My computer is running on Win Xp... recently I got infected with BDS/Small.iuj trojan.... I reinstalled my OS and installed Kaspersky Internet Security 2010.... then something like a win32.small.ive was also detected..... I did the same process again but this time I did not install Kaspersky... I tried using combo fix, after that I installed Kaspersky again and the virus was back again..... need help please....

Here's my combofis log:

ComboFix 10-03-04.02 - dexter delgado 03/05/2010 13:21:11.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.551 [GMT 8:00]
Running from: c:\documents and settings\dexter delgado\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.

2010-03-04 05:34 . 2010-03-04 05:34 -------- d-----w- c:\windows\Sun
2010-03-04 05:28 . 2010-03-04 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 05:28 . 2010-03-04 05:28 -------- d-----w- c:\program files\Java
2010-03-04 05:27 . 2010-03-04 05:27 152576 ----a-w- c:\documents and settings\dexter delgado\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\ff_temp
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\7zS188B.tmp
2010-02-28 23:59 . 2010-02-28 23:59 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\Local Settings\Application Data\Microsoft
2010-02-28 23:58 . 2010-02-28 23:58 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.1\DRM
2010-02-28 23:37 . 2010-03-05 05:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.1
2010-02-28 23:37 . 2010-02-28 23:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1
2010-02-28 23:34 . 2010-03-04 18:42 -------- d-----w- C:\WINDOWS.1
2010-02-28 23:28 . 2010-02-28 23:36 -------- d-----w- C:\install
2010-02-28 23:26 . 2010-02-28 23:37 -------- d-----w- C:\WINDOWS.0
2010-02-27 14:40 . 2010-02-27 14:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-24 08:14 . 2010-02-24 08:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-23 13:54 . 2006-01-06 07:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-23 13:54 . 2006-01-06 07:53 31744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-22 18:10 . 2010-03-05 05:01 3511818 ----a-w- c:\windows\tmplog.dll
2010-02-22 18:10 . 2010-03-05 05:01 -------- d-----w- C:\received3
2010-02-22 18:10 . 2010-03-05 05:01 -------- d-----w- C:\received
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received6
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received5
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received4
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received2
2010-02-22 18:10 . 2010-02-23 18:56 -------- d-----w- C:\encryption_folders
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- c:\windows\Desktop
2010-02-22 18:01 . 2010-02-22 18:01 -------- d-----w- c:\program files\ProoferTool
2010-02-22 18:00 . 2010-02-22 18:00 249856 ------w- c:\windows\Setup1.exe
2010-02-22 18:00 . 2010-02-22 18:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-02-22 17:50 . 2010-02-23 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-22 15:11 . 2010-02-22 15:11 -------- d-----w- c:\program files\NCH Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\program files\Alwil Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-s---w- c:\documents and settings\dexter delgado\UserData
2010-02-15 15:30 . 2008-04-17 01:05 69632 ------r- c:\windows\Alcmtr.exe
2010-02-15 04:45 . 2010-02-15 04:45 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\CCleaner
2010-02-12 16:17 . 2008-04-17 01:05 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-02-12 16:17 . 2010-02-12 08:20 -------- d-----w- c:\program files\Realtek
2010-02-12 16:17 . 2010-02-12 16:17 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InstallShield
2010-02-12 16:16 . 2010-02-12 16:16 -------- d-----w- c:\windows\system32\Lang
2010-02-12 16:16 . 2008-04-17 01:05 920088 ----a-r- c:\windows\system32\igxpun.exe
2010-02-12 16:16 . 2008-04-17 01:05 319456 ----a-r- c:\windows\system32\difxapi.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Intel
2010-02-12 16:13 . 2010-02-12 08:24 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-12 16:13 . 2007-08-10 16:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- C:\Intel
2010-02-12 16:13 . 2010-02-15 15:34 -------- d-----w- C:\TempEI4
2010-02-12 16:07 . 2010-02-12 16:07 -------- d-----w- c:\program files\Realtek AC97
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\windows\Profiles
2010-02-12 16:01 . 2010-02-13 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InterTrust
2010-02-12 16:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-12 16:00 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 23:27 . 2010-02-12 08:36 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Skype
2010-03-01 00:01 . 2010-02-12 15:38 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-28 23:54 . 2010-02-12 15:32 -------- d-----w- c:\program files\Unlocker
2010-02-28 23:49 . 2010-02-12 15:28 -------- d-----w- c:\program files\MSN Messenger
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-25 05:25 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\NCH Swift Sound
2010-02-13 16:05 . 2010-02-12 08:50 16128 ----a-w- c:\documents and settings\dexter delgado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 07:21 . 2010-02-12 15:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 16:07 . 2010-02-12 16:03 -------- d-----w- c:\program files\AvRack
2010-02-12 16:07 . 2010-02-12 16:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:03 . 2010-02-12 16:03 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-12 15:57 . 2010-02-12 15:57 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 15:53 . 2010-02-12 15:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 15:38 . 2010-02-12 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-12 15:37 . 2010-02-12 15:37 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-02-12 15:37 . 2010-02-12 15:37 2293 ----a-w- c:\windows\mozver.dat
2010-02-12 15:37 . 2010-02-12 15:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 15:32 . 2010-02-12 15:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 09:02 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live
2010-02-12 09:02 . 2010-02-12 09:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Microsoft
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-12 08:56 . 2010-02-12 08:56 -------- d-----w- c:\program files\CounterPath
2010-02-12 08:50 . 2010-02-12 08:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-12 08:39 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:31 -------- d-----w- c:\program files\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-12 08:27 . 2010-02-12 08:27 673610 ----a-w- c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe
2010-02-12 08:20 . 2010-02-12 16:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 08:20 . 2010-02-12 08:20 315392 ----a-w- c:\windows\HideWin.exe
2003-03-21 13:37 . 2003-03-21 13:37 16056 ----a-w- c:\program files\owcstp16.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_23.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 23:27 . 2010-03-04 23:27 16384 c:\windows\temp\Perflib_Perfdata_6f8.dat
+ 2006-01-13 01:39 . 2010-02-25 06:40 39992 c:\windows\system32\perfc009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 39992 c:\windows\system32\perfc009.dat
+ 2010-02-22 17:50 . 2010-02-22 17:50 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 1999-03-25 17:00 . 1999-03-25 17:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2006-01-13 01:39 . 2010-02-25 06:40 311604 c:\windows\system32\perfh009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 311604 c:\windows\system32\perfh009.dat
+ 2010-03-04 05:28 . 2010-03-04 05:28 149280 c:\windows\system32\javaws.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\javaw.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\java.exe
+ 1998-04-14 18:50 . 1998-04-14 18:50 339456 c:\windows\PKZIP25.EXE
+ 2010-03-04 05:28 . 2010-03-04 05:28 537600 c:\windows\Installer\13f4347.msi
+ 2010-02-22 17:50 . 2010-02-22 17:50 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-02-22 17:50 . 2010-02-22 17:50 1544192 c:\windows\Installer\a26c17.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 5186048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 137752]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-04 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Documents and Settings\\dexter delgado\\Desktop\\PT8-4.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\expressSevenDaysInit.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-03-04 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-02-12 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]

