Unable to install MalwareBytes (HiJackThis file included)

[RGF324]

I am getting popups frequently (newlive Job reports and meet local singles) and am not able to run malwarebytes. (mbam.exe missing). I also got a full screen "IE web page" that says My Computer Online Scan with a fake message that says "Your computer is strongly infected by viruses! It can cause data loss and file damages and need to be cured as soon as possible."

I thought I had malwarebytes installed (it may have been deleted), but when I did not see it, I tried to install again. It appears to install fine, but at the end I get an error message and it says it

*******

Unable toeExecute file: C:\program Files\Malwarebytes'Anti-Malware\mbam.exe

CreateProcess failed; code 2.

The system cannot find the file specified.

********

I hit OK and it repeats the error message. Following is the HiJackThis file:

('m new at this - is the preferred method including the HiJack This file in body of the note or attaching. I attempted to upload, but got an error message.)

Any assistance would be appreciated. Thanks.

***********

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:41:16 PM, on 10/26/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LxrJD31s.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\DOCUME~1\KANDIR~1\LOCALS~1\Temp\clclean.0001

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\Program Files\iTunes7\iTunesHelper.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\Creative\VoiceCenter\AndreaVC.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Electronic Arts\EADM\Core.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_director.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MM_TDM~1.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/redir....ystempopup=true

F2 - REG:system.ini: Shell=Explorer.exe logon.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll

O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes7\iTunesHelper.exe"

O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sekezilaz] Rundll32.exe "c:\windows\system32\bunahotu.dll",a

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-21-3920435409-4027806831-286673669-1007\..\Run: [setDefaultMIDI] MIDIDef.exe (User 'Travis')

O4 - HKUS\S-1-5-21-3920435409-4027806831-286673669-1007\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R (User 'Travis')

O4 - HKUS\S-1-5-21-3920435409-4027806831-286673669-1007\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB (User 'Travis')

O4 - HKUS\S-1-5-21-3920435409-4027806831-286673669-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Travis')

O4 - HKUS\S-1-5-21-3920435409-4027806831-286673669-1007\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (User 'Travis')

O4 - HKUS\S-1-5-21-3920435409-4027806831-286673669-500\..\Run: [setDefaultMIDI] MIDIDef.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nElkx4th6 (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll

O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} (AeXNSConsoleContextHelp Class) - https://webconnect.fitsvcs.com/Altiris/NS/N...isNSConsole.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} (ComponentOne FlexGrid 8.0 (UNICODE Light)) - https://webconnect.fitsvcs.com/Altiris/NS/N...v7B+VSFlex8.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - https://v4.windowsupdate.microsoft.com/CAB/...39921.552349537

O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.fitsvcs.com/dana-cached/setu...perSetupSP1.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: govuyoni.dll c:\windows\system32\bunahotu.dll

O21 - SSODL: jayobeyov - {58798c38-f0ba-4120-aa6a-376b43613b6c} - c:\windows\system32\bunahotu.dll

O22 - SharedTaskScheduler: tokatiluy - {58798c38-f0ba-4120-aa6a-376b43613b6c} - c:\windows\system32\bunahotu.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--

End of file - 17886 bytes

[RGF324]

Note that I am running McAfee and it initially indicated that I had no problems. I ran again later in the day, and it showed a couple of risks, but stated it cleaned them and all was OK.

[RGF324]

I noticed some of the other posts were requesting running Combofix, so I went ahead and did that:

Is there anything else I should be doing? Thanks.

************

ComboFix 09-10-26.03 - KandiRandy 10/26/2009 22:41.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2419 [GMT -5:00]

Running from: c:\documents and settings\KandiRandy\Desktop\Tools\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\KANDIR~1\LOCALS~1\Temp\clclean.0001.dir.0007\~df394b.tmp

c:\documents and settings\KandiRandy\Application Data\alot

c:\documents and settings\KandiRandy\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\KandiRandy\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\KandiRandy\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\configurator\configurator.xml

c:\documents and settings\KandiRandy\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\KandiRandy\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\KandiRandy\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\KandiRandy\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\products\products.xml

c:\documents and settings\KandiRandy\Application Data\alot\products\products.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\KandiRandy\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_image_search.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_news_search.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_shop_search.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_videos_search.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_1\images\alot_web_search.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_2\images\2398_icon.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_2\images\2398_icon.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_3\images\2402_icon.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_4\images\1200_icon.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_5\images\2852_icon.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_6\images\default_1379_alot_cas_playgames.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_6\images\default_1379_alot_cas_playgames.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Button_7\images\2817_icon.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\alot_configure.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\alot_configure.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\intro_popup.png

