Infection: Cannot download ComboFix

[jesusknight]

It appears that my machine has caught an infection, and I am having difficulty cleaning it.  This bug appears to be blocking my attempts to download ComboFix from the three known mirrors for the download.  On the first attempt, my anti-virus pops up and deletes the ComboFix download, calling it "WIN32/SillyDl.PRR".  On subsequent attempts, Firefox says that it cannot make the connection to the website. 

Attached are my logs from SAS, MBAM, and HJT.

Any help you can provide would be rather... um... helpful

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/28/2009 at 04:17 AM

Application Version : 4.32.1000

Core Rules Database Version : 4415
Trace Rules Database Version: 2243

Scan type       : Complete Scan
Total Scan Time : 00:41:11

Memory items scanned      : 438
Memory threats detected   : 0
Registry items scanned    : 6080
Registry threats detected : 0
File items scanned        : 65680
File threats detected     : 2

Trojan.Agent/Gen-PEC
   C:\WINDOWS\PEV.EXE

Adware.CouponBar
   C:\WINDOWS\SYSTEM32\CPNPRT2.CID


Malwarebytes' Anti-Malware 1.42
Database version: 3443
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 2:40:02 AM
mbam-log-2009-12-28 (02-40-02).txt

Scan type: Quick Scan
Objects scanned: 121351
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\notepad (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.VICTOR\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\notepad.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.VICTOR\Local Settings\temp\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.VICTOR\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.VICTOR\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.VICTOR\Local Settings\temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:04 AM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1645522239-73586283-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 5741 bytes


[Saving space, attachment deleted by admin]

[Allan]

Download on a different system and transfer to yours.

[jesusknight]

Downloaded ComboFix on my laptop and emailed it to myself.  I was able to get it to run; however, I still believe I have a problem.  I still can't download ComboFix on the infected computer.  Included is the output from my combofix run.

ComboFix 09-12-27.02 - Owner 12/28/2009  12:58:35.6.2 - x86
Running from: c:\documents and settings\Owner.VICTOR\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.

(((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-28  )))))))))))))))))))))))))))))))
.

2009-12-28 08:29 . 2009-12-28 08:29   --------   d-----w-   c:\program files\CCleaner
2009-12-28 08:04 . 2009-12-28 08:04   52224   ----a-w-   c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 08:04 . 2009-12-28 08:04   117760   ----a-w-   c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 08:04 . 2009-12-28 08:04   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-28 08:04 . 2009-12-28 08:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-12-28 08:04 . 2009-12-28 08:04   --------   d-----w-   c:\documents and settings\Owner.VICTOR\Application Data\SUPERAntiSpyware.com
2009-12-28 08:03 . 2009-12-28 08:03   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-12-28 07:57 . 2009-12-28 08:02   152576   ----a-w-   c:\documents and settings\Owner.VICTOR\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-28 07:35 . 2009-12-28 07:35   --------   d-----w-   c:\documents and settings\Owner.VICTOR\Application Data\Malwarebytes
2009-12-28 07:35 . 2009-12-03 21:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 07:35 . 2009-12-28 07:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-28 07:35 . 2009-12-28 07:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-12-28 07:35 . 2009-12-03 21:13   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-12-28 06:42 . 2009-12-28 06:42   --------   d--h--w-   c:\windows\PIF
2009-12-28 03:31 . 2009-12-28 08:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-28 03:31 . 2009-12-28 03:35   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-12-16 04:09 . 2009-12-16 04:09   4096   ----a-w-   c:\windows\d3dx.dat
2009-12-16 04:09 . 2009-12-16 04:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\Digital Praise
2009-12-16 04:03 . 2009-12-16 04:03   --------   d-----w-   c:\program files\Digital Praise