2010-03-05 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com.ph
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-05 13:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-05 13:28:14
ComboFix-quarantined-files.txt 2010-03-05 05:28
ComboFix2.txt 2010-02-23 11:08
ComboFix3.txt 2010-02-17 23:28

Pre-Run: 69,451,493,376 bytes free
Post-Run: 69,454,635,008 bytes free

- - End Of File - - 403B136B370AF58C431A64514E1B6D13

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
explorer.exe
atapi.sys


  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

Hey, thanks for the concern on my problem. Here is the log that you requested:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 02:43 on 06/03/2010 by dexter delgado (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\WINDOWS.0\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS.1\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565
C:\WINDOWS\explorer.exe --a--- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565

Searching for "atapi.sys"
C:\WINDOWS.0\system32\drivers\atapi.sys --a--- 95616 bytes [01:10 13/01/2006] [01:10 13/01/2006] C4B52426B79C6F6664B70B8E63B1B837
C:\WINDOWS.1\system32\drivers\atapi.sys --a--- 95616 bytes [01:10 13/01/2006] [15:53 06/01/2006] C4B52426B79C6F6664B70B8E63B1B837
C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 95616 bytes [23:27 17/02/2010] [15:53 06/01/2006] C4B52426B79C6F6664B70B8E63B1B837
C:\WINDOWS\system32\drivers\atapi.sys ------ 95616 bytes [01:10 13/01/2006] [15:53 06/01/2006] C4B52426B79C6F6664B70B8E63B1B837

-=End Of File=-

Download explorer.exe from RapidShare:
rapidshare.com rapidshare.comexplorer.exe.html

Make sure to SAVE the download to your Desktop.

DO NOT OPEN IT
======

Then...
Please download ComboFix from here and save it to your Desktop. Once again, do not run it.

Running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  killall::
  FCopy::
  C:\documents and settings\scs\desktop\explorer.exe | c:\windows.0\explorer.exe
  C:\documents and settings\scs\desktop\explorer.exe | c:\windows.1\explorer.exe
  C:\documents and settings\scs\desktop\explorer.exe | c:\windows\explorer.exe
  reboot::
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Let me know if this was successful. Post the ComboFix log.

Sir, here is the latest combofix log that you wanted:

ComboFix 10-03-06.03 - dexter delgado 03/07/2010 9:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.674 [GMT 8:00]
Running from: c:\documents and settings\dexter delgado\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dexter delgado\My Documents\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-04 05:34 . 2010-03-04 05:34 -------- d-----w- c:\windows\Sun
2010-03-04 05:28 . 2010-03-04 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 05:28 . 2010-03-04 05:28 -------- d-----w- c:\program files\Java
2010-03-04 05:27 . 2010-03-04 05:27 152576 ----a-w- c:\documents and settings\dexter delgado\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\ff_temp
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\7zS188B.tmp
2010-02-28 23:59 . 2010-02-28 23:59 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\Local Settings\Application Data\Microsoft
2010-02-28 23:58 . 2010-02-28 23:58 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.1\DRM
2010-02-28 23:37 . 2010-03-05 05:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.1
2010-02-28 23:37 . 2010-02-28 23:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1
2010-02-28 23:34 . 2010-03-04 18:42 -------- d-----w- C:\WINDOWS.1
2010-02-28 23:28 . 2010-02-28 23:36 -------- d-----w- C:\install
2010-02-28 23:26 . 2010-02-28 23:37 -------- d-----w- C:\WINDOWS.0
2010-02-27 14:40 . 2010-02-27 14:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-24 08:14 . 2010-02-24 08:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-23 13:54 . 2006-01-06 07:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-23 13:54 . 2006-01-06 07:53 31744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-22 18:10 . 2010-03-07 01:03 5019492 ----a-w- c:\windows\tmplog.dll
2010-02-22 18:10 . 2010-03-07 01:03 -------- d-----w- C:\received3
2010-02-22 18:10 . 2010-03-07 01:03 -------- d-----w- C:\received2
2010-02-22 18:10 . 2010-03-07 01:03 -------- d-----w- C:\received
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received6
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received5
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received4
2010-02-22 18:10 . 2010-02-23 18:56 -------- d-----w- C:\encryption_folders
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- c:\windows\Desktop
2010-02-22 18:01 . 2010-02-22 18:01 -------- d-----w- c:\program files\ProoferTool
2010-02-22 18:00 . 2010-02-22 18:00 249856 ------w- c:\windows\Setup1.exe
2010-02-22 18:00 . 2010-02-22 18:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-02-22 17:50 . 2010-02-23 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-22 15:11 . 2010-02-22 15:11 -------- d-----w- c:\program files\NCH Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\program files\Alwil Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-s---w- c:\documents and settings\dexter delgado\UserData
2010-02-15 15:30 . 2008-04-17 01:05 69632 ------r- c:\windows\Alcmtr.exe
2010-02-15 04:45 . 2010-02-15 04:45 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\CCleaner
2010-02-12 16:17 . 2008-04-17 01:05 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-02-12 16:17 . 2010-02-12 08:20 -------- d-----w- c:\program files\Realtek
2010-02-12 16:17 . 2010-02-12 16:17 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InstallShield
2010-02-12 16:16 . 2010-02-12 16:16 -------- d-----w- c:\windows\system32\Lang
2010-02-12 16:16 . 2008-04-17 01:05 920088 ----a-r- c:\windows\system32\igxpun.exe
2010-02-12 16:16 . 2008-04-17 01:05 319456 ----a-r- c:\windows\system32\difxapi.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Intel
2010-02-12 16:13 . 2010-02-12 08:24 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-12 16:13 . 2007-08-10 16:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- C:\Intel
2010-02-12 16:13 . 2010-02-15 15:34 -------- d-----w- C:\TempEI4
2010-02-12 16:07 . 2010-02-12 16:07 -------- d-----w- c:\program files\Realtek AC97
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\windows\Profiles
2010-02-12 16:01 . 2010-02-13 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InterTrust
2010-02-12 16:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-12 16:00 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 01:16 . 2010-02-12 08:36 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Skype
2010-03-01 00:01 . 2010-02-12 15:38 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-28 23:54 . 2010-02-12 15:32 -------- d-----w- c:\program files\Unlocker
2010-02-28 23:49 . 2010-02-12 15:28 -------- d-----w- c:\program files\MSN Messenger
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-25 05:25 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\NCH Swift Sound
2010-02-13 16:05 . 2010-02-12 08:50 16128 ----a-w- c:\documents and settings\dexter delgado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 07:21 . 2010-02-12 15:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 16:07 . 2010-02-12 16:03 -------- d-----w- c:\program files\AvRack
2010-02-12 16:07 . 2010-02-12 16:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:03 . 2010-02-12 16:03 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-12 15:57 . 2010-02-12 15:57 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 15:53 . 2010-02-12 15:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 15:38 . 2010-02-12 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-12 15:37 . 2010-02-12 15:37 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-02-12 15:37 . 2010-02-12 15:37 2293 ----a-w- c:\windows\mozver.dat
2010-02-12 15:37 . 2010-02-12 15:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 15:32 . 2010-02-12 15:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 09:02 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live
2010-02-12 09:02 . 2010-02-12 09:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Microsoft
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-12 08:56 . 2010-02-12 08:56 -------- d-----w- c:\program files\CounterPath
2010-02-12 08:50 . 2010-02-12 08:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-12 08:39 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:31 -------- d-----w- c:\program files\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-12 08:27 . 2010-02-12 08:27 673610 ----a-w- c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe
2010-02-12 08:20 . 2010-02-12 16:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 08:20 . 2010-02-12 08:20 315392 ----a-w- c:\windows\HideWin.exe
2003-03-21 13:37 . 2003-03-21 13:37 16056 ----a-w- c:\program files\owcstp16.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_23.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 01:16 . 2010-03-07 01:16 16384 c:\windows\temp\Perflib_Perfdata_f8.dat
+ 2006-01-13 01:39 . 2010-02-25 06:40 39992 c:\windows\system32\perfc009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 39992 c:\windows\system32\perfc009.dat
+ 2010-02-22 17:50 . 2010-02-22 17:50 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 1999-03-25 17:00 . 1999-03-25 17:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2006-01-13 01:39 . 2010-02-25 06:40 311604 c:\windows\system32\perfh009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 311604 c:\windows\system32\perfh009.dat
+ 2010-03-04 05:28 . 2010-03-04 05:28 149280 c:\windows\system32\javaws.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\javaw.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\java.exe
+ 1998-04-14 18:50 . 1998-04-14 18:50 339456 c:\windows\PKZIP25.EXE
+ 2010-03-04 05:28 . 2010-03-04 05:28 537600 c:\windows\Installer\13f4347.msi
+ 2010-02-22 17:50 . 2010-02-22 17:50 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-02-22 17:50 . 2010-02-22 17:50 1544192 c:\windows\Installer\a26c17.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 5186048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 137752]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-04 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Documents and Settings\\dexter delgado\\Desktop\\PT8-4.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\expressSevenDaysInit.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-03-04 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-02-12 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]

2010-03-07 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com.ph
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 09:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3816)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2010-03-07 09:20:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-07 01:20
ComboFix2.txt 2010-03-05 05:28
ComboFix3.txt 2010-02-23 11:08
ComboFix4.txt 2010-02-17 23:28

Pre-Run: 68,172,042,240 bytes free
Post-Run: 68,177,092,608 bytes free

- - End Of File - - E645B72A7A8F78EA74C94DEFFD9006C9

Did not seem to work. Are you sure you downloaded the explorer.exe to your Desktop, and then ran the ComboFix script?

