I just ran Malwarebytes and it came up clean. Here's the log.
Malwarebytes' Anti-Malware 1.44
Database version: 3717
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/10/2010 10:50:40 PM
mbam-log-2010-02-10 (22-50-40).txt
Scan type: Full Scan (C:\|)
Objects scanned: 185479
Time elapsed: 1 hour(s), 41 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Here's the combofix log.
ComboFix 10-02-09.03 - John 02/10/2010 23:15:32.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.287 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"C:\backup.reg"
"C:\cleanup.bat"
"C:\zip.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\backup.reg
C:\cleanup.bat
c:\windows\system32\_000005_.tmp.dll
C:\zip.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.
2010-02-11 00:59 . 2010-02-11 00:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-11 00:56 . 2010-02-11 00:56 -------- d-----w- c:\windows\LastGood
2010-02-10 20:19 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-10 20:19 . 2009-08-05 00:44 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 20:19 . 2009-08-05 00:44 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-10 20:19 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-10 20:19 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 20:19 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-10 04:14 . 2010-02-10 04:14 -------- d-----w- c:\windows\system32\Adobe
2010-02-10 03:57 . 2010-02-10 03:57 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-10 03:57 . 2010-02-10 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-08 04:05 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-02-03 01:41 . 2010-02-03 01:41 -------- d-----w- c:\program files\Trend Micro
2010-02-02 23:44 . 2010-02-02 23:44 -------- d-----w- c:\documents and settings\John\Application Data\ArcSoft
2010-02-02 23:36 . 2006-11-01 19:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-02 23:36 . 2006-11-01 19:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-02 23:34 . 2004-02-03 20:09 41984 ----a-w- c:\windows\system32\CoachWia.dll
2010-02-02 23:34 . 2004-01-06 18:10 8192 ----a-w- c:\windows\system32\CoachWrp.dll
2010-02-02 23:34 . 2003-11-03 22:31 44256 ----a-w- c:\windows\system32\drivers\CoachVc.sys
2010-02-02 23:34 . 2010-02-02 23:34 -------- d-----w- c:\windows\Options
2010-02-02 23:34 . 2010-02-02 23:34 -------- d-----w- c:\program files\Digital Video
2010-02-02 23:34 . 2004-01-22 17:41 46944 ----a-w- c:\windows\system32\drivers\CoachUsb.sys
2010-02-02 23:34 . 2003-11-04 22:54 16896 ----a-w- c:\windows\system32\CoachDlg.dll
2010-02-02 23:33 . 2010-02-02 23:33 -------- d-----w- c:\documents and settings\John\Application Data\InstallShield
2010-02-01 23:27 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-01 23:27 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-01 20:20 . 2010-02-01 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 22:55 . 2010-01-30 23:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-30 16:27 . 2010-01-30 16:27 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-30 16:19 . 2010-01-30 23:29 23584 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-30 16:19 . 2010-01-30 23:29 2297376 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-30 15:43 . 2010-01-30 22:27 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-30 15:43 . 2010-01-30 22:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-01-30 15:40 . 2010-01-30 15:40 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Downloaded Installations
2010-01-29 22:16 . 2010-01-29 22:16 2 --shatr- c:\windows\winstart.bat
2010-01-29 18:02 . 2010-01-29 18:02 127 ----a-w- c:\documents and settings\John\Local Settings\Application Data\fusioncache.dat
2010-01-29 17:59 . 2010-01-29 17:59 -------- d-----w- c:\program files\MSSOAP
2010-01-29 17:31 . 2010-01-29 17:32 164 ----a-w- c:\windows\install.dat
2010-01-29 17:08 . 2010-02-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-29 16:15 . 2008-04-14 01:12 23552 ----a-w- c:\windows\system32\wdmaud.drv
2010-01-29 16:15 . 2008-04-14 01:12 23552 ----a-w- c:\windows\system32\dllcache\wdmaud.drv
2010-01-27 20:49 . 2010-01-27 20:49 61440 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77897cf8-n\decora-sse.dll
2010-01-27 20:49 . 2010-01-27 20:49 12800 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77897cf8-n\decora-d3d.dll
2010-01-27 20:49 . 2010-01-27 20:49 503808 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-423ef17a-n\msvcp71.dll
2010-01-27 20:49 . 2010-01-27 20:49 499712 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-423ef17a-n\jmc.dll
2010-01-27 20:49 . 2010-01-27 20:49 348160 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-423ef17a-n\msvcr71.dll
2010-01-22 00:21 . 2010-01-23 03:58 -------- d-sh--w- c:\windows\system32\winsys