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\KandiRandy\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\KandiRandy\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\KandiRandy\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\toolbar.xml

c:\documents and settings\KandiRandy\Application Data\alot\toolbar.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml

c:\documents and settings\KandiRandy\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\KandiRandy\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup

c:\documents and settings\KandiRandy\Application Data\alot\Updater\Updater.xml

c:\documents and settings\KandiRandy\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\KandiRandy\Local Settings\Temp\clclean.0001.dir.0007\~df394b.tmp

c:\program files\alot

c:\program files\alot\alotUninst.exe

c:\program files\alot\bin\alot.dll

c:\program files\PlaySushi\PSTExt.dll

c:\windows\kb913800.exe

c:\windows\system32\bunahotu.dll

c:\windows\system32\busekuja.dll

c:\windows\system32\Data

c:\windows\system32\degipeme.dll

c:\windows\system32\gipekuya.dll

c:\windows\system32\gosezona.dll

c:\windows\system32\govuyoni.dll.tmp

c:\windows\system32\jojubasa.dll.tmp

c:\windows\system32\logon.exe

c:\windows\system32\lutirada.dll

c:\windows\system32\tedegeru.dll

c:\windows\system32\valafuwe.dll

c:\windows\system32\venijija.dll.tmp

c:\windows\system32\vodesome.dll

c:\windows\system32\yonevena.dll

c:\windows\system32\zotalobe.dll

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.

((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 )))))))))))))))))))))))))))))))

.

2009-10-27 03:50 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe

2009-10-27 03:50 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe

2009-10-26 18:49 . 2009-10-26 18:49 0 ----a-w- c:\documents and settings\KandiRandy\settings.dat

2009-10-03 07:18 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 23:24 . 2009-10-02 23:24 -------- d-----w- c:\program files\City Interactive

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-27 03:57 . 2009-04-18 20:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-10-27 03:49 . 2009-09-14 01:27 -------- d-----w- c:\program files\PlaySushi

2009-10-26 22:05 . 2006-01-29 23:28 -------- d-----w- c:\program files\Dl_cats

2009-10-26 21:11 . 2009-08-22 03:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-22 11:12 . 2009-04-19 22:27 -------- d-----w- c:\program files\McAfee

2009-10-18 05:12 . 2009-06-29 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-10-12 16:23 . 2009-04-14 13:34 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-09-23 22:15 . 2009-09-23 22:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI

2009-09-16 15:22 . 2009-04-14 13:13 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-09-16 15:22 . 2009-04-14 13:13 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2009-09-16 15:22 . 2009-04-14 13:13 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-09-16 15:22 . 2009-04-14 13:13 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-09-16 15:22 . 2009-04-14 13:13 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2009-09-13 22:13 . 2009-04-21 01:33 121648 ----a-w- c:\documents and settings\Travis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-10 19:54 . 2009-08-22 03:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 19:53 . 2009-08-22 03:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 16:14 . 2007-03-12 11:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-08-29 07:36 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll

2009-08-29 07:36 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-29 07:36 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll

2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-23 12:11 . 2006-01-22 20:44 121648 ----a-w- c:\documents and settings\KandiRandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-07 00:24 . 2005-08-16 10:40 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-07 00:24 . 2005-08-16 10:40 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-07 00:24 . 2005-08-16 10:40 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-07 00:24 . 2005-08-16 10:40 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-07 00:24 . 2005-08-16 10:18 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-07 00:23 . 2005-08-16 10:40 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-07 00:23 . 2006-01-22 20:18 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-07 00:23 . 2005-08-16 10:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-07 00:23 . 2005-05-26 10:19 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 15:13 . 2005-08-16 10:18 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2004-08-04 04:59 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-07-29 04:37 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-07-29 04:37 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll

2006-06-01 21:15 . 2006-01-22 20:44 56 --sh--r- c:\windows\system32\41CEEBB033.sys

2009-07-26 23:23 . 2009-07-26 23:23 52224 --sha-w- c:\windows\system32\johabuji.dll