I'm sorry. I think I forgot the "Download explorer.exe from RapidShare"... my bad, but here's the new combofix log. Hope this helps. Thank you very much....


ComboFix 10-03-06.07 - dexter delgado 03/07/2010 20:01:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.615 [GMT 8:00]
Running from: c:\documents and settings\dexter delgado\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dexter delgado\My Documents\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-04 05:34 . 2010-03-04 05:34 -------- d-----w- c:\windows\Sun
2010-03-04 05:28 . 2010-03-04 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 05:28 . 2010-03-04 05:28 -------- d-----w- c:\program files\Java
2010-03-04 05:27 . 2010-03-04 05:27 152576 ----a-w- c:\documents and settings\dexter delgado\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\ff_temp
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\7zS188B.tmp
2010-02-28 23:59 . 2010-02-28 23:59 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\Local Settings\Application Data\Microsoft
2010-02-28 23:58 . 2010-02-28 23:58 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.1\DRM
2010-02-28 23:37 . 2010-03-05 05:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.1
2010-02-28 23:37 . 2010-02-28 23:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1
2010-02-28 23:34 . 2010-03-04 18:42 -------- d-----w- C:\WINDOWS.1
2010-02-28 23:28 . 2010-02-28 23:36 -------- d-----w- C:\install
2010-02-28 23:26 . 2010-02-28 23:37 -------- d-----w- C:\WINDOWS.0
2010-02-27 14:40 . 2010-02-27 14:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-24 08:14 . 2010-02-24 08:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-23 13:54 . 2006-01-06 07:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-23 13:54 . 2006-01-06 07:53 31744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-22 18:10 . 2010-03-07 11:36 263009 ----a-w- c:\windows\tmplog.dll
2010-02-22 18:10 . 2010-03-07 03:41 -------- d-----w- C:\received
2010-02-22 18:10 . 2010-03-07 01:03 -------- d-----w- C:\received3
2010-02-22 18:10 . 2010-03-07 01:03 -------- d-----w- C:\received2
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received6
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received5
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received4
2010-02-22 18:10 . 2010-02-23 18:56 -------- d-----w- C:\encryption_folders
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- c:\windows\Desktop
2010-02-22 18:01 . 2010-02-22 18:01 -------- d-----w- c:\program files\ProoferTool
2010-02-22 18:00 . 2010-02-22 18:00 249856 ------w- c:\windows\Setup1.exe
2010-02-22 18:00 . 2010-02-22 18:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-02-22 17:50 . 2010-02-23 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-22 15:11 . 2010-02-22 15:11 -------- d-----w- c:\program files\NCH Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\program files\Alwil Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-s---w- c:\documents and settings\dexter delgado\UserData
2010-02-15 15:30 . 2008-04-17 01:05 69632 ------r- c:\windows\Alcmtr.exe
2010-02-15 04:45 . 2010-02-15 04:45 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\CCleaner
2010-02-12 16:17 . 2008-04-17 01:05 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-02-12 16:17 . 2010-02-12 08:20 -------- d-----w- c:\program files\Realtek
2010-02-12 16:17 . 2010-02-12 16:17 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InstallShield
2010-02-12 16:16 . 2010-02-12 16:16 -------- d-----w- c:\windows\system32\Lang
2010-02-12 16:16 . 2008-04-17 01:05 920088 ----a-r- c:\windows\system32\igxpun.exe
2010-02-12 16:16 . 2008-04-17 01:05 319456 ----a-r- c:\windows\system32\difxapi.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Intel
2010-02-12 16:13 . 2010-02-12 08:24 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-12 16:13 . 2007-08-10 16:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- C:\Intel
2010-02-12 16:13 . 2010-02-15 15:34 -------- d-----w- C:\TempEI4
2010-02-12 16:07 . 2010-02-12 16:07 -------- d-----w- c:\program files\Realtek AC97
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\windows\Profiles
2010-02-12 16:01 . 2010-02-13 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InterTrust
2010-02-12 16:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-12 16:00 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 12:07 . 2010-02-12 08:36 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Skype
2010-03-01 00:01 . 2010-02-12 15:38 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-28 23:54 . 2010-02-12 15:32 -------- d-----w- c:\program files\Unlocker
2010-02-28 23:49 . 2010-02-12 15:28 -------- d-----w- c:\program files\MSN Messenger
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-25 05:25 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\NCH Swift Sound
2010-02-13 16:05 . 2010-02-12 08:50 16128 ----a-w- c:\documents and settings\dexter delgado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 07:21 . 2010-02-12 15:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 16:07 . 2010-02-12 16:03 -------- d-----w- c:\program files\AvRack
2010-02-12 16:07 . 2010-02-12 16:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:03 . 2010-02-12 16:03 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-12 15:57 . 2010-02-12 15:57 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 15:53 . 2010-02-12 15:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 15:38 . 2010-02-12 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-12 15:37 . 2010-02-12 15:37 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-02-12 15:37 . 2010-02-12 15:37 2293 ----a-w- c:\windows\mozver.dat
2010-02-12 15:37 . 2010-02-12 15:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 15:32 . 2010-02-12 15:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 09:02 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live
2010-02-12 09:02 . 2010-02-12 09:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Microsoft
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-12 08:56 . 2010-02-12 08:56 -------- d-----w- c:\program files\CounterPath
2010-02-12 08:50 . 2010-02-12 08:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-12 08:39 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:31 -------- d-----w- c:\program files\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-12 08:27 . 2010-02-12 08:27 673610 ----a-w- c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe
2010-02-12 08:20 . 2010-02-12 16:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 08:20 . 2010-02-12 08:20 315392 ----a-w- c:\windows\HideWin.exe
2003-03-21 13:37 . 2003-03-21 13:37 16056 ----a-w- c:\program files\owcstp16.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_23.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-07 12:06 . 2010-03-07 12:06 16384 c:\windows\temp\Perflib_Perfdata_e8.dat
+ 2006-01-13 01:39 . 2010-02-25 06:40 39992 c:\windows\system32\perfc009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 39992 c:\windows\system32\perfc009.dat
+ 2010-02-22 17:50 . 2010-02-22 17:50 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 1999-03-25 17:00 . 1999-03-25 17:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2006-01-13 01:39 . 2010-02-25 06:40 311604 c:\windows\system32\perfh009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 311604 c:\windows\system32\perfh009.dat
+ 2010-03-04 05:28 . 2010-03-04 05:28 149280 c:\windows\system32\javaws.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\javaw.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\java.exe
+ 1998-04-14 18:50 . 1998-04-14 18:50 339456 c:\windows\PKZIP25.EXE
+ 2010-03-04 05:28 . 2010-03-04 05:28 537600 c:\windows\Installer\13f4347.msi
+ 2010-02-22 17:50 . 2010-02-22 17:50 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-02-22 17:50 . 2010-02-22 17:50 1544192 c:\windows\Installer\a26c17.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 5186048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 137752]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-04 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Documents and Settings\\dexter delgado\\Desktop\\PT8-4.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\expressSevenDaysInit.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-03-04 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-02-12 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]

