help again

[evilfantasy]

Was anything removed by the scan?

[germ72]

[evilfantasy]

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[germ72]

ComboFix 08-08-15.04 - GeRm 2008-08-16 18:37:04.4 - NTFSx86
Running from: C:\Documents and Settings\GeRm\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000121_.tmp.dll

.
(((((((((((((((((((((((((   Files Created from 2008-07-16 to 2008-08-16  )))))))))))))))))))))))))))))))
.

2008-08-16 14:27 . 2008-08-16 14:27   <DIR>   d--------   C:\WINDOWS\LastGood
2008-08-16 14:27 . 2008-08-16 15:28   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-08-16 13:34 . 2008-08-16 13:34   <DIR>   d--------   C:\ISeeYouXP
2008-08-16 13:34 . 2005-01-14 02:41   11,254   --a------   C:\WINDOWS\system32\locate.com
2008-08-16 00:39 . 2004-08-04 07:00   2,804,224   --a------   C:\WINDOWS\system32\msi.dll
2008-08-16 00:39 . 2004-08-04 07:00   2,804,224   --a------   C:\WINDOWS\system32\dllcache\msi.dll
2008-08-16 00:39 . 2004-08-04 07:00   884,736   --a------   C:\WINDOWS\system32\msimsg.dll
2008-08-16 00:39 . 2004-08-04 07:00   884,736   --a------   C:\WINDOWS\system32\dllcache\msimsg.dll
2008-08-16 00:39 . 2004-08-04 07:00   331,264   --a------   C:\WINDOWS\system32\msihnd.dll
2008-08-16 00:39 . 2004-08-04 07:00   331,264   --a------   C:\WINDOWS\system32\dllcache\msihnd.dll
2008-08-16 00:39 . 2004-08-04 07:00   77,312   --a------   C:\WINDOWS\system32\msiexec.exe
2008-08-16 00:39 . 2004-08-04 07:00   77,312   --a------   C:\WINDOWS\system32\dllcache\msiexec.exe
2008-08-16 00:39 . 2004-08-04 07:00   44,032   --a------   C:\WINDOWS\system32\msisip.dll
2008-08-16 00:39 . 2004-08-04 07:00   44,032   --a------   C:\WINDOWS\system32\dllcache\msisip.dll
2008-08-15 22:46 . 2001-08-17 13:48   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-15 22:46 . 2001-08-17 13:48   12,160   --a--c---   C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-14 19:15 . 2004-08-04 07:00   68,608   --a------   C:\WINDOWS\system32\plugin.ocx
2008-08-14 19:15 . 2004-08-04 07:00   68,608   --a------   C:\WINDOWS\system32\dllcache\plugin.ocx
2008-08-14 17:05 . 2008-08-14 19:21   360   --a------   C:\WINDOWS\system32\spupdsvc.inf

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 20:00   ---------   d-----w   C:\Program Files\Morpheus
2008-08-16 19:29   ---------   d-----w   C:\Program Files\Java
2008-08-14 21:32   ---------   d-----w   C:\Documents and Settings\GeRm\Application Data\AVGTOOLBAR
2008-08-14 20:07   ---------   d-----w   C:\Program Files\Spybot - Search & Destroy
2008-08-14 20:07   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2008-08-14 20:04   ---------   d-----w   C:\Program Files\iTunes
2008-07-31 02:07   38,472   ----a-w   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-31 02:07   17,144   ----a-w   C:\WINDOWS\system32\drivers\mbam.sys
2006-12-20 20:20   560   -c--a-w   C:\Program Files\Global.sw
2006-06-17 18:05   2   --shatr   C:\WINDOWS\winstart.bat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-08 18:12 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 11:33 1506544]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2005-12-06 23:53 5729136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2005-12-06 23:59 1232152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 20:23 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 10:35 536576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 11:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^GeRm^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\GeRm\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^GeRm^Start Menu^Programs^Startup^lsass.lnk]
path=C:\Documents and Settings\GeRm\Start Menu\Programs\Startup\lsass.lnk
backup=C:\WINDOWS\pss\lsass.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-06 01:00 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]
--a------ 2005-12-01 01:07 568096 C:\PROGRA~1\Netscape\Netscape\Netscp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2007-12-28 01:44 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-01-06 01:00 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2005-12-06 23:52 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2004-10-06 03:26 71680 C:\WINDOWS\system32\CTASIO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2004-10-06 03:49 14848 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"PavPrSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2005-12-06 23:59]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2005-12-06 23:59]
S2 Ca533av;Icatch(IV) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 21:07]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 USB20L;Linksys USB 2.0 10/100 Adapter;C:\WINDOWS\system32\DRIVERS\USB200M.sys [2002-09-24 01:35]
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2007-08-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\GeRm\Application Data\Mozilla\Firefox\Profiles\e921gdvq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 18:43:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-16 18:49:06
ComboFix-quarantined-files.txt  2008-08-16 23:48:59

Pre-Run: 15,373,144,064 bytes free
Post-Run: 15,375,101,952 bytes free

164   --- E O F ---   2008-08-16 06:45:49

[germ72]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56, on 2008-08-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: smss.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5383 bytes

[evilfantasy]

Run this tool. Download it to your Desktop > ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.exe

As soon as it's done (the window will just close) go to the Windows Update site and install any critical updates http://www.update.microsoft.com

Let me know when your done.

[germ72]

Do you mean browse to http://update.windows.com/ in Internet Explorer

[evilfantasy]

Yes, make sure you install all of the critical/high priority updates. You don't have to get SP3 but get any others.

[germ72]

is sp3 any better then sp2

[evilfantasy]

About the same but we don't want to install it yet until we know the PC is clean.

[evilfantasy]

I will be signing off for a while in a few minutes. When you get done with the updates do this scan.

First:

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.

----------

Run the F-Secure Online Scanner for Viruses, Spyware and RootKits.

Note: This Scanner is for Internet Explorer Only!

• Click on Online Services and then Online Scanner
  
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.

[germ72]

ok im doing that scan now but i have a quick question. do u know a way to change active monitors with out pressing Fn+F8 on the internal keyboard

[germ72]

Scanning Report
Saturday, August 16, 2008 21:01:26 - 22:50:35

Computer name: JEREME
Scanning type: Scan system for malware, rootkits
Target: C:\
Result: 2 malware found
AdTool.Win32.MyWebSearch (spyware)

    * System

Tracking Cookie (spyware)

    * System

Statistics
Scanned:

    * Files: 28706
    * System: 3369
    * Not scanned: 7

Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * None: 2
    * Submitted: 0

Files not scanned:

    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\DOCUMENTS AND SETTINGS\JER.JEREME\LOCAL SETTINGS\TEMP\HSPERFDATA_JER\416

Options
Scanning engines:

    * F-Secure USS: 2.30.0
    * F-Secure Hydra: 2.8.8110, 2008-08-15
    * F-Secure AVP: 7.0.171, 2008-08-16
    * F-Secure Pegasus: 1.20.0, 2008-04-14
    * F-Secure Blacklight: 1.0.68

Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Use Advanced heuristics

      Copyright © 1998-2007 Product support |Send virus sample to F-Secure
      F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

[evilfantasy]

Update MalwareBytes and do d Full system scan and post the log when complete.

[germ72]

ok im doing that scan now but i have a quick question. do u know a way to change active monitors with out pressing Fn+F8 on the internal keyboard