Hi guys!

Since the last time I ran HJT, Combofix and Malware Bytes, I've had no problems on my computer. But recently, I've started getting annoying things happen again to my computer (random pop-ups telling me to install an antivirus program, yeah right)... so I thought I would run the same process again that I was told to do last time: that is, to run Malware Bytes, then run Combofix, and then run HJT.
Could someone please tell me if my computer's cleared up now? Thanks so much!

Here's the logs:

Malware Bytes
Malwarebytes' Anti-Malware 1.30
Database version: 1403
Windows 5.1.2600 Service Pack 3

12/10/2008 1:43:57 PM
mbam-log-2008-12-10 (13-43-57).txt

Scan type: Quick Scan
Objects scanned: 78193
Time elapsed: 16 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\pepimude.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\delehele.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\5c0bc4ba (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm5f38f726 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\lalebivipi (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\delehele.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\delehele.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pepimude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\edumipep.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\delehele.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\katowola.dll (Trojan.Agent) -> Delete on reboot.


Combofix
ComboFix 08-12-07.04 - Natan Marsden 2008-12-10 13:51:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.548 [GMT 13:00]
Running from: c:\documents and settings\Natan Marsden\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-03 19:27 . 2008-12-03 19:27 <DIR> d-------- c:\program files\BitPim
2008-11-29 11:34 . 2008-11-29 11:34 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-17 19:40 . 2008-11-17 19:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 19:40 . 2008-11-17 19:40 <DIR> d-------- c:\documents and settings\Natan Marsden\Application Data\Malwarebytes
2008-11-17 19:40 . 2008-11-17 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-17 19:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 19:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-16 18:30 . 2008-11-16 18:30 <DIR> d-------- C:\HijackThis
2008-11-16 18:15 . 2008-11-16 18:15 <DIR> d-------- c:\program files\Trend Micro
2008-11-16 18:12 . 2008-11-16 18:16 <DIR> d-------- C:\HJT
2008-11-12 17:46 . 2008-10-25 00:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:45 . 2008-09-05 06:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 08:54 . 2008-11-12 08:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-11 18:44 . 2004-07-09 04:26 52,096 --a------ c:\windows\system32\drivers\msdv.sys
2008-11-11 18:44 . 2004-07-09 04:26 52,096 --a--c--- c:\windows\system32\dllcache\msdv.sys
2008-11-11 18:44 . 2004-07-09 04:26 47,104 --a--c--- c:\windows\system32\dllcache\wstdecod.dll
2008-11-11 18:44 . 2004-07-09 04:26 15,104 --a------ c:\windows\system32\drivers\mpe.sys
2008-11-11 18:44 . 2004-07-09 04:26 15,104 --a--c--- c:\windows\system32\dllcache\mpe.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-04 22:10 --------- d-----w c:\documents and settings\Everyone else\Application Data\Skype
2008-12-03 06:09 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-11-28 22:34 --------- d-----w c:\program files\Java
2008-11-22 10:33 --------- d-----w c:\program files\SecondLife
2008-11-22 08:01 --------- d-----w c:\program files\LimeWire
2008-11-17 12:53 --------- d-----w c:\program files\DivX
2008-11-12 03:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-11 19:53 --------- d-----w c:\program files\Nokia
2008-11-11 19:53 --------- d-----w c:\program files\Common Files\Nokia
2008-11-11 19:51 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-11 05:46 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-11 05:46 --------- d-----w c:\program files\Common Files\Adobe
2008-10-26 12:27 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-26 12:26 --------- d-----w c:\program files\AVG
2008-10-26 12:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:41 --------- d-----w c:\program files\iTunes
2008-10-24 00:41 --------- d-----w c:\program files\iPod
2008-10-24 00:41 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.

((((((((((((((((((((((((((((( snapshot@2008-11-17_20.21.10.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 07:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-07-18 10:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 01:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-18 10:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 01:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-18 10:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 01:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-18 10:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 01:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-18 10:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 01:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-18 10:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 01:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-18 10:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 01:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-18 10:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 01:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-06-09 13:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-11-28 22:34:08 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 13:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-28 22:34:08 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-09 14:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-11-28 22:34:08 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-07-23 16:48:40 1,044,480 ----a-w c:\windows\system32\libdivx.dll
+ 2008-09-19 21:55:58 1,044,480 ----a-w c:\windows\system32\libdivx.dll
- 2008-03-25 03:21:18 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 03:21:20 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
- 2008-06-21 05:25:00 70,264 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
+ 2008-11-23 01:03:08 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
- 2008-07-18 10:07:34 270,880 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 01:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2008-07-18 10:07:32 210,976 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 01:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2008-09-27 22:52:16 72,356 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-03 05:56:40 72,356 ----a-w c:\windows\system32\perfc009.dat
- 2008-09-27 22:52:16 444,858 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-03 05:56:40 444,858 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 01:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\Ser viceStartup\wups.dll\7.2.6001.788\wups.dll

continued...