2010-03-07 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com.ph
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 20:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3116)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-07 20:11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-07 12:11
ComboFix2.txt 2010-03-07 01:20
ComboFix3.txt 2010-03-05 05:28
ComboFix4.txt 2010-02-23 11:08
ComboFix5.txt 2010-03-07 12:00

Pre-Run: 68,077,527,040 bytes free
Post-Run: 68,070,842,368 bytes free

- - End Of File - - DD7920FE508645CEA8DE13433CF842D1

Still did not work.

Please delete the copy of explorer.exe on the Desktop, download the file again. Save to your Desktop.

Then, do the ComboFix script again. (Make sure this gets done from the scs account on your computer)

what do you mean by "make sure this gets done from the scs account on your computer"?... sorry, not that kind of a "geek" yet.....

by the way, I think I have not mentioned that I have three copies of my OS installed..... would that be a big concern?...... the two copies actually did not install completely.... I'm sorry

Sorry. Syntax error. Let's try this, it should work, and get explorer.exe disinfected.

Running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  killall::
  FCopy::
  C:\documents and settings\dexter delgado\desktop\explorer.exe | c:\windows.0\explorer.exe
  C:\documents and settings\dexter delgado\desktop\explorer.exe | c:\windows.1\explorer.exe
  C:\documents and settings\dexter delgado\desktop\explorer.exe | c:\windows\explorer.exe
  reboot::
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Let me know if this was successful. Post the ComboFix log.

Sir, here's the latest combofix log:

ComboFix 10-03-07.02 - dexter delgado 03/08/2010 11:38:13.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.589 [GMT 8:00]
Running from: c:\documents and settings\dexter delgado\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dexter delgado\Desktop\CFScript.txt
.
ADS - explorer.exe: deleted 26 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\documents and settings\dexter delgado\desktop\explorer.exe --> c:\windows.0\explorer.exe
c:\documents and settings\dexter delgado\desktop\explorer.exe --> c:\windows.1\explorer.exe
c:\documents and settings\dexter delgado\desktop\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 11:44 . 2010-03-08 11:44 -------- d-----w- c:\documents and settings\Administrator
2010-03-04 05:34 . 2010-03-04 05:34 -------- d-----w- c:\windows\Sun
2010-03-04 05:28 . 2010-03-04 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 05:28 . 2010-03-04 05:28 -------- d-----w- c:\program files\Java
2010-03-04 05:27 . 2010-03-04 05:27 152576 ----a-w- c:\documents and settings\dexter delgado\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\ff_temp
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\7zS188B.tmp
2010-02-28 23:59 . 2010-02-28 23:59 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\Local Settings\Application Data\Microsoft
2010-02-28 23:58 . 2010-02-28 23:58 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.1\DRM
2010-02-28 23:37 . 2010-03-05 05:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.1
2010-02-28 23:37 . 2010-02-28 23:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1
2010-02-28 23:34 . 2010-03-08 11:45 -------- d-----w- C:\WINDOWS.1
2010-02-28 23:28 . 2010-02-28 23:36 -------- d-----w- C:\install
2010-02-28 23:26 . 2010-03-08 03:38 -------- d-----w- C:\WINDOWS.0
2010-02-27 14:40 . 2010-02-27 14:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-24 08:14 . 2010-02-24 08:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-23 13:54 . 2006-01-06 07:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-23 13:54 . 2006-01-06 07:53 31744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-22 18:10 . 2010-03-08 02:09 7025088 ----a-w- c:\windows\tmplog.dll
2010-02-22 18:10 . 2010-03-08 02:09 -------- d-----w- C:\received3
2010-02-22 18:10 . 2010-03-08 02:09 -------- d-----w- C:\received2
2010-02-22 18:10 . 2010-03-08 02:09 -------- d-----w- C:\received
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received6
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received5
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received4
2010-02-22 18:10 . 2010-02-23 18:56 -------- d-----w- C:\encryption_folders
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- c:\windows\Desktop
2010-02-22 18:01 . 2010-02-22 18:01 -------- d-----w- c:\program files\ProoferTool
2010-02-22 18:00 . 2010-02-22 18:00 249856 ------w- c:\windows\Setup1.exe
2010-02-22 18:00 . 2010-02-22 18:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-02-22 17:50 . 2010-02-23 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-22 15:11 . 2010-02-22 15:11 -------- d-----w- c:\program files\NCH Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\program files\Alwil Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-s---w- c:\documents and settings\dexter delgado\UserData
2010-02-15 15:30 . 2008-04-17 01:05 69632 ------r- c:\windows\Alcmtr.exe
2010-02-15 04:45 . 2010-02-15 04:45 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\CCleaner
2010-02-12 16:17 . 2008-04-17 01:05 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-02-12 16:17 . 2010-02-12 08:20 -------- d-----w- c:\program files\Realtek
2010-02-12 16:17 . 2010-02-12 16:17 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InstallShield
2010-02-12 16:16 . 2010-02-12 16:16 -------- d-----w- c:\windows\system32\Lang
2010-02-12 16:16 . 2008-04-17 01:05 920088 ----a-r- c:\windows\system32\igxpun.exe
2010-02-12 16:16 . 2008-04-17 01:05 319456 ----a-r- c:\windows\system32\difxapi.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Intel
2010-02-12 16:13 . 2010-02-12 08:24 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-12 16:13 . 2007-08-10 16:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- C:\Intel
2010-02-12 16:13 . 2010-02-15 15:34 -------- d-----w- C:\TempEI4
2010-02-12 16:07 . 2010-02-12 16:07 -------- d-----w- c:\program files\Realtek AC97
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\windows\Profiles
2010-02-12 16:01 . 2010-02-13 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InterTrust
2010-02-12 16:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-12 16:00 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 03:46 . 2010-02-12 08:36 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Skype
2010-03-07 23:53 . 2006-01-13 01:46 1033216 ----a-w- c:\windows\explorer.exe
2010-03-01 00:01 . 2010-02-12 15:38 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-28 23:54 . 2010-02-12 15:32 -------- d-----w- c:\program files\Unlocker
2010-02-28 23:49 . 2010-02-12 15:28 -------- d-----w- c:\program files\MSN Messenger
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-25 05:25 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\NCH Swift Sound
2010-02-13 16:05 . 2010-02-12 08:50 16128 ----a-w- c:\documents and settings\dexter delgado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 07:21 . 2010-02-12 15:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 16:07 . 2010-02-12 16:03 -------- d-----w- c:\program files\AvRack
2010-02-12 16:07 . 2010-02-12 16:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:03 . 2010-02-12 16:03 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-12 15:57 . 2010-02-12 15:57 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 15:53 . 2010-02-12 15:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 15:38 . 2010-02-12 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-12 15:37 . 2010-02-12 15:37 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-02-12 15:37 . 2010-02-12 15:37 2293 ----a-w- c:\windows\mozver.dat
2010-02-12 15:37 . 2010-02-12 15:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 15:32 . 2010-02-12 15:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 09:02 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live
2010-02-12 09:02 . 2010-02-12 09:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Microsoft
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-12 08:56 . 2010-02-12 08:56 -------- d-----w- c:\program files\CounterPath
2010-02-12 08:50 . 2010-02-12 08:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-12 08:39 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:31 -------- d-----w- c:\program files\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-12 08:27 . 2010-02-12 08:27 673610 ----a-w- c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe
2010-02-12 08:20 . 2010-02-12 16:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 08:20 . 2010-02-12 08:20 315392 ----a-w- c:\windows\HideWin.exe
2003-03-21 13:37 . 2003-03-21 13:37 16056 ----a-w- c:\program files\owcstp16.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2010-03-07 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_23.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-08 03:46 . 2010-03-08 03:46 16384 c:\windows\temp\Perflib_Perfdata_d0.dat
+ 2006-01-13 01:39 . 2010-02-25 06:40 39992 c:\windows\system32\perfc009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 39992 c:\windows\system32\perfc009.dat
+ 2010-02-22 17:50 . 2010-02-22 17:50 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 1999-03-25 17:00 . 1999-03-25 17:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2006-01-13 01:39 . 2010-02-25 06:40 311604 c:\windows\system32\perfh009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 311604 c:\windows\system32\perfh009.dat
+ 2010-03-04 05:28 . 2010-03-04 05:28 149280 c:\windows\system32\javaws.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\javaw.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\java.exe
+ 1998-04-14 18:50 . 1998-04-14 18:50 339456 c:\windows\PKZIP25.EXE
+ 2010-03-04 05:28 . 2010-03-04 05:28 537600 c:\windows\Installer\13f4347.msi
+ 2010-02-22 17:50 . 2010-02-22 17:50 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-02-22 17:50 . 2010-02-22 17:50 1544192 c:\windows\Installer\a26c17.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 5186048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 137752]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-04 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Documents and Settings\\dexter delgado\\Desktop\\PT8-4.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\expressSevenDaysInit.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-03-04 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-02-12 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]

