\rttss.ini
c:\windows\system32\shwriyfj.ini
c:\windows\system32\silibwlf.ini
c:\windows\system32\sntlqmmj.ini
c:\windows\system32\srkdpfgi.ini
c:\windows\system32\thfegrfr.ini
c:\windows\system32\tvbaynfq.ini
c:\windows\system32\upymbltn.ini
c:\windows\system32\vabfkcdk.ini
c:\windows\system32\vcrhoqpy.ini
c:\windows\system32\vntwqfqr.ini
c:\windows\system32\vpogckhi.ini
c:\windows\system32\wdrjaufs.ini
c:\windows\system32\wjvbkfiu.ini
c:\windows\system32\wxxyrihe.ini
c:\windows\system32\xerpfmsm.ini
c:\windows\system32\xwlhicjt.ini
c:\windows\system32\xyteknyw.ini
c:\windows\system32\ybiiejeq.ini
c:\windows\system32\yebhumvo.ini
c:\windows\system32\ymljdyjn.ini

.
(((((((((((((((((((((((((   Files Created from 2010-04-17 to 2010-05-17  )))))))))))))))))))))))))))))))
.

2010-05-17 16:25 . 2010-05-17 16:25	0	----a-w-	c:\windows\nsreg.dat
2010-05-17 16:25 . 2010-05-17 16:25	--------	d-----w-	c:\documents and settings\Wright\Local Settings\Application Data\Mozilla
2010-05-17 16:01 . 2010-05-17 16:01	--------	d-----w-	c:\program files\Defraggler
2010-05-17 15:42 . 2010-05-17 15:42	--------	d-----w-	c:\program files\Trend Micro
2010-05-17 15:28 . 2010-05-17 15:28	--------	d-----w-	c:\documents and settings\Wright\Application Data\Malwarebytes
2010-05-17 15:28 . 2010-04-29 19:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 15:28 . 2010-05-17 15:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 15:28 . 2010-05-17 15:28	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-17 15:28 . 2010-04-29 19:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-17 15:08 . 2010-05-06 14:36	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-17 14:54 . 2010-05-17 14:55	--------	d-----w-	c:\program files\CCleaner
2010-05-17 14:52 . 2010-05-17 14:52	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-05-17 14:50 . 2009-08-06 23:23	274288	----a-w-	c:\windows\system32\mucltui.dll
2010-05-17 14:50 . 2009-08-06 23:23	215920	----a-w-	c:\windows\system32\muweb.dll
2010-05-03 14:50 . 2010-05-03 14:50	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-01 12:46 . 2010-05-01 12:46	--------	d-----w-	c:\documents and settings\Wright\Local Settings\Application Data\Temp
2010-05-01 02:41 . 2010-05-01 02:41	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-04-30 19:37 . 2010-04-30 19:37	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 17:23 . 2007-04-19 17:43	45152	----a-w-	c:\documents and settings\Wright\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-17 17:11 . 2007-08-19 19:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\CA
2010-05-17 15:48 . 2008-09-05 02:10	--------	d-----w-	c:\program files\Microsoft Works
2010-05-16 19:22 . 2008-09-05 02:15	37418	----a-w-	c:\documents and settings\Wright\Application Data\wklnhst.dat
2010-05-16 16:29 . 2009-12-12 04:48	--------	d-----w-	c:\documents and settings\Wright\Application Data\Smilebox
2010-05-13 18:09 . 2007-09-02 18:00	--------	d-----w-	c:\program files\Al Bunny
2010-05-13 17:33 . 2007-01-16 14:42	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-13 17:33 . 2007-01-16 15:07	--------	d-----w-	c:\program files\IBM
2010-05-13 16:54 . 2007-01-16 15:04	--------	d-----w-	c:\program files\Support.com
2010-05-13 16:54 . 2007-01-16 15:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\IBM
2010-05-13 16:49 . 2007-06-07 17:29	--------	d-----w-	c:\documents and settings\Wright\Application Data\Simple Star
2010-05-01 02:40 . 2007-10-24 23:13	--------	d-----w-	c:\program files\Google
2010-04-06 20:28 . 2009-12-07 09:22	300352	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxTray.exe
2010-03-31 11:14 . 2009-12-07 12:14	410944	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxStarter.exe
2010-03-31 11:14 . 2009-12-07 11:39	169280	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxBrowserEngine.dll
2010-03-31 11:14 . 2009-12-07 09:22	230720	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxDvd.exe
2010-03-31 11:00 . 2010-03-31 11:00	1627456	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxClient.exe
2010-03-31 10:14 . 2010-03-31 10:14	140608	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxUpdater.exe
2010-03-31 10:14 . 2010-03-31 10:14	365888	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxDvdEngine.dll
2010-03-10 06:15 . 2002-02-26 22:58	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2006-06-23 15:33	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 12:31 . 1980-01-01 08:00	454016	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17	952768	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-04 07:56	380416	----a-w-	c:\windows\system32\irprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hot Key Kbd Daemon]
2002-07-02 00:24	40960	----a-w-	c:\windows\system32\SKDAEMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-07-10 12:13	114688	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
2003-09-30 17:05	536576	----a-w-	c:\program files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-07-10 12:25	155648	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2002-03-15 00:46	45056	----a-w-	c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2010-04-06 20:28	300352	----a-w-	c:\documents and settings\Wright\Application Data\Smilebox\SmileboxTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-10-27 14:30	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_Start]
2003-03-17 23:27	32768	----a-w-	c:\ibmtools\Updater\ucstartup.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/30/2010 10:40 PM 135664]
S3 pelps2m;PS/2 Mouse Filter Driver;c:\windows\system32\drivers\pelps2m.sys [1/16/2007 10:57 AM 18048]
.
Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 02:40]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 02:40]

2010-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-05-17 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\Wright\Application Data\Mozilla\Firefox\Profiles\zu16wac5.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{5B087F63-41FB-471C-B23E-A4CC41A3B742} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-ddabc - c:\windows\System32\ddabc.dll
Notify-mlljg - c:\windows\System32\mlljg.dll
Notify-ssttr - c:\windows\System32\ssttr.dll
Notify-vturq - c:\windows\System32\vturq.dll
MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 13:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\windows\TEMP\TMP00000013955DC09646568972 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\ *¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\@*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\d*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\l*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\P*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\t*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\X*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\**¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\¨*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\¼*¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\S
¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2367703271-24249672-4287421927-1005\¬ ¬ 4*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-17  13:31:12 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-17 17:31

Pre-Run: 6,724,362,240 bytes free
Post-Run: 6,586,986,496 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 8A3C7497BB4C979EE3BE564D2724A429

Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4109

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/17/2010 1:08:33 PM
mbam-log-2010-05-17 (13-08-33).txt

Scan type: Full scan (C:\|)
Objects scanned: 182690
Time elapsed: 1 hour(s), 19 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Osiris]

Combofix deleted a TON of files.

I need you to disable system restore

Then run ccleaner and make sure to check all the boxes except the wipe free space and then do the reg cleaner as well.

Then run Cleanup!

Reboot

Then run combofix again and post its log