+ 2008-10-16 01:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\Ser viceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-23 16:48:40 200,704 ----a-w c:\windows\system32\ssldivx.dll
+ 2008-09-19 21:55:58 200,704 ----a-w c:\windows\system32\ssldivx.dll
- 2008-07-18 10:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 01:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-18 10:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 01:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-18 10:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 01:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-18 10:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 01:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-18 10:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 01:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-18 10:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 01:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-18 10:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 01:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
+ 2008-12-10 00:57:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_ec.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"pdfSaver3"="c:\program files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe" [2004-09-05 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-24 217088]
"BigDogPath"="c:\windows\VM_STI.EXE" [2002-08-22 45056]
"MMReminderService"="c:\program files\Mindjet\MindManager 7\MMReminderService.exe" [2007-05-18 37392]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 c:\windows\RTHDCPL.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 c:\windows\system32\nvmctray.dll]
"atwtusb"="atwtusb.exe" [2006-02-21 c:\windows\system32\ATWTUSB.EXE]

c:\documents and settings\Natan Marsden\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\abddddc.EXE]
"Debugger"=c:\windows\system32\snowfall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Uhost.exe]
"Debugger"=c:\windows\system32\snowfall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\Everyone else\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-27 97928]
R1 hwinterface;hwinterface;c:\windows\system32\Driver s\hwinterface.sys [2006-09-23 3026]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-27 231704]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32serve r.exe" [2008-03-10 65536]
S1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aipt ektp.sys [2007-04-10 22272]
S2 OMSCAN;OMSCAN;Base []
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
S3 GNCT511;Genius VideoCAM NB;c:\windows\system32\DRIVERS\gnct511.sys [2006-09-30 229376]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{651be2b8-b469-11dd-b0d7-0016174c94d6}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{651be2b9-b469-11dd-b0d7-0016174c94d6}]
\Shell\1\Command - RunDll32.exe .\SysInfo2.Dll,MyFun
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RunDll32.exe .\SysInfo2.Dll,MyFun
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{20ceb6dd-9320-490a-867a-8625b943d896} - c:\windows\system32\rigatuva.dll
HKLM-Run-lalebivipi - c:\windows\system32\katowola.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://nz.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {A569B744-CAD9-497A-8804-B7C357D8E9AF} = 202.27.184.3,202.27.184.5

c:\windows\Downloaded Program Files\Skin.uvs - c:\windows\Downloaded Program Files\UniVoice.ocx
O16 -: {A417A857-7019-49DC-9A73-A0CBC965F483}
hxxp://webcamnow.com/fs5/voice/voice.cab
c:\windows\Downloaded Program Files\UniVoice.inf
FireFox -: Profile - c:\documents and settings\Natan Marsden\Application Data\Mozilla\Firefox\Profiles\sbzild3l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://nz.yahoo.com/
FF -: plugin - c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-12-10 13:57:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\O MSCAN]
"ImagePath"="Base"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

continued...

c:\program files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-12-10 14:04:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 01:02:41
ComboFix2.txt 2008-11-17 07:22:39

Pre-Run: 5,147,557,888 bytes free
Post-Run: 6,942,605,312 bytes free

261 --- E O F --- 2008-11-12 11:31:31


HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:38 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32serve r.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Natan Marsden\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nz.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE KOCOM KMC-90 Web Camera
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [url]http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?LinkID=39204[/url]
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - [url]http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab[/url]
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - [url]http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url]http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab[/url]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[/url]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [url]http://upload.facebook.com/controls/FacebookPhotoUploader.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158995910140[/url]


continued...

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {A417A857-7019-49DC-9A73-A0CBC965F483} (UniVoiceX Control) - http://webcamnow.com/fs5/voice/voice.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A569B744-CAD9-497A-8804-B7C357D8E9AF}: NameServer = 202.27.184.3,202.27.184.5
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32serve r.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_ 3dsmax8server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10969 bytes

Any help would be greatly appreciated. Thanks so much guys :)

Also, once the scans were complete, I removed the infected files that Malware Bytes found. One of them was katowola.dll, and now when I restart my computer, I get the error that that file could not be found. Hope that helps too!

You can go into the registry and remove it.

Please keep me posted as it looks all clear...

Would there be an easy way to get into the registry and remove it... step by step? Hehe, I'm sorry, I'm just very 'novice' when it comes to doing anything with registry changes.
Thanks :)

Reboot and post a reply of the exact wording of the error.