2010-03-08 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com.ph
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 11:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-08 11:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 03:50
ComboFix2.txt 2010-03-07 12:11
ComboFix3.txt 2010-03-07 01:20
ComboFix4.txt 2010-03-05 05:28
ComboFix5.txt 2010-03-08 03:37

Pre-Run: 68,102,660,096 bytes free
Post-Run: 67,984,343,040 bytes free

- - End Of File - - 5BCBB86F3982C7264A06802CB6D302FE

Re-running ComboFix to remove infections:

• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Open notepad and copy/paste the text in the quotebox below into it:
  

  
  killall::
  File::
  c:\windows\HideWin.exe
  c:\windows\system32\msnsc.exe
  c:\Documents and Settings\dexter delgado\Desktop\PT8-4.exe
  
  Registry::
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "msnsc"=-
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nlsf"=-
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Documents and Settings\\dexter delgado\\Desktop\\PT8-4.exe"=-
  reboot::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
  
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

Sir, here the new combofix log that you requested:

ComboFix 10-03-08.01 - dexter delgado 03/09/2010 8:49.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.602 [GMT 8:00]
Running from: c:\documents and settings\dexter delgado\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\dexter delgado\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\dexter delgado\Desktop\PT8-4.exe"
"c:\windows\HideWin.exe"
"c:\windows\system32\msnsc.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\dexter delgado\Desktop\PT8-4.exe
c:\windows\HideWin.exe
c:\windows\system32\msnsc.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-03-04 18:41 . 2010-03-04 18:41 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2010-03-04 05:34 . 2010-03-04 05:34 -------- d-----w- c:\windows\Sun
2010-03-04 05:28 . 2010-03-04 05:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 05:28 . 2010-03-04 05:28 -------- d-----w- c:\program files\Java
2010-03-04 05:27 . 2010-03-04 05:27 152576 ----a-w- c:\documents and settings\dexter delgado\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\ff_temp
2010-03-01 00:00 . 2010-03-01 00:00 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\7zS188B.tmp
2010-02-28 23:59 . 2010-02-28 23:59 -------- d-----w- c:\documents and settings\Default User.WINDOWS.1\Local Settings\Application Data\Microsoft
2010-02-28 23:58 . 2010-02-28 23:58 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.1\DRM
2010-02-28 23:37 . 2010-03-05 05:20 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.1
2010-02-28 23:37 . 2010-02-28 23:58 -------- d-----w- c:\documents and settings\All Users.WINDOWS.1
2010-02-28 23:34 . 2010-03-08 11:45 -------- d-----w- C:\WINDOWS.1
2010-02-28 23:28 . 2010-02-28 23:36 -------- d-----w- C:\install
2010-02-28 23:26 . 2010-03-08 03:38 -------- d-----w- C:\WINDOWS.0
2010-02-27 14:40 . 2010-02-27 14:40 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-24 08:14 . 2010-02-24 08:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-02-23 13:54 . 2006-01-06 07:53 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-02-23 13:54 . 2006-01-06 07:53 31744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-22 18:10 . 2010-03-08 17:26 7492670 ----a-w- c:\windows\tmplog.dll
2010-02-22 18:10 . 2010-03-08 16:30 -------- d-----w- C:\received3
2010-02-22 18:10 . 2010-03-08 16:30 -------- d-----w- C:\received2
2010-02-22 18:10 . 2010-03-08 16:30 -------- d-----w- C:\received
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received6
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received5
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- C:\received4
2010-02-22 18:10 . 2010-02-23 18:56 -------- d-----w- C:\encryption_folders
2010-02-22 18:10 . 2010-02-22 18:10 -------- d-----w- c:\windows\Desktop
2010-02-22 18:01 . 2010-02-22 18:01 -------- d-----w- c:\program files\ProoferTool
2010-02-22 18:00 . 2010-02-22 18:00 249856 ------w- c:\windows\Setup1.exe
2010-02-22 18:00 . 2010-02-22 18:00 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-02-22 17:50 . 2010-02-23 07:56 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-02-22 15:11 . 2010-02-22 15:11 -------- d-----w- c:\program files\NCH Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\program files\Alwil Software
2010-02-17 13:57 . 2010-02-25 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-16 14:41 . 2010-02-16 14:41 -------- d-s---w- c:\documents and settings\dexter delgado\UserData
2010-02-15 15:30 . 2008-04-17 01:05 69632 ------r- c:\windows\Alcmtr.exe
2010-02-15 04:45 . 2010-02-15 04:45 -------- d-----w- c:\program files\Common Files\Java
2010-02-13 01:52 . 2010-02-13 01:52 -------- d-----w- c:\program files\CCleaner
2010-02-12 16:17 . 2008-04-17 01:05 105856 ----a-r- c:\windows\system32\drivers\Rtenicxp.sys
2010-02-12 16:17 . 2010-02-12 08:20 -------- d-----w- c:\program files\Realtek
2010-02-12 16:17 . 2010-02-12 16:17 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InstallShield
2010-02-12 16:16 . 2010-02-12 16:16 -------- d-----w- c:\windows\system32\Lang
2010-02-12 16:16 . 2008-04-17 01:05 920088 ----a-r- c:\windows\system32\igxpun.exe
2010-02-12 16:16 . 2008-04-17 01:05 319456 ----a-r- c:\windows\system32\difxapi.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- c:\program files\Intel
2010-02-12 16:13 . 2010-02-12 08:24 -------- dc----w- c:\windows\system32\DRVSTORE
2010-02-12 16:13 . 2007-08-10 16:12 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-02-12 16:13 . 2010-02-12 16:13 -------- d-----w- C:\Intel
2010-02-12 16:13 . 2010-02-15 15:34 -------- d-----w- C:\TempEI4
2010-02-12 16:07 . 2010-02-12 16:07 -------- d-----w- c:\program files\Realtek AC97
