It migt be just as quick for you to delete this last bak manualy

C:\PROGRAM FILES\MSN MESSENGER\BAK

Then this is the final step with respect to this particular infection.
Double-click the FindAWF icon once again.
A command prompt will open and ask you to "Press any key to continue...".
You will be presented with a Menu.
Press 4 then 'Enter' to reset domain zones.
You will receive a warning to reset domain zones.
Press 1 then 'Enter'.
When done, you will receive a message: "Done! Zones have been reset".
After resetting the domain zones, the program will return to the main menu.
Press E then 'Enter' to EXIT.

I removed - C:\PROGRAM FILES\MSN MESSENGER\BAK

Now the log is as follows:

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: Sun 10/25/2009
The current time is: 20:19:52.03

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

I also reset the domain zones per your instructions, but I still have the problem. McAfee is telling me to remove a program called PRCViewer so I'm going to do that now.

end of report

Actually, I didn't remove PRCViewer because I couldn't find it. Maybe I have the wrong name. McAfee keeps popping up a window telling me that I have a program that needs to be removed but it can't do it. I'll wait for it to pop-up again.

PRCViewer is a strange one.You might like to read about it.Its can be a genuine application or not depending on where it originated. A PUP ...just as a way of explaination....It is an unfortunate choice of words for what it found but in brief but a Potentially unwanted tool (PUP) is a applications that began as hacker tools or Trojans and has been now used by legitimate programs to help detect malware.They are not a threat.

System 32 Window

I still have the problem. Any ideas? After all this work, nothing has fixed the problem of redirecting my links from the google/yahoo/bing searches.

Can you run Combofix again please.Also ....


Go to http://www.kaspersky.com/kos/eng/par...avwebscan.html
Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

I tried running the kaspersky scan 4 or 5 times. Each time my computer went bizerk and was not responsive so I had to shut it down manually and restart. I'm going to try one more time, but if It does the same thing, then I'll need some advise.

