Please Help Cant Open IE or Firefox

[aussieraven]

hi there i am a newbie here so i will try my best to explain.
my opertating system is window's xp media centre edition with service pack 3
i was using IE then firefox then all of the sudden i was not able to open firefox at all and IE would flash open and close.
i have used spybot and adware with nothing found. try to unstall the program and is unable to as it is not in my add/remove programs but in my program files and still unable to remove. can not even open my media centre as it is saying that it is corrputed or licence is invalid. firefox error message is something to do with a dll file error. cant even upload a new firefox install.
hope you can help
i hope that i have followed your instruction ok so attached to this post is the files "ark and attach"

thank you

[1972vet]

Greetings aussieraven and Welcome to the Forums,

Please uninstall the following software:
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LimeWire PRO 4.17.1

Click start-->Control Panel-->Add/Remove Programs...scroll down the list to locate those program names and click Remove for each. Reboot the system when finished uninstalling.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[aussieraven]

dear support,

thank you for your quick reply here is the combo fix log report that is attach.

thank you

ComboFix 09-09-02.02 - Administrator 09/03/2009 12:50.2.2 - NTFSx86
Running from: K:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\desktop
c:\windows\Fonts\c39digit.TTF
c:\windows\Installer\20d0720.msp
c:\windows\Installer\20d0729.msp
c:\windows\Installer\20d0755.msp
c:\windows\Installer\20d075c.msp
c:\windows\Installer\20d0765.msp
c:\windows\Installer\20d098f.msp
c:\windows\Installer\26cd3d7.msp
c:\windows\Installer\3112fc4.msp
c:\windows\Installer\3112fdf.msp
c:\windows\Installer\4126346.msp
c:\windows\Installer\44b3a5.msi
c:\windows\Installer\44b3a6.msp
c:\windows\Installer\44b3a7.msp
c:\windows\Installer\44b3a8.msp
c:\windows\Installer\44b3a9.msp
c:\windows\Installer\44b3aa.msp
c:\windows\Installer\44b3ab.msp
c:\windows\Installer\44b3ac.msp
c:\windows\Installer\44b3ad.msp
c:\windows\Installer\44b3ae.msp
c:\windows\Installer\4fc79a.msi
c:\windows\Installer\86a3e8.msp
c:\windows\Installer\f24ea.msp
c:\windows\Installer\f24ff.msp
c:\windows\Installer\f2515.msp
c:\windows\Installer\f252d.msp
c:\windows\Installer\f2542.msp
c:\windows\Installer\f255a.msp
c:\windows\Installer\f2571.msp
c:\windows\Installer\f2588.msp
c:\windows\Installer\f25d3.msp
c:\windows\kb913800.exe
c:\windows\rvhost.exe
c:\windows\system32\caanelmh.dll
c:\windows\system32\eaoigxcv.dll
c:\windows\system32\emtbtaui.dll
c:\windows\system32\gethjofn.dll
c:\windows\system32\hkyfjeev.dll
c:\windows\system32\icsuxuqd.dll
c:\windows\system32\kwsyalgh.dll
c:\windows\system32\lqkstlgq.dll
c:\windows\system32\lrpdwxah.dll
c:\windows\system32\mppnsjfv.dll
c:\windows\system32\mrxwqyhx.dll
c:\windows\system32\nsuihjcf.dll
c:\windows\system32\oeftumer.dll
c:\windows\system32\ondbadsm.dll
c:\windows\system32\pikmehql.dll
c:\windows\system32\rvhost.exe
c:\windows\system32\setting.ini
c:\windows\system32\sqqilmky.dll
c:\windows\system32\uuvndnwd.dll
c:\windows\system32\vjnmebdj.dll
c:\windows\system32\wltudgph.dll
c:\windows\system32\wypbxebd.dll
c:\windows\system32\xfdgtbxv.dll
c:\windows\system32\xjqjdrgb.dll
c:\windows\system32\ybfiahhg.dll
c:\windows\system32\ytbbkrun.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_NWCWORKSTATION
-------\Service_NPF
-------\Service_NWCWorkstation


((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-01 13:15 . 2009-09-01 13:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sony Ericsson
2009-08-28 12:42 . 2009-08-28 12:42 -------- d-----w- C:\CABS
2009-08-26 08:15 . 2009-08-26 08:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-26 08:02 . 2009-08-26 08:02 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-08-25 08:25 . 2009-08-25 08:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-08-25 02:21 . 2009-08-25 02:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-08-13 13:01 . 2009-08-13 13:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2009-08-12 08:36 . 2009-08-12 08:36 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 03:16 . 2008-02-21 03:33 -------- d-----w- c:\program files\LimeWire
2009-09-03 03:16 . 2006-04-25 09:34 -------- d-----w- c:\program files\Java
2009-08-31 08:06 . 2009-07-02 00:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-08-29 01:00 . 2004-09-10 04:57 146432 ----a-w- c:\windows\regedit.exe
2009-08-28 12:34 . 2008-04-23 10:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-27 09:01 . 2008-10-08 23:06 -------- d-----w- c:\program files\Trojan Remover
2009-08-27 09:01 . 2008-09-04 00:54 -------- d-----w- c:\program files\Google
2009-08-27 07:56 . 2008-04-14 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-27 07:47 . 2009-07-04 07:56 -------- d-----w- c:\program files\Recuva
2009-08-26 13:36 . 2009-06-15 01:19 -------- d-----w- c:\program files\SecondLife
2009-08-26 12:29 . 2008-04-14 11:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-26 08:11 . 2004-09-10 04:57 146432 ----a-w- c:\windows\copy.exe.exe
2009-08-26 01:36 . 2008-05-01 23:00 223 -c-ha-w- c:\windows\winshell.dat
2009-08-26 00:47 . 2009-08-26 00:47 918045 ---ha-w- C:\DH Temp.tmp
2009-08-26 00:39 . 2001-10-17 07:39 66 -c--a-w- c:\windows\anticrash.dat
2009-08-25 02:22 . 2009-07-04 07:59 -------- d-----w- c:\program files\PowerDataRecovery
2009-08-13 08:35 . 2009-07-07 07:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Corel
2009-08-13 08:35 . 2008-02-27 07:39 5590 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-12 08:59 . 2006-04-25 09:43 159864 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 08:47 . 2008-03-15 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-12 08:35 . 2009-07-04 08:13 -------- d-----w- c:\program files\Power Email Recovery for Outlook Express
2009-08-12 08:35 . 2009-07-05 08:57 -------- d-----w- c:\program files\Recovery Toolbox for Outlook
2009-08-12 08:34 . 2006-04-25 09:48 -------- d-----w- c:\program files\Microsoft Works
2009-08-12 08:30 . 2009-07-06 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hoyle FaceCreator
2009-08-12 08:30 . 2009-07-06 00:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hoyle Puzzle and Board Games
2009-08-12 08:30 . 2009-07-07 05:04 -------- d-----w- c:\program files\DBXTriever
2009-08-12 08:30 . 2009-07-07 05:22 -------- d-----w- c:\program files\SysTools DBX Converter
2009-08-12 08:30 . 2009-07-03 04:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-08-12 08:23 . 2009-02-21 04:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 07:05 . 2009-08-01 07:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-08-01 06:48 . 2009-08-01 06:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2009-07-09 04:15 . 2009-07-09 04:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Genie-soft
2009-07-05 11:16 . 2008-03-15 02:30 -------- d-----w- c:\program files\MSBuild
2009-07-05 10:06 . 2006-04-25 09:30 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-05 07:11 . 2009-07-05 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-07-01 23:03 . 2009-07-01 23:03 10845 ----a-w- c:\documents and settings\Administrator\MultiLanguage.tmp
2008-05-07 05:04 . 2008-05-07 05:04 385 ----a-w- c:\program files\Shortcut to Program Files.lnk
2008-05-01 00:32 . 2008-02-27 07:39 88 --sh--r- c:\windows\system32\0FE5564B50.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-02-22 2272592]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="c:\apps\Chicony\chicony.bat" [2005-09-28 54]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-13 50176]
"Microsoft WinUpdate"="c:\windows\system32\msupdtecheck.exe" [2008-06-14 0]
"MSKAGENTEXE"="c:\windows\system32\msupdtecheck.exe" [2008-06-14 0]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
"<NO NAME>"= 0

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\User\Application Data\iolo\\0smrgdf c:\program files\iolo\System Mechanic 5 Professional\\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NETGEAR\\WG111v3\\WG111v3.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R2 gupdate1c9c4caf4fcd25e;Google Update Service (gupdate1c9c4caf4fcd25e);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 133104]
R2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-22 547744]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2007-02-02 49377]
R3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-12-28 287232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2001-12-19 8576]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2007-10-09 38144]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\DRIVERS\pnpcap.sys [2008-12-13 23344]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-19 22:39]

2009-08-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:48]

2009-09-03 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-04-20 06:05]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 10:53]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 10:53]

2009-09-02 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]

2009-09-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4BCAA262-2450-4186-92A1-DE4E9C6EC7C1} - (no file)
BHO-{5272c707-14d2-6c1a-7480-45678e60e028} - (no file)
BHO-{5ED772B9-600F-4972-BADD-0AF8B2598BAA} - (no file)
BHO-{8D37CBEF-77AC-4171-A976-4EE913822A65} - (no file)
BHO-{A770EDE2-42DF-4D57-A9DF-EE8D36D71AD5} - (no file)
BHO-{B27F43C3-3205-4699-A2AF-450885D9B257} - (no file)
BHO-{EA349F4D-E73D-4B15-99FC-CEC068F7F1C1} - (no file)
BHO-{fbb5f7b6-9e76-a94e-e047-82458c220390} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
LSP: c:\program files\iolo\Common\Firewall\iFW_Xfilter.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 13:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\ehrec.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
c:\program files\NETGEAR\WG111v3\WG111v3.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-09-03 13:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 03:39
ComboFix2.txt 2008-06-21 01:50

Pre-Run: 89,389,092,864 bytes free
Post-Run: 89,362,927,616 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
298

[1972vet]

I see quite a few problems. Use of these programs below are directly responsible for your current issues:
LimeWire
uTorrent
...I know I already advised you to uninstall LimeWire, but the folder is still present in the log. Sometimes that can mean that the uninstaller was written poorly but I've seen some logs in the past that indicate an uninstall of Limewire had also removed the associated folder.

This time, it either did not (could be a different or corrupted version), or you just didn't uninstall it...I hope it's the former, not the latter...but, please at least have another look for it and uninstall it as well as the "uTorrent" software. Click Start-->Add/Remove Programs. Scroll down the list to locate the program names and click Remove for each.

Additionally, I'd like to point out that using security products from your ISP is ok, but I never recommend it since ISP's change from time to time as well as the fact that customers can decide to change their ISP. In those instances, your system would be left un-protected.

Using any one of the tried and time tested "Free" products is much more beneficial for the home user. I'm referring to "Authentium" which is largely used by ISP's for their free security package. Please find "Authentium" in your Add/Remove program listing and uninstall it as well.

Please select and install One of these free antivirus applications:
AVG Free for Windows
AntiVir Personal Edition Classic
Avast! 4 Home Edition
After successful installation, please reboot the computer.

When your system comes back up, run a manual update to the software you just installed. Allow the update to complete and immediately run another manual update. Continue in this manner until the program finds no other updates to download.

When the updates complete, please boot into safe mode and run a complete system scan. Allow the software to quarantine whatever it complains of except for Combofix or anything relating to Combofix...the information that would appear in the file path to the offending program/folder/file might be "Qoobox" but the name "Combofix" might also appear in a warning message. Ignore those but quarantine anything else. When the scan completes, save the log and reboot back to your normal windows user mode.

On your next reply, please tell us how old that system is. Also post the contents of the combofix "Add-Remove programs.txt" which is located here:
C:\Quoobox\Add-Remove Programs.txt

...some time this afternoon, I'll post back some additional instructions for you. In the meantime, if you do or have done your banking online using that computer, please contact your Bank and credit card companies and advise them that your computer has been compromised. They should be able to give you some guidance relating to possible "Identity Theft"...and please keep that system offline except for visiting this web site.

Remember please to post back the following logs:
C:\Quoobox\Add-Remove Programs.txt
Log from antivirus scan.
...and tell us how old that system is.

Thanks!

[1972vet]

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


KILLALL::


File::
c:\windows\copy.exe.exe
c:\windows\system32\0FE5564B50.sys


Folder::
c:\Program Files\LimeWire
c:\Program Files\uTorrent
c:\documents and settings\Administrator\Application Data\uTorrent
c:\documents and settings\Administrator\Application Data\LimeWire


Driver::
0FE5564B50


Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\Program Files\LimeWire\LimeWire.exe"=-
"c:\Program Files\uTorrent\uTorrent.exe"=-

[aussieraven]

Dear support,

here is the attached file of the "combofix add remove programs". the pc is 2000 and other details
also find compter info on bottom of this page
the avg scan wouldnt upload so here it is below:

Scan "Scheduled scan" was finished.
Infections;"6";"4";"2"
Information;"3"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Friday, September 04, 2009, 5:40:46 PM"
Scan finished:;"Friday, September 04, 2009, 8:59:05 PM (3 hour(s) 18 minute(s) 18 second(s))"
Total object scanned:;"1207593"
User who launched the scan:;"Administrator"

Infections
File;"Infection";"Result"
C:\Documents and Settings\Administrator\My Documents\Downloads\OE-Mail.Recovery.v1.7.18.41-UNiQUE\setup.exe;"Trojan horse Delf.EOM";"Moved to Virus Vault"
C:\Documents and Settings\User\My Documents\Azureus Downloads\NOKIA N95.zip;"Trojan horse PSW.OnlineGames.AZOI";"Infected"
C:\Documents and Settings\User\My Documents\Azureus Downloads\NOKIA N95.zip:\N95\Programmi\Smartphoneware Best Message Storer v1.0\Smartphoneware Best Message Storer v1.0 keygen.exe;"Trojan horse PSW.OnlineGames.AZOI";"Infected"
C:\Documents and Settings\User\My Documents\Downloads\ALL IN ONE MOVIE DOWNLOAD RELATED SOFTWARE\5..other important software for joining avi files and converting one file to other format\Convert Any Video Format ! Magic Video Converter FULL with Serial 8.0.2.19\Setup.exe;"Trojan horse BHO.GWT";"Deleted"
C:\QooBox\Quarantine\C\WINDOWS\RVHOST.exe.vir;"Virus identified Worm/Delf.CYB";"Moved to Virus Vault"
C:\QooBox\Quarantine\C\WINDOWS\system32\RVHOST.exe.vir;"Virus identified Worm/Delf.CYB";"Moved to Virus Vault"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite;"Found Tracking cookie.Revsci";"Healed"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.c982816c;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\adbrite.com.44f92a69;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\adbrite.com.557c9f74;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\adbrite.com.775ee79c;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\advertising.com.7ae8f949;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\adbrite.com.71beeff9;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\burstnet.com.27341d57;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\casalemedia.com.1773afc;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\casalemedia.com.2d37ad26;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\casalemedia.com.350339d4;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\casalemedia.com.8c65eddd;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\casalemedia.com.987e6b46;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\clickbank.net.82079eb1;"Found Tracking cookie.Clickbank";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\hitbox.com.2b95f8a3;"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\hitbox.com.bbf2a6e8;"Found Tracking cookie.Hitbox";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\smartadserver.com.321a5cf8;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\smartadserver.com.5550c4ed;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\smartadserver.com.c5827141;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tradedoubler.com.dc3c9994;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tradedoubler.com.eab0972e;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\zedo.com.6a4b36ab;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tradedoubler.com.ef90aa95;"Found Tracking cookie.Tradedoubler";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tribalfusion.com.5eef93d0;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tribalfusion.com.9bc3e98f;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tribalfusion.com.7610f0e0;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tribalfusion.com.8b22ad8c;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\tribalfusion.com.ff8546b9;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\zedo.com.14a38114;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qliyojsn.default\cookies.sqlite:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.74c5668;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"

Information
File;"Infection";"Result"
C:\Documents and Settings\User\My Documents\Downloads\Ashampoo.WinOptimizer.v6.10.Bilingual.Incl.Keygen-ViRiLiTY.zip;"Runtime packed upack";""
C:\Documents and Settings\User\My Documents\Downloads\Ashampoo.WinOptimizer.v6.10.Bilingual.Incl.Keygen-ViRiLiTY.zip:\Ashampoo.WinOptimizer.v6.10.Bilingual.Incl.Keygen-ViRiLiTY\vrlas10a.zip;"Runtime packed upack";""
C:\Documents and Settings\User\My Documents\Downloads\Ashampoo.WinOptimizer.v6.10.Bilingual.Incl.Keygen-ViRiLiTY.zip:\Ashampoo.WinOptimizer.v6.10.Bilingual.Incl.Keygen-ViRiLiTY\vrlas10a.zip:\keygen.exe;"Runtime packed upack";""
-------------------------------------------------------------------

also find computer system info;

OS Microsoft Windows XP Professional
OS version 5.1.2600
service pack 3


i have had the computer for about 3 years brought secound hand.

hope that this has helped.

cheers

[1972vet]

I'm assuming you read This. Don't know you you could have missed it...please make certain all p2p file sharing programs and illegally downloaded/installed software has been removed. On your next reply, please post the last combofix log generated when you completed the last instructions. Thanks!

[aussieraven]

dear support,

sorry for the late reply, have been away for a few days.



will post the info asap

cheers

[aussieraven]

dear support,

I hope i have done this right for you, thank you for your patience in all this
here is the attached scans from combofix. i did it twice to make sure.

i tried to manually to remove all p2p programs via the search system and it dosnt seem to pick it up anymore when i do a 2nd scan for the files.

cheers

[1972vet]

Well I must say that looks much better now. How's it running?

[aussieraven]

dear support,

still can not open Internet Explorer, firefox or the media centre?

[aussieraven]

dear support,

just wondering if this would help.

i removed firefox and tried to reinstalling it and got the error message that you see in the following attachments

also when i click on media centre this is the error message i get.

internet explorer still blinks open and closes without any error message still.



cheers

[1972vet]

There have been some issues reported very similar to yours regarding the media center edition and service pack 3. How long has this been going on, and how long ago did you install service pack 3?

[aussieraven]

dear support,
about a year ago i think.

[1972vet]

Quote:

How long has this been going on, and how long ago did you install service pack 3?
about a year ago i think.

...so, this issue has been going on for about a year?

[aussieraven]

No, it has been happening in the last 4 weeks.

[1972vet]

The media center issue is one that I believe you should trouble shoot with Microsoft...and the other issue with Firefox appears to be hardware related. We have both a Firefox and Hardware related forum here that I believe you would do well to post your issue in one of those. It would also be beneficial if you would include a link to this thread so the assistant there can see what has been done to date. Is there any other issue you are troubled with at present?

[aussieraven]

Dear 1972VET,

Thank you for all you have done and your patience in this matter. i have posted a new thread in the firefox support area on the issue of the IE and firefox problems on your reconmendation.

Thank you so very much again.

cheers

[1972vet]

You are most welcome! Now let's remove combofix.

Click start-->run...then copy and paste the Bold text below into the run box and click "OK":

ComboFix /u

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

To assist in the prevention of spyware infections:

Immunize your browser by installing Spywareblaster. What does it do?

• Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
• Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
• Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Web of Trust, (WOT,) warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for both Firefox and IE.

Install the Winpatrol security monitor utility. WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. What I hear most from users is how much they like the startup control feature and it's ease of use. Need help understanding something about Winpatol? Here it is.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

You should always have at least (but not more than ) one of these types of third party firewalls running on board:
Sunbelt Personal Firewall
Zone Alarm
Outpost Free
Comodo Beware of the "HopSurf " tool bar that's now included. If you don't want it, remove the check from the box during installation

Install the free security tool "Secunia PSI" to help protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software AND provides other related information/patching if warranted.

Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...third download link at the bottom of that page)..

Or if you just want to run your on board Disk Cleanup ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

So how did I get infected in the first place?
Regards, and Happy Surfing!

[1972vet]

Since this issue appears to be resolved this topic will now be closed.
Other members who need assistance please start your own topic
in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

IMPORTANT - Read This Before Posting For Malware Removal Help