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\windows\Profiles
2010-02-12 16:01 . 2010-02-13 08:55 -------- d-----w- c:\windows\system32\Adobe
2010-02-12 16:01 . 2010-02-12 16:01 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\InterTrust
2010-02-12 16:00 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-02-12 16:00 . 2000-03-29 14:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 12:55 . 2010-02-12 08:36 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Skype
2010-03-07 23:53 . 2006-01-13 01:46 1033216 ----a-w- c:\windows\explorer.exe
2010-03-01 00:01 . 2010-02-12 15:38 -------- d-----w- c:\program files\QuickTime Alternative
2010-02-28 23:54 . 2010-02-12 15:32 -------- d-----w- c:\program files\Unlocker
2010-02-28 23:49 . 2010-02-12 15:28 -------- d-----w- c:\program files\MSN Messenger
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-26 10:58 . 2010-02-12 10:13 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-25 05:25 . 2010-02-12 10:13 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\NCH Swift Sound
2010-02-13 16:05 . 2010-02-12 08:50 16128 ----a-w- c:\documents and settings\dexter delgado\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 07:21 . 2010-02-12 15:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 16:07 . 2010-02-12 16:03 -------- d-----w- c:\program files\AvRack
2010-02-12 16:07 . 2010-02-12 16:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-12 16:03 . 2010-02-12 16:03 -------- d-----w- c:\program files\Realtek Sound Manager
2010-02-12 15:57 . 2010-02-12 15:57 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 15:53 . 2010-02-12 15:53 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-12 15:38 . 2010-02-12 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-12 15:37 . 2010-02-12 15:37 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-02-12 15:37 . 2010-02-12 15:37 2293 ----a-w- c:\windows\mozver.dat
2010-02-12 15:37 . 2010-02-12 15:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 15:32 . 2010-02-12 15:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-12 09:02 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live
2010-02-12 09:02 . 2010-02-12 09:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Microsoft
2010-02-12 09:00 . 2010-02-12 09:00 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-12 08:56 . 2010-02-12 08:56 -------- d-----w- c:\program files\CounterPath
2010-02-12 08:50 . 2010-02-12 08:50 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-12 08:39 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\dexter delgado\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:31 -------- d-----w- c:\program files\Yahoo!
2010-02-12 08:38 . 2010-02-12 08:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\program files\Common Files\Skype
2010-02-12 08:27 . 2010-02-12 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-12 08:27 . 2010-02-12 08:27 673610 ----a-w- c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe
2010-02-12 08:20 . 2010-02-12 16:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2003-03-21 13:37 . 2003-03-21 13:37 16056 ----a-w- c:\program files\owcstp16.dll
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2010-03-07 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-17_23.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-09 00:55 . 2010-03-09 00:55 16384 c:\windows\temp\Perflib_Perfdata_644.dat
+ 2006-01-13 01:39 . 2010-02-25 06:40 39992 c:\windows\system32\perfc009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 39992 c:\windows\system32\perfc009.dat
+ 2010-02-22 17:50 . 2010-02-22 17:50 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 1999-03-25 17:00 . 1999-03-25 17:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2006-01-13 01:39 . 2010-02-25 06:40 311604 c:\windows\system32\perfh009.dat
- 2006-01-13 01:39 . 2010-02-12 09:56 311604 c:\windows\system32\perfh009.dat
+ 2010-03-04 05:28 . 2010-03-04 05:28 149280 c:\windows\system32\javaws.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\javaw.exe
+ 2010-03-04 05:28 . 2010-03-04 05:28 145184 c:\windows\system32\java.exe
+ 1998-04-14 18:50 . 1998-04-14 18:50 339456 c:\windows\PKZIP25.EXE
+ 2010-03-04 05:28 . 2010-03-04 05:28 537600 c:\windows\Installer\13f4347.msi
+ 2010-02-22 17:50 . 2010-02-22 17:50 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-02-22 17:50 . 2010-02-22 17:50 1544192 c:\windows\Installer\a26c17.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-02-09 25388584]
"eyeBeam SIP Client"="c:\program files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 5186048]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 137752]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-04 149280]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-17 16859648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\expressSevenDaysInit.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-03-04 c:\windows\Tasks\expressShakeIcon.job
- c:\program files\NCH Swift Sound\Express\express.exe [2010-02-25 05:25]

2010-02-12 c:\windows\Tasks\scribeSevenDaysInit.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]

2010-03-09 c:\windows\Tasks\scribeShakeIcon.job
- c:\program files\NCH Swift Sound\Scribe\scribe.exe [2010-02-12 10:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dexter delgado\Application Data\Mozilla\Firefox\Profiles\ub4s7hec.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com.ph
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 09:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(432)
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-03-09 09:04:45 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 01:04
ComboFix2.txt 2010-03-08 03:50
ComboFix3.txt 2010-03-07 12:11
ComboFix4.txt 2010-03-07 01:20
ComboFix5.txt 2010-03-09 00:48

Pre-Run: 67,954,106,368 bytes free
Post-Run: 67,983,699,968 bytes free

- - End Of File - - 0FE5B17CC844F37AE4864A3739A975A6