What is your firewall ?
As you don't appear to have an active firewall it should be capable of blocking unauthorised outbound Internet Connections. That should also be able to stop it getting out to that page (hopefully).
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode. This is good as an anti-spyware clean-up before running the likes of combofix (if needed).
SUPERantispyware On-Demand only in free version.
Ensure you have the latest version of JRE (JAVA Runtime Environment), yours is out of date, older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here
http://java.sun.com/javase/downloads/index.jspOr JRE version 6 update 5
http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.htmlSuspect:
C:\documents and settings\all users\_qbothome\_qbotinj.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "c:\documents and settings\all users\_qbothome\_qbotinj.exe" "c:\documents and settings\all users\_qbothome\_qbot.dll" /c "c:\program files\ibm\acp\erts0749\erts0749.exe /nointro"
I see this may be trying to masquerade as a Legit IBM Warranty Notification but there many hits on google relating to this being malware. Upload the referenced files in the above entries to VirusTotal, see below, for analysis.
Also See -
http://spywarefiles.prevx.com/RRFBGJ29452751/_QBOTINJ.EXE.html and
http://www.wilderssecurity.com/showthread.php?t=156461Suspect:
O21 - SSODL: Srvucbit - {97D331BA-41A8-4704-867F-BE3B2DC272BE} - C:\WINDOWS\system32\dxotms.dll
There are no hits on a google search for this file name, which in itself is suspisious, upload to virustotal with the others and report results.
####
- Upload to
VirusTotal - Multi engine on-line virus scanner and report the findings of these files here. If any are detected by multiple scanners send example to avast, see below.
Send the sample to
virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.
####
That is all that I can see which are obvious.