0

Hello everyone, this is my first reach out for help.
Throughout the years I have gotten all types of spyware and viruses all over my comp, and it's always been a 'game' or challenge to try and fix it all on my own. I have been successful in doing that until now...

Since I download/install so much stuff, I am used to getting all that nasty stuff, but I forgot to have my firewalls up before installing stuff today.

Sooo somewhere along my downloading frenzy I got some nasty lil buggers in my comp, the symptoms I've noticed so far are:
Symptoms:
DVD burner isn't accessible/doesn't show up,
Random internet searches when I try browsing anywhere,
Sluggish CPU
Random 'Blue Screen Of Death' crashes
Can't update ANY antivirus scanners/removers
Malwarebytes doesn't run.

And a buncha stuff like that.

SOooo, here is my hijackthis report:
=========================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:14 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {184845B5-1457-413D-BB9C-7DB434C87283} - C:\WINDOWS\system32\catsr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: YouTube Toolbar - {B63D81CF-90DC-4d13-8782-9524A2752039} - C:\Program Files\YouTube Toolbar\DCCFBF5.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [nvd32_r] rundll32.exe "C:\Documents and Settings\kanota\Application Data\unobi.dll" s
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\RunServices: [Hotfix-KB5504305] C:\WINDOWS\system32\rundll67.exe
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB0FCD3D-11CB-47DB-90D2-53680EF3DDC5}: NameServer = 85.255.112.213,85.255.112.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8185 bytes
=============================================
Any help would be awesome, thanks!

3
Contributors
9
Replies
10
Views
8 Years
Discussion Span
Last Post by crunchie
0

Oh ya, forgot to add, I think these two files have something to do with it, because every time an AVG pop-up warns me about dll67.exe I go and delete it, and it's little buddies, welik.exe and raktemp.exe.
BUT they keep coming BACK!

Alright, like I said ANY help would be really appreciated.

0

Hi and welcome to the Daniweb forums :).

==========

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Please, do nothing other than what I have requested.

0

Hey crunchie!

Alright, I did everything you instructed, nothing more/less.