2006-06-01 21:15 . 2006-01-22 20:44 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-07-26 23:24 . 2009-07-26 23:24 52224 --sha-w- c:\windows\system32\wutizipi.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8704d89e-ee4e-4146-967a-6dcd32b0f03c}]

2009-07-26 23:24 52224 --sha-w- c:\windows\system32\wutizipi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-12 26112]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 8192]

"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]

"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 228088]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]

"iTunesHelper"="c:\program files\iTunes7\iTunesHelper.exe" [2008-07-30 289064]

"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 1159168]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

c:\documents and settings\KandiRandy\Start Menu\Programs\Startup\

PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-6-28 333088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-12 24576]

TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-5-23 278528]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]

backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gusvc"=3 (0x3)

"Bonjour Service"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"0076781218896209mcinstcleanup"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\WINDOWS\\system32\\dlcccoms.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlccPSWX.EXE"=

"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes7\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=

"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=

"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\EA GAMES\\Mercenaries 2 World in Flames\\Mercenaries2.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe"=

"c:\\WINDOWS\\system32\\dwwin.exe"=

"c:\\WINDOWS\\system32\\verclsid.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/19/2009 5:31 PM 203280]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-04-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-19 17:22]

2009-04-14 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-19 17:22]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://my.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/redir.asp?affid=105-58&installtype=force&dtag=3kqz591&systempopup=true

uInternet Settings,ProxyOverride = 127.0.0.1;localhost

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nElkx4th6

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: microsoft.com\support

Trusted Zone: microsoft.com\v4.windowsupdate

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: windowsupdate.com\download

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab

DPF: {51BB7DFD-A6F5-4FAC-B8C9-E71CF84D082C} - hxxps://webconnect.fitsvcs.com/Altiris/NS/NSCap/Bin/Win32/x86/,DanaInfo=.aa2yliAv7B+AltirisNSConsole.cab

DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} - hxxps://webconnect.fitsvcs.com/Altiris/NS/NSCap/Bin/Win32/X86/,DanaInfo=.aa2yliAv7B+VSFlex8.cab

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-sekezilaz - c:\windows\system32\zotalobe.dll

HKLM-Run-wedefajude - valafuwe.dll

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

SharedTaskScheduler-{0ec8d216-9de7-411f-b2cf-c05757290691} - c:\windows\system32\zotalobe.dll

SSODL-sojigumop-{0ec8d216-9de7-411f-b2cf-c05757290691} - c:\windows\system32\zotalobe.dll

AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-26 22:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3920435409-4027806831-286673669-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:0c,2d,7d,45,73,2f,f3,3d,0b,be,33,7c,71,e5,a1,d6,a5,5d,49,15,5d,02,b8,

44,90,fd,75,11,25,be,aa,b4,19,48,74,86,8c,8a,68,e3,d9,e4,4c,69,d7,79,98,6f,\

"??"=hex:ae,58,fa,e2,b0,e3,e0,d7,1d,fd,b5,34,b1,7e,bc,c1

[HKEY_USERS\S-1-5-21-3920435409-4027806831-286673669-1005\Software\SecuROM\License information*]

"datasecu"=hex:81,df,a2,ab,21,29,92,56,b6,9e,51,42,c6,f2,08,45,f7,15,33,31,b5,

91,bc,0a,a7,1c,5e,9c,2d,50,4f,a5,33,45,9e,b3,0f,05,a9,2d,db,87,78,d6,52,63,\

"rkeysecu"=hex:81,41,89,0d,98,20,c0,26,56,13,a4,88,42,54,0f,f7

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5724)

c:\windows\system32\WININET.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\CTsvcCDA.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\McAfee\MPF\MPFSrv.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\combofix\CF17256.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\Rundll32.exe

c:\docume~1\KANDIR~1\LOCALS~1\Temp\clclean.0001

c:\progra~1\MUSICM~1\MUSICM~3\MMDiag.exe

c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\dlcccoms.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Java\jre6\bin\jucheck.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

c:\combofix\PEV.cfxxe

.

**************************************************************************

.

Completion time: 2009-10-27 23:16 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-27 04:16

Pre-Run: 70,886,449,152 bytes free

Post-Run: 71,700,987,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - F39387E72C6DF088E367367B01513420