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 08:03 . 2009-05-04 00:34   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-28 08:02 . 2009-11-28 00:01   79488   ----a-w-   c:\documents and settings\Owner.VICTOR\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-28 07:58 . 2009-05-04 00:34   --------   d-----w-   c:\program files\Java
2009-12-28 06:03 . 2008-12-26 22:59   --------   d-----w-   c:\documents and settings\Owner.VICTOR\Application Data\uTorrent
2009-12-23 22:17 . 2008-12-08 04:23   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-11-28 00:01 . 2009-03-04 03:08   111856   ----a-w-   c:\windows\system32\isafprod.dll
2009-11-25 03:53 . 2009-11-25 03:50   --------   d-----w-   c:\program files\Wings Over Europe
2009-11-23 00:09 . 2008-12-09 03:26   --------   d-----w-   c:\program files\Sierra
2009-11-22 23:49 . 2009-11-22 23:49   --------   d-----w-   c:\documents and settings\Owner.VICTOR\Application Data\Command & Conquer 3 Tiberium Wars
2009-11-13 02:36 . 2009-11-13 02:25   --------   d-----w-   c:\documents and settings\Owner.VICTOR\Application Data\Juniper Networks
2009-11-13 02:25 . 2009-11-13 02:25   37021   ----a-w-   c:\documents and settings\Owner.VICTOR\Application Data\Juniper Networks\setup\uninstall.exe
2009-11-13 02:25 . 2009-11-13 02:25   --------   d-----w-   c:\documents and settings\All Users\Application Data\Juniper Networks
2009-11-08 03:56 . 2009-11-08 03:56   --------   d-----w-   c:\program files\Hasbro Interactive
2009-10-29 17:09 . 2009-03-04 03:08   739696   ----a-w-   c:\windows\system32\drivers\vetefile.sys
2009-10-29 17:09 . 2009-03-04 03:08   26352   ----a-w-   c:\windows\system32\drivers\vet-filt.sys
2009-10-29 17:09 . 2009-03-04 03:08   21488   ----a-w-   c:\windows\system32\drivers\vetfddnt.sys
2009-10-29 17:09 . 2009-03-04 03:08   21104   ----a-w-   c:\windows\system32\drivers\vet-rec.sys
2009-10-29 17:09 . 2009-03-04 03:08   161008   ----a-w-   c:\windows\system32\drivers\vetmonnt.sys
2009-10-29 17:09 . 2009-03-04 03:08   133520   ----a-w-   c:\windows\system32\drivers\veteboot.sys
2009-10-29 07:45 . 2006-02-28 12:00   916480   ------w-   c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00   25088   ----a-w-   c:\windows\system32\httpapi.dll
2009-10-20 21:49 . 2009-03-24 02:26   68648   ----a-w-   c:\documents and settings\Owner.VICTOR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 16:20 . 2006-02-28 12:00   265728   ----a-w-   c:\windows\system32\drivers\http.sys
2009-10-13 12:45 . 2009-03-31 23:02   1541416   ----a-w-   c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll
2009-10-13 10:30 . 2006-02-28 12:00   270336   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-02-28 12:00   149504   ----a-w-   c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-02-28 12:00   79872   ----a-w-   c:\windows\system32\raschap.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2009-11-11 374000]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-11-28 271600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"CAPPActiveProtection"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe" [2009-02-15 324848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-28 149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 20:46   79368   ----a-w-   c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S0 KmxStart;KmxStart;c:\windows\System32\DRIVERS\kmxstart.sys [2009-01-05 107512]
S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys [2008-11-18 72696]
S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-11-11 128240]
S3 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys [2008-12-12 205304]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-02-15 222448]

.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
LSP: c:\windows\system32\VetRedir.dll
FF - ProfilePath - c:\documents and settings\Owner.VICTOR\Application Data\Mozilla\Firefox\Profiles\3fwv3dha.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 13:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1645522239-73586283-725345543-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:85,f6,c4,aa,69,14,e7,25,b1,86,3b,13,3e,ee,37,b0,03,da,26,24,67,6e,62,
   7f,7a,e2,e1,fa,86,e8,9e,d7,43,b6,24,de,1d,78,ec,e7,da,21,5e,cb,be,58,45,8a,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1645522239-73586283-725345543-1006\Software\SecuROM\License information*]
"datasecu"=hex:cf,87,57,42,04,39,5c,cb,64,97,27,d9,b7,9e,e3,28,ec,cf,09,18,cb,
   f3,45,62,90,ed,01,17,38,61,26,88,12,ed,b1,b4,29,b2,1b,4e,93,6b,85,8f,85,97,\
"rkeysecu"=hex:14,53,cf,21,8e,0b,7b,e8,17,15,a9,b0,01,ce,5b,49
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1404)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1724)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\WININET.dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-28  13:01:41
ComboFix-quarantined-files.txt  2009-12-28 18:01
ComboFix2.txt  2009-12-28 17:52
ComboFix3.txt  2009-07-09 02:53

Pre-Run: 243,469,676,544 bytes free
Post-Run: 243,459,395,584 bytes free

- - End Of File - - FD521EC8A7D771D97A384333ED61C98F

[SuperDave]

Hi. Sorry for the delay. I'm waiting to check over your logs with my mentor. I hope this is not too much of a bother for you.

[chsien]

where can i find the installation code because my keygen wont load?

[Two-eyes]

Install code for what? Combofix is free and does not need a key. Also, we do not approve the use of software such as keygens in this forum, so you won't find any help about THAT here.

[SuperDave]

Hello jesusknight. I hope that you're not tired of waiting. I'm still working on your problem and I will post a fix for you ASAP.

[SuperDave]

I'm back. Sorry for the delay. I noticed in your HJT log that you are running a P2P file-sharing program ( uTorrent) on your computer. While the program itself is probably safe, the files you download with this program are a major source of infections. Therefore, I strongly urge you to uninstall it.

Please delete ComboFix from your desktop and install a new version.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

[/COLOR]Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
c:\windows\d3dx.dat
c:\documents and settings\Owner.VICTOR\Local Settings\Application Data\GDIPFONTCACHEV1.DAT


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze