Inactive Help with rootkey virus - following the 7 steps

Welcome to TechSpot! You do have a rootkit and the host files have been highjacked.

Please download MBRCheck and save to your desktop

• Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  [o] Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  [o] Found non-standard or infected MBR.
  [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Paste this log to your next message.

==========================================
Please print the following before you start:
You will need to do a DNS Flush, then reset your router.
Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

Exit the Command prompt when finished and shut the system down.-

• 
  [1]. Shut down your computer, and any other computer connected to your router.
  [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
  [3]. Unplug the router. Wait sixty seconds.
  [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
  [5].With the router unplugged, start your computer.
  [6].Connect to the router again. The turn the router back on.
  [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
  [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.

========================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please follow the order of these scans.
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Thanks Bobbye, starting the scans now. Will paste logs when completed.

MBR Check Log

Am posting this log and will then proceed with DNS flush. Be back shortly.




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0x8A68D000 \WINDOWS\system32\KDCOM.DLL
0xBA4BC000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AA000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB973A000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9726000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB96E9000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA380000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB96C5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB969D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9669000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB9646000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9547000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xB94A0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBA3C0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA208000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA74A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB6E9A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D4F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xAF63E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xAF62D000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA378000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA390000 \SystemRoot\system32\DRIVERS\raspti.sys
0xAF5FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB6C97000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB6C77000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xAF59F000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D53000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xAF564000 \SystemRoot\system32\DRIVERS\sxuptp.sys
0xBA1D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB168C000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xB82E2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9EF3B000 \SystemRoot\system32\drivers\RtkHDAud.sys
0x9EF17000 \SystemRoot\system32\drivers\portcls.sys
0xB82D2000 \SystemRoot\system32\drivers\drmk.sys
0xBA5E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7B3000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA418000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA5F2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA438000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA458000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB046F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0x9EEE4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0x9EE8B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB82B2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB82A2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9EE63000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA3D0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9EE41000 \SystemRoot\System32\drivers\afd.sys
0xB8292000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9EE16000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9EDA6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8282000 \SystemRoot\System32\Drivers\Fips.SYS
0x9ED5C000 \SystemRoot\System32\Drivers\aswSP.SYS
0x9ECEC000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xB3711000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xBA59C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB6E7A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB6E6A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA55C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB1690000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9E67C000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x9E661000 \SystemRoot\system32\DRIVERS\lvpopflt.sys
0xB6E5A000 \SystemRoot\system32\drivers\usbaudio.sys
0x9E621000 \SystemRoot\system32\DRIVERS\lvrs.sys
0x9E609000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA61C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA580000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA490000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA70F000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0x9E5ED000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB6C87000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9E405000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9E3C2000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9E245000 \SystemRoot\system32\drivers\wdmaud.sys
0x9E312000 \SystemRoot\system32\drivers\sysaudio.sys
0x9DCC8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9D7B4000 \SystemRoot\system32\DRIVERS\srv.sys
0x9D8CD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB36E9000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9D51B000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA468000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9CD8A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
684 C:\WINDOWS\system32\smss.exe
748 csrss.exe
772 C:\WINDOWS\system32\winlogon.exe
820 C:\WINDOWS\system32\services.exe
832 C:\WINDOWS\system32\lsass.exe
1012 C:\WINDOWS\system32\svchost.exe
1088 svchost.exe
1188 C:\WINDOWS\system32\svchost.exe
520 svchost.exe
700 svchost.exe
1048 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1580 C:\WINDOWS\system32\spoolsv.exe
2032 C:\WINDOWS\explorer.exe
600 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
664 C:\WINDOWS\system32\igfxtray.exe
744 C:\WINDOWS\system32\hkcmd.exe
1300 C:\WINDOWS\system32\igfxpers.exe
1408 C:\WINDOWS\RTHDCPL.EXE
1372 C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
1404 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1464 C:\WINDOWS\system32\igfxsrvc.exe
1556 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1600 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1776 C:\WINDOWS\system32\ctfmon.exe
1784 C:\Program Files\Logitech\Vid HD\Vid.exe
1916 C:\Program Files\Encore\Common\RaUI.exe
1872 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
1896 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2000 C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
1748 C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
1940 C:\Program Files\Logitech\SetPoint\SetPoint.exe
516 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
2240 svchost.exe
2280 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
2428 C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
2836 C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
3040 C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
3492 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
3620 C:\Program Files\Google\Update\GoogleUpdate.exe
3692 C:\Program Files\Java\jre6\bin\jqs.exe
4012 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
452 C:\Program Files\Encore\Common\RegistryWriter.exe
2084 C:\WINDOWS\system32\svchost.exe
2196 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
3668 C:\WINDOWS\system32\svchost.exe
3504 C:\WINDOWS\system32\wscntfy.exe
3932 C:\Program Files\Internet Explorer\iexplore.exe
2788 C:\Program Files\Internet Explorer\iexplore.exe
456 C:\Program Files\Internet Explorer\iexplore.exe
1728 C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\VDV8O640\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721075KLA330, Rev: GK8OA97A

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Combofix log

ComboFix 11-06-03.02 - owner 06/06/2011 13:34:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2949 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner\Application Data\Best Malware Protection
c:\documents and settings\owner\Application Data\Best Malware Protection\cookies.sqlite
c:\documents and settings\owner\Application Data\PriceGong
c:\documents and settings\owner\Application Data\PriceGong\Data\1.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\a.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\b.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\c.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\d.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\e.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\f.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\g.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\h.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\i.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\J.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\k.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\l.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\m.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\n.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\o.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\p.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\q.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\r.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\s.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\t.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\u.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\v.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\w.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\x.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\y.xml
c:\documents and settings\owner\Application Data\PriceGong\Data\z.xml
c:\documents and settings\owner\Recent\ANTIGEN.tmp
c:\documents and settings\owner\Recent\CLSV.tmp
c:\documents and settings\owner\Recent\eb.tmp
c:\documents and settings\owner\Recent\PE.tmp
c:\documents and settings\owner\Recent\runddlkey.tmp
c:\documents and settings\owner\Recent\SM.tmp
c:\documents and settings\owner\Recent\tjd.tmp
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\pthreadVC.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Legacy_NPF
-------\Service_itlperf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-05-19 03:37 . 2011-05-19 03:37 -------- d-----w- c:\program files\QuickTime
2011-05-18 11:18 . 2011-05-18 11:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 16:55 . 2011-05-17 16:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-15 01:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-15 01:07 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-15 01:07 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-15 01:07 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-05-08 16:11 . 2011-05-08 16:11 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2011-04-05 23:13 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-04-05 23:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-04-05 23:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-04-05 23:14 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-04-05 23:13 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-04-05 23:13 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-04-05 23:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-04-05 23:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-04-05 23:13 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-04-05 23:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-05-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Encore Wireless Utility.lnk - c:\program files\Encore\Common\RaUI.exe [2010-5-13 1662976]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-1-4 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-4 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-6 724992]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/5/2011 7:13 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/5/2011 7:14 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/5/2011 7:14 PM 19544]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [5/16/2010 2:49 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [5/16/2010 2:49 PM 49152]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/16/2010 2:49 PM 246936]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2011 6:46 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 1:19 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2011 6:46 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc243d9c02d2dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 22:46]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://www.yahoo.com
IE: Free YouTube Download - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\hm48fgqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60283
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-itlntfy - itlnfw32.dll
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 13:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS721075KLA330 rev.GK8OA97A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A64A53B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Encore\Common\RegistryWriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2011-06-06 13:50:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 17:49
.
Pre-Run: 732,786,802,688 bytes free
Post-Run: 733,268,389,888 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DFE132D3FB236239E825606D92E5D88B

Questions:
Are you using PeerBlock?
Have you done the DNS flush and router reset?
Did you assign this in Firefox: FF - prefs.js: network.proxy.http_port - 60283
=====================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
====================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Questions:
Are you using PeerBlock?
It is not something I have done, I don't even know what it is.

Have you done the DNS flush and router reset?
Yes

Did you assign this in Firefox: FF - prefs.js: network.proxy.http_port - 60283
No
=====================================

Will now continue with your next set of instructions and post logs when completed.

Next Set of Logs

ESET LOG

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\43\775a696b-4b4ba952 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\11\6fb428cb-67f1abfe Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\14\7bea5a4e-3ce9191f Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\16\4ea56e90-2d74d52a Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\28\72b7c5c-60c70e52 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\31\1ef03c5f-416d6f4f Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\31\2f2c695f-65e98e9d Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\48\7bf72d70-6537fbb2 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\56\63aaf5b8-63e9f8ff Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\9\7be78a09-676b5836 probably a variant of Java/TrojanDownloader.OpenStream.NCC trojan
C:\Documents and Settings\owner\Desktop\fsSetup131.exe Win32/Adware.Toolbar.Dealio application
C:\System Volume Information\_restore{BE673C43-9957-4968-A842-5C6097356DC5}\RP190\A0035045.mof Win32/RogueAV.A trojan



HIJACKTHIS LOG


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:21 PM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Log with Word Wrap on has been deleted by Bobbye

New log to be posted.

For the Eset entries: Most are in the Java cache, so you will empty it:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=============================================
There are some entries that need to be removed in HijackThis. But I would like you to redo the log- I can't read it in the context of Word Wrap:
When you open Notepad> click on Format> Uncheck Word Wrap. Now the log will be readable. For instance:
This log:

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Click to expand...

The same entry with Word Wrap off:

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

Click to expand...

Please past redone HJT log in next reply.

Hi Jack This Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:51:21 PM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Encore\Common\RegistryWriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Encore\Common\RaUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Encore Wireless Utility.lnk = C:\Program Files\Encore\Common\RaUI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Encore\Common\RegistryWriter.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8425 bytes

Java cache

I have completed clearing the java cache.

Reset your browser proxies

• Open Firefox, click on "Tools" then "Options" and then on "Advanced".
• Click on the "Network" tab, and then on the "Settings" button.
• Please make sure that the "No Proxy" option is selected.

=======================================
Please run this Custom Script:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Save this as CFScript.txt, in the same location as ComboFix.exe


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
========================================
Update the following. Then uninstall all outdated versions in Add/Remove Programs.
1. Java Updates
Note: You do not need to put a separate Java Extension on Firefox
Please open FF> Extensions> Remove Jave v6u17 and v6u23.
2. Adobe Reader
===========================================
I noticed several Belkin entires loading- just want to make sure you're aware of them:
Digido Platform

c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe

Click to expand...

It appears these are used to enable a person who travels to use the system.

It is puzzling because you are also using Description: Encore Wireless Utility
=======================================
You have a process left over form Norton/Symantec:
Click on Start> Run> type in services.msc> enter> Double click on LiveUpdate> Change the Startup type to Disabled> Stop the Service.
Then click on Start> Run> type in cmd> enter> at the blinking C prompt type in the following

sc delete LiveUpdate

Click to expand...

You should get this message:
[SC] DeleteService SUCCESS
Type Exit to close the command prompt
Reboot the computer.

Bobbye...

A couple of things from your last post.

• You mentioned something about BELKIN entries loading. My wireless router is a BELKIN, but I have never installed or activated any type of traveling ability. So I can't say if the DIGIDO PLATFORM is something that should be there or not.
  
• Al

so, again - I am not familiar with ENCORE WIRELESS UTILITY, so am not sure if that is something that should be there or not either.

Completed all the steps you asked for from last post and the new CF log is pasted below.

I really do appreciate your help with this mess.


ComboFix 11-06-08.04 - owner 06/09/2011 8:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2958 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\owner\Desktop\fsSetup131.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\owner\Desktop\fsSetup131.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cerc6
.
.
((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 )))))))))))))))))))))))))))))))
.
.
2011-06-07 18:11 . 2011-06-07 18:11 -------- d-----w- c:\program files\ESET
2011-05-19 03:37 . 2011-05-19 03:37 -------- d-----w- c:\program files\QuickTime
2011-05-18 11:18 . 2011-06-08 11:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 16:55 . 2011-05-17 16:55 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-05-15 01:07 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-05-15 01:07 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-05-15 01:07 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-05-15 01:07 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2011-04-05 23:13 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2011-04-05 23:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-04-05 23:13 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2011-04-05 23:14 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2011-04-05 23:13 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2011-04-05 23:13 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2011-04-05 23:13 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2011-04-05 23:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2011-04-05 23:13 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2011-04-05 23:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-06_17.46.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-09 12:10 . 2011-06-09 12:10 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
- 2011-06-06 17:45 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-06-09 12:10 . 2009-10-07 06:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2011-06-08 11:46 . 2011-06-08 11:46 238040 c:\windows\system32\Macromed\Flash\FlashUtil10s_Plugin.exe
+ 2011-06-08 11:46 . 2011-06-08 11:46 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2011-05-18 11:18 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-21 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-05-19 421888]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Encore Wireless Utility.lnk - c:\program files\Encore\Common\RaUI.exe [2010-5-13 1662976]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2011-1-4 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-4 688128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-12-6 724992]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/5/2011 7:13 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/5/2011 7:14 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/5/2011 7:14 PM 19544]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [5/16/2010 2:49 PM 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [5/16/2010 2:49 PM 49152]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [5/16/2010 2:49 PM 246936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2011 6:46 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 1:19 PM 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2011 6:46 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc243d9c02d2dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 22:46]
.
2011-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 22:46]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
IE: Free YouTube Download - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\owner\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\hm48fgqk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60283
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: [email protected] - c:\program files\AVAST Software\Avast\WebRep\FF
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 08:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_HDS721075KLA330 rev.GK8OA97A -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A62453B
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Encore\Common\RegistryWriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2011-06-09 08:14:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-09 12:14
ComboFix2.txt 2011-06-06 17:50
.
Pre-Run: 733,349,683,200 bytes free
Post-Run: 733,401,980,928 bytes free
.
- - End Of File - - CDB97FAA97110AE49600B732D6E6C33B

Regarding the Belkin and the Encore entries. I don't know how your system is set up or who set it up. As far as I could determine, the extra Belkin entries have to be intentionally installed. There is a setup file fore the Belkin but all of the other processes are extra. And the The DigiDo™ Platform is used by Time Warner Cable, Cox, Bresnan, Charter, ubee and Belkin. It is a part of a secure home network and may be used by the ISP.

And the Encore Wireless Utility may be the wireless card or required by the modem.
=====================================
Questions:
1. Who is your ISP?
2. Do you have multiple users on this computer.
3. Are you using a wireless print server?
4. Was the computer set up on the Peer 1 Network?
===================================
Combofix removed an entry for Best Malware Protection\cookies.sqlite
cookies.sqlite is where Firefox stores Cookies. This means that your system wasn't protected and this rogue program has left a Tracking Cookies on the system.

Best Malware Protection is a fake antivirus program that tries to trick the user to buy the full version of the program by using fake scan results. It installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level.

Best Malware Protection is advertised mostly through the use of bogus online scanners and malicious websites. This means that the security is lacking.

Please do the following:>>>> Note: If you have multiple accounts on the system, do this on each of the accounts:

1. Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-ons for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources: They also prevent the ads and banners themselves:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
==========================================
Regarding Price Gong:> It's a browser addon for comparative shopping. The program is adware, and it will display annoying pop-up alerts and other false threats in the browser.

PriceGong will launch automatically whenever a user visits a shopping site like Amazon.com or Sears.

Click to expand...

Standalone application removal
In case you have installed PriceGong as a standalone application, it can easily be removed using the "Add/Remove Programs" follows:

1. 
   On Windows XP>
   1. Go to the Start menu
   2. Select Settings
   3. Select Control Panel
   4. Select Add or Remove Programs
   5. Select PriceGong
   6. Click Change/Remove
   7. Follow on-screen prompts to remove the PriceGong application
   • 
     The use Windows Explorer (Windows key + E) to go to My Computer> Double click on Local Drive(C)> Programs> look for the Price Gong folder and do a Right click> Delete.
     =======================================
     Reboot the computer. Run the following.
     =======================================
     
     
     
     SuperAntiSpyware Home Edition Free Version
     Important to note the line to check the entries for removal.
     • Please download SuperAntiSpyware from HERE
     • Launch SuperAntiSpyware and click on 'Check for updates'.
     • Wait for the updates to be installed
     • On the main screen click on 'Scan your computer'.
     • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
     • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
     • Make sure everything found has a checkmark next to it,then press 'Next'.
     • Click on 'Finish' when you've done.
     It's possible that the program will ask you to reboot in order to delete some files.
     