In the meantime, here's the new Combofix log:
ComboFix 09-10-25.02 - Kenna 10/26/2009 9:08.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.454 [GMT -4:00]
Running from: c:\documents and settings\Kenna\Desktop\ComboFx.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.
2009-10-26 12:57 . 2009-10-26 12:57 -------- d-----w- C:\ComboFx
2009-10-25 02:55 . 2004-08-10 09:04 59392 ----a-w- c:\windows\system32\dllcache\ehtray.exe
2009-10-25 02:55 . 2004-03-10 19:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
2009-10-25 01:25 . 2009-10-25 01:25 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\SACore
2009-10-25 00:33 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-25 00:33 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-24 15:51 . 2009-10-24 15:51 -------- d-----w- c:\program files\Trend Micro
2009-10-21 12:57 . 2009-10-21 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-21 12:57 . 2009-10-21 12:57 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-21 12:54 . 2009-10-24 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-21 12:24 . 2009-10-21 12:24 -------- d-----w- c:\documents and settings\Kenna\Local Settings\Application Data\Mozilla
2009-10-20 13:13 . 2009-10-22 15:02 -------- d-----w- c:\documents and settings\Kenna\Application Data\webex
2009-10-16 21:35 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-16 18:04 . 2009-10-16 18:05 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-06 22:58 . 2009-10-06 22:58 -------- d-----w- c:\program files\iPod
2009-09-29 12:37 . 2009-09-29 12:38 -------- dc-h--w- c:\windows\ie8
2009-09-28 00:13 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:13 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-27 23:57 . 2009-09-27 23:57 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-27 23:56 . 2009-09-27 23:56 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-27 18:53 . 2009-09-27 18:53 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-09-27 18:53 . 2009-09-27 18:53 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-09-27 18:46 . 2009-09-27 18:46 0 ----a-w- C:\simplex.exe
2009-09-27 17:53 . 2009-09-27 17:53 -------- d-sh--w- c:\documents and settings\Kenna\IECompatCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-26 00:16 . 2006-03-09 21:27 -------- d-----w- c:\program files\MSN Messenger
2009-10-25 14:02 . 2007-04-09 13:28 -------- d-----w- c:\program files\DellSupport
2009-10-25 14:02 . 2006-02-04 14:51 -------- d-----w- c:\program files\iTunes
2009-10-25 14:02 . 2006-02-04 14:52 -------- d-----w- c:\program files\QuickTime
2009-10-25 14:02 . 2005-09-20 21:16 -------- d-----w- c:\program files\Apoint
2009-10-25 14:00 . 2008-09-28 18:53 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-24 23:18 . 2008-04-13 14:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 12:30 . 2007-05-22 19:14 -------- d-----w- c:\documents and settings\Kenna\Application Data\Move Networks
2009-10-18 22:52 . 2009-08-17 18:32 -------- d-----w- c:\documents and settings\Kenna\Application Data\vlc
2009-10-16 16:26 . 2008-04-12 18:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-06 22:58 . 2009-02-21 18:21 -------- d-----w- c:\program files\Common Files\Apple
2009-09-29 12:29 . 2008-08-25 23:36 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-23 12:55 . 2009-05-21 03:29 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-19 15:50 . 2006-02-04 14:53 -------- d-----w- c:\documents and settings\Kenna\Application Data\Apple Computer
2009-09-18 21:22 . 2009-09-18 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 14:22 . 2008-03-02 15:47 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-03-02 15:47 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-03-02 15:47 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-03-02 15:47 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-03-02 15:47 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-08-19 20:49 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-19 20:49 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-19 20:49 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-19 20:50 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 13:20 . 2005-09-29 20:13 53640 ----a-w- c:\documents and settings\Kenna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2004-08-19 20:49 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 00:44 . 2004-08-19 20:49 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-04 03:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2005-10-11 20:19 . 2005-10-11 20:19 251 ----a-w- c:\program files\wt3d.ini
2002-07-26 21:02 . 2005-10-31 01:15 153088 ----a-w- c:\program files\UNWISE.EXE
2009-10-21 16:25 . 2009-10-21 16:25 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-10-21 16:25 . 2009-10-21 16:25 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-10-21 16:25 . 2009-10-21 16:25 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-10-21 16:25 . 2009-10-21 16:25 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-25_00.44.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 03:59 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2005-09-27 21:25 . 2009-10-26 12:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-09-27 21:25 . 2009-10-25 00:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-09-27 21:25 . 2009-10-25 00:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-09-27 21:25 . 2009-10-26 12:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-09-27 21:25 . 2009-10-26 12:40 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
- 2005-09-27 21:25 . 2009-10-25 00:39 32768 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-10-25 02:55 . 2004-08-10 09:04 59392 c:\windows\ehome\ehtray.exe
+ 2009-10-25 02:55 . 2005-05-31 09:33 122941 c:\windows\system32\dla\tfswctrl.exe
+ 2009-08-17 15:49 . 2009-10-26 12:40 245760 c:\windows\system32\config\systemprofile\IETldCach e\index.dat
- 2009-08-17 15:49 . 2009-10-25 00:39 245760 c:\windows\system32\config\systemprofile\IETldCach e\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"USB2Check"="c:\windows\system32\PCLECoInst.dl l" [2004-04-06 61440]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-16 781656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-11 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-10-10 253952]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-10-29 110592]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-5-3 118784]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2009-8-13 278528]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsmap.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/20/2009 11:29 PM 64288]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNET URPX.SYS [1/4/2009 8:39 PM 7040]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1170768]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 9:28 PM 210216]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRat e.sys [9/26/2006 9:17 AM 34712]
R2 NkPtpEnumP2;NkPtpEnumP2;c:\program files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe [6/17/2005 11:11 AM 24064]
R3 VBus;Virtual Bus;c:\windows\system32\drivers\NkVBus.sys [6/17/2005 11:11 AM 17664]
S2 0262001256119325mcinstcleanup;McAfee Application Installer Cleanup (0262001256119325);c:\windows\TEMP\026200~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\026200~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 dmdrxfqffn;dmdrxfqffn;\??\c:\windows\system32\driv ers\xkodvqb.sys --> c:\windows\system32\drivers\xkodvqb.sys [?]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNET TBOH.SYS [1/4/2009 8:39 PM 17792]
.
Contents of the 'Scheduled Tasks' folder
2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:49]
2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-02 16:22]
2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-03-02 16:22]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxps://register.facebook.com/controls/contactx.dll
FF - ProfilePath - c:\documents and settings\Kenna\Application Data\Mozilla\Firefox\Profiles\vuj3os8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Kenna\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Kenna\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Kenna\Application Data\Mozilla\Firefox\Profiles\vuj3os8c.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DellSupport - c:\program files\DellSupport\DSAgnt.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
HKLM-Run-RegistryMechanic - (no file)

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-26 09:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3622183550-4086894572-4270324843-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*]%/* *]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3622183550-4086894572-4270324843-1005\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.*]%/* *\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-26 9:27
ComboFix-quarantined-files.txt 2009-10-26 13:25
ComboFix2.txt 2009-10-25 00:58
Pre-Run: 13,758,709,760 bytes free
Post-Run: 13,865,009,152 bytes free
- - End Of File - - DE78F2C42FAE2227C1E9516948C86AF9