Here is the ComboFix scan:
ComboFix 09-05-02.4 - kanota 05/02/2009 22:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.687 [GMT -7:00]
Running from: c:\documents and settings\kanota\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-2-2-89-100008115-100014482-100006772-8274.com
c:\windows\system32\drivers\gxvxccnoojdppxevxdopqsyuqcnvucwejssmy.sys
c:\windows\system32\drivers\gxvxcwsynmwfoaowooqdlcnpsilwwmndsurpm.sys
c:\windows\system32\drivers\ovfsthjxruuwikbetexwgbbnkmxeamyqfypbeh.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcdckjakvwtiousjyoepvaoptrqkelkdxu.dll
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\msvcsv60.dll
c:\windows\system32\ovfsthbnmxfmdekcvafxbtoxpfkootmfkvefoy.dll
c:\windows\system32\ovfsthceumgdxijdfajdsraepxufrrxomfdqvp.dll
c:\windows\system32\ovfsthdeusfftqhwdlwhxevsvgtrmfrrqcabai.dat
c:\windows\system32\ovfsthejfextivktnpxinyxskcyhhwavduutew.dat
c:\windows\system32\ovfsthqoxqpwlnjapbacqxhksyhwywwqlwdoop.dll
c:\windows\welik.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthespwswvbloypylvnsjwuymsnrorrwkbl
-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-03 02:42 . 2009-05-03 02:42 -------- d-----w c:\program files\Trend Micro
2009-05-03 02:05 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-03 02:05 . 2009-04-03 18:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 02:05 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-03 02:05 . 2009-05-03 04:41 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 02:05 . 2009-05-03 02:05 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-03 02:05 . 2008-12-10 18:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-03 02:05 . 2009-05-03 02:06 -------- d-----w c:\program files\Spyware Doctor
2009-05-03 02:05 . 2009-05-03 02:05 -------- d-----w c:\documents and settings\kanota\Application Data\PC Tools
2009-05-03 02:05 . 2009-05-03 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-02 22:43 . 2009-05-02 23:57 -------- d-----w c:\program files\NoAdware
2009-05-02 22:36 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 22:36 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 22:36 . 2009-05-02 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 22:36 . 2009-05-02 22:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 21:11 . 2009-05-02 21:11 -------- d-----w c:\program files\CCleaner
2009-05-02 21:09 . 2009-05-02 21:16 -------- d-----w c:\program files\RegCure
2009-05-02 20:55 . 2009-05-02 20:55 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-02 20:55 . 2009-05-02 20:55 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-02 20:55 . 2009-05-02 20:55 90632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-02 20:55 . 2009-05-02 20:55 98440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-02 20:55 . 2009-05-02 20:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-02 20:55 . 2009-05-03 01:46 -------- d-----w c:\documents and settings\kanota\Application Data\AVGTOOLBAR
2009-05-02 20:30 . 2009-05-02 20:30 -------- d-----w c:\program files\AVG
2009-05-02 20:30 . 2009-05-02 20:55 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-02 18:47 . 2009-05-02 18:47 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-05-02 18:47 . 2009-05-02 18:52 -------- d-----w c:\documents and settings\kanota\Application Data\Uniblue
2009-05-02 18:46 . 2009-05-02 18:52 -------- d-----w c:\program files\Uniblue
2009-05-02 18:38 . 2009-05-02 18:38 65536 --sh--r c:\windows\system32\rundll67.exe
2009-05-01 21:57 . 2009-05-01 21:57 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup4167.exe
2009-05-01 21:51 . 2008-04-14 00:11 97792 ----a-w c:\windows\system32\avifil3.dll
2009-05-01 21:51 . 2009-05-01 21:51 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup5235.exe
2009-05-01 21:38 . 2009-05-01 21:38 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup986.exe
2009-05-01 21:37 . 2008-04-14 00:11 97792 ----a-w c:\windows\system32\catsr.dll
2009-05-01 21:37 . 2009-05-01 21:38 0 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\Codec_Setup_1240.exe
2009-05-01 21:37 . 2009-05-01 21:37 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup7920.exe
2009-05-01 21:33 . 2009-05-02 19:27 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-01 06:05 . 2009-05-03 04:31 -------- d-----w c:\program files\Autorun Eater
2009-05-01 04:44 . 2009-05-01 04:44 -------- d-----w c:\program files\FormatFactory
2009-05-01 04:37 . 2009-05-01 04:37 27136 ----a-w c:\documents and settings\All Users\proto.dll
2009-05-01 04:37 . 2009-05-01 04:37 65536 --sh--r c:\windows\system32\rundll97.exe
2009-05-01 04:33 . 2009-05-01 04:33 -------- d-----w C:\VideoOutput
2009-04-29 22:15 . 2009-05-01 03:08 16 ----a-w c:\windows\msocreg32.dat
2009-04-28 23:25 . 2009-04-28 23:25 -------- d-----w C:\Games
2009-04-28 04:30 . 2009-05-03 01:54 -------- d-----w c:\documents and settings\kanota\Tracing
2009-04-28 04:29 . 2009-04-28 04:29 -------- d-----w c:\program files\Microsoft
2009-04-28 04:28 . 2009-04-28 04:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-28 04:28 . 2009-04-28 04:29 -------- d-----w c:\program files\Windows Live