     Obtain the SuperAntiSpyware log as follows:
     • Click on 'Preferences'.
     • Click on the 'Statistics/Logs' tab.
     • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
     It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply

Super AntiSpyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/13/2011 at 08:14 AM

Application Version : 4.54.1000

Core Rules Database Version : 7257
Trace Rules Database Version: 5069

Scan type : Complete Scan
Total Scan Time : 00:20:45

Memory items scanned : 588
Memory threats detected : 0
Registry items scanned : 6379
Registry threats detected : 0
File items scanned : 20709
File threats detected : 470

Adware.Tracking Cookie
C:\Documents and Settings\owner\Cookies\[email protected][1].txt
C:\Documents and Settings\owner\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\owner\Cookies\owner@mediabrandsww[1].txt
C:\Documents and Settings\owner\Cookies\owner@adxpose[1].txt
C:\Documents and Settings\owner\Cookies\owner@media6degrees[1].txt
C:\Documents and Settings\owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\owner\Cookies\owner@2o7[2].txt
C:\Documents and Settings\owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\owner\Cookies\[email protected][1].txt
C:\Documents and Settings\owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\owner\Cookies\[email protected][1].txt
C:\Documents and Settings\owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\owner\Cookies\owner@collective-media[2].txt
C:\Documents and Settings\owner\Cookies\owner@pointroll[1].txt
C:\Documents and Settings\owner\Cookies\[email protected][3].txt
C:\Documents and Settings\owner\Cookies\owner@insightexpressai[2].txt
C:\Documents and Settings\owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\owner\Cookies\[email protected][2].txt
C:\Documents and Settings\owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\owner\Cookies\[email protected][1].txt
C:\Documents and Settings\owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\owner\Cookies\[email protected][1].txt
C:\Documents and Settings\owner\Cookies\[email protected][2].txt
C:\Documents and Settings\owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\owner\Cookies\[email protected][2].txt
C:\Documents and Settings\owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\owner\Cookies\owner@invitemedia[2].txt
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\K5JTUGV7 ]
media.heavy.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\K5JTUGV7 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\K5JTUGV7 ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\K5JTUGV7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\K5JTUGV7 ]
C:\Documents and Settings\LocalService\Cookies\system@kontera[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clicksaudit[3].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@indieclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@adtech[1].txt
C:\Documents and Settings\LocalService\Cookies\system@interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertnation[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
C:\Documents and Settings\LocalService\Cookies\system@burstbeacon[1].txt
C:\Documents and Settings\LocalService\Cookies\system@technoratimedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@viewablemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@crackle[1].txt
C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@eyewonder[2].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@amtk-media[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\LocalService\Cookies\system@findology[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@dealtime[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@revsci[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clicksaudit[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[3].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][3].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
adimages.scrippsnetworks.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
media.kyte.tv [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
media.onsugar.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
stat.easydate.biz [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H3QGCSTD ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][8].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][8].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[8].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[7].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertnation[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[11].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertnation[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][10].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][11].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][10].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][11].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[9].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@amtk-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][8].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[10].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][9].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][9].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][8].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][7].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@lfstmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[6].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@nextag[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[5].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[10].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[11].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
a.ads2.msads.net [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
ads2.msads.net [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
b.ads2.msads.net [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
cdn1.static.pornhub.phncdn.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
cdn4.specificclick.net [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
crackle.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
ia.media-imdb.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
media.mtvnservices.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
media.scanscout.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
media.wcnc.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
media.wfaa.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
media1.break.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
s0.2mdn.net [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
www.naiadsystems.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
www.pornhub.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
www.royalmediamarketing.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]
www.soundclick.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\GZHDGVM7 ]

Adware.SelectRebates[SAH]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{BE673C43-9957-4968-A842-5C6097356DC5}\RP191\A0035209.DLL

SAS found 470 Tracking Cookies. That tell me 3 things.

1. Your system is not set to block 3rd party Cookies.
2. You aren't doing regular maintenance on the system.
3. If you are going to visit sites like the 'pronhub', you are going to get malware.

These have not been addressed:

Questions:
1. Who is your ISP?
2. Do you have multiple users on this computer?
3. Are you using a wireless print server?
4. Was the computer set up on the Peer 1 Network?

Click to expand...

====================================
Please run the following: Security Check

Download Security Check by screen317 from HERE or HERE .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

====================================
Download CKScanner and save to your desktop.

• Doubleclick CKScanner.exe and click Search For Files.
• When the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
  in your next reply.

Due to inactivity, this thread is being closed.