2010-01-12 20:47 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 03:09 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-11 00:55 . 2007-07-07 01:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\temp
2010-02-11 00:52 . 2008-06-23 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-10 04:12 . 2005-12-16 05:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 04:08 . 2006-04-26 23:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-07 15:18 . 2008-10-06 00:43 -------- d-----w- c:\documents and settings\John\Application Data\LimeWire
2010-02-07 04:19 . 2006-06-02 20:57 -------- d-----w- c:\program files\Google
2010-02-02 04:34 . 2005-12-16 05:31 -------- d-----w- c:\program files\Java
2010-01-30 23:29 . 2010-01-30 16:19 3260 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-30 23:29 . 2010-01-30 16:19 31844 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-30 15:25 . 2009-01-14 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-29 16:35 . 2005-12-16 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-01-29 16:34 . 2005-12-16 05:36 -------- d-----w- c:\program files\Viewpoint
2010-01-29 16:33 . 2009-03-11 21:39 -------- d-----w- c:\documents and settings\John\Application Data\Move Networks
2010-01-29 16:32 . 2005-12-16 05:43 -------- d-----w- c:\program files\Dell
2010-01-27 20:49 . 2005-12-16 05:31 -------- d-----w- c:\program files\Common Files\Java
2010-01-11 00:21 . 2010-01-11 00:21 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-12-31 16:50 . 2005-12-16 05:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-10 18:51 916480 ------w- c:\windows\system32\wininet.dll
2009-12-19 15:21 . 2005-12-16 05:46 -------- d-----w- c:\program files\McAfee
2009-12-17 22:14 . 2008-12-19 03:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2004-08-10 19:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 18:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 09:23 . 2009-12-08 09:23 474112 ----a-w- c:\windows\system32\SET74.tmp
2009-12-05 17:01 . 2009-12-05 17:01 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-05 17:01 . 2009-12-05 17:01 79488 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-04 18:22 . 2005-12-16 05:14 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-10 18:51 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 06:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-10 18:51 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-10 18:51 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-10 18:50 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 06:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-25 16:19 . 2009-12-09 16:29 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 23:28 . 2009-11-04 02:30 63 ----a-w- c:\documents and settings\John\jagex_runescape_preferences2.dat
2009-11-24 23:28 . 2009-06-19 16:17 38 ----a-w- c:\documents and settings\John\jagex_runescape_preferences.dat
2009-11-21 15:51 . 2004-08-10 18:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2008-09-03 01:38 . 2006-04-18 03:54 56 --sh--r- c:\windows\system32\E1136D42D7.sys
2008-09-03 01:38 . 2006-04-18 03:54 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/28/2009 7:05 PM 93320]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2009 12:57 AM 135664]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [10/19/2006 10:11 AM 10664]
S3 NETR33X;D-Link Air Wireless Adapter(RTL) NT Driver;c:\windows\system32\drivers\NETR33X.sys [11/11/2003 5:20 PM 183680]
.
Contents of the 'Scheduled Tasks' folder
2010-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
2010-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-23 21:01]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 05:56]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 05:56]
2006-02-05 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
2009-09-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-28 16:22]
2009-09-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-28 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext =
hxxp://www.dell4me.com/mywaybizuSearchURL,(Default) =
hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internetsecurity10.com
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\e3cqc6jo.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-10 23:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F3C618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85fbf28
\Driver\ACPI -> ACPI.sys @ 0xf856ecb8
\Driver\atapi -> atapi.sys @ 0xf8526852
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf841fbb0
PacketIndicateHandler -> NDIS.sys @ 0xf840ea0d
SendHandler -> NDIS.sys @ 0xf8422b40
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-10 23:39:57
ComboFix-quarantined-files.txt 2010-02-11 04:39
ComboFix2.txt 2010-02-09 23:58
ComboFix3.txt 2010-02-08 04:26
Pre-Run: 57,845,993,472 bytes free
Post-Run: 57,845,698,560 bytes free
- - End Of File - - 483398134889337B0329AAF84F7898D1