2009-04-28 04:25 . 2009-04-28 04:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-28 03:39 . 2009-04-28 03:40 -------- d-----w c:\documents and settings\kanota\Application Data\Ventrilo
2009-04-28 03:39 . 2009-04-28 03:39 -------- d-----w c:\program files\Ventrilo
2009-04-28 03:39 . 2009-04-28 03:39 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 21:55 . 2009-04-27 21:55 -------- d-----w c:\program files\Sierra
2009-04-25 00:07 . 2009-04-25 00:07 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-04-25 00:07 . 2009-04-25 00:07 368640 ----a-w c:\windows\system32\ReWire.dll
2009-04-24 23:29 . 2009-04-24 23:29 -------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-04-24 23:28 . 2009-04-24 23:28 -------- d-----w c:\program files\Propellerhead
2009-04-21 21:40 . 2009-04-21 22:29 -------- d-----w C:\Nexon
2009-04-21 21:40 . 2009-04-21 21:45 -------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2009-04-21 01:19 . 2009-04-21 01:19 -------- d-----w C:\CFLog
2009-04-21 01:13 . 2009-04-21 01:13 -------- d-----w c:\program files\Subagames
2009-04-20 04:34 . 2009-04-30 01:43 137992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-20 04:34 . 2009-04-30 01:43 201816 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-20 04:34 . 2009-04-20 04:34 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\documents and settings\kanota\Application Data\PACE Anti-Piracy
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\documents and settings\kanota\Local Settings\Application Data\PACE Anti-Piracy
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-04-20 00:26 . 2005-05-26 22:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-19 02:44 . 2009-04-19 02:44 -------- d-----w C:\ProgramData
2009-04-19 02:44 . 2009-04-19 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-19 02:44 . 2009-04-20 00:09 -------- d-----w c:\program files\Electronic Arts
2009-04-15 04:48 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 04:48 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 04:48 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 04:48 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 04:48 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 04:48 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 04:48 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 04:48 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 04:48 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 04:48 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 04:48 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 23:23 . 2009-04-10 23:23 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-09 23:50 . 2009-04-09 23:52 -------- d-----w c:\documents and settings\kanota\Application Data\WeGame
2009-04-07 23:21 . 2003-06-19 00:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-07 23:20 . 2009-04-07 23:20 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-07 23:19 . 2009-04-07 23:20 -------- d-----w c:\windows\SHELLNEW
2009-04-07 23:17 . 2009-04-07 23:17 -------- d-----w c:\program files\Microsoft.NET
2009-04-07 23:16 . 2009-04-07 23:16 -------- d--h--r C:\MSOCache
2009-04-06 00:23 . 2001-08-18 05:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-06 00:23 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 05:44 . 2009-03-11 22:05 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 05:43 . 2009-05-02 21:10 440 ----a-w c:\windows\Tasks\RegCure Program Check.job
2009-05-03 04:31 . 2009-03-11 21:32 -------- d-----w c:\program files\DNA
2009-05-03 01:46 . 2009-03-24 01:47 -------- d-----w c:\program files\Pando Networks
2009-05-02 21:10 . 2009-05-02 21:10 374 ----a-w c:\windows\Tasks\RegCure.job
2009-05-02 20:10 . 2009-03-11 22:10 -------- d-----w c:\program files\RGB
2009-05-02 20:09 . 2009-03-20 05:56 -------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-05-02 19:59 . 2009-03-17 01:14 -------- d-----w c:\program files\Axxa's Wow Logo Creator - Phase Two
2009-05-02 18:48 . 2009-05-02 18:48 272 ----a-w c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2009-05-02 18:47 . 2009-05-02 18:47 394 ----a-w c:\windows\Tasks\Uniblue SpeedUpMyPC.job
2009-05-02 18:47 . 2009-05-02 18:47 340 ----a-w c:\windows\Tasks\Uniblue SpyEraser.job
2009-05-01 17:52 . 2009-03-19 02:11 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-05-01 15:01 . 2009-03-13 04:17 -------- d-----w c:\program files\Acoustica Mixcraft 4
2009-04-29 22:09 . 2009-03-11 22:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 04:30 . 2009-03-11 21:25 45176 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 03:24 . 2009-03-11 22:18 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-24 22:08 . 2009-03-13 04:23 -------- d-----w c:\program files\Acoustica Shared Effects
2009-04-24 00:24 . 2009-03-11 21:35 -------- d-----w c:\program files\Xfire
2009-04-18 23:48 . 2009-03-13 18:12 -------- d-----w c:\program files\World of Warcraft
2009-04-08 23:07 . 2009-03-17 20:47 -------- d-----w c:\program files\LimeWire
2009-04-04 22:24 . 2009-03-17 20:49 -------- d-----w c:\program files\Sprint Instinct Applications
2009-04-04 21:10 . 2009-03-17 20:48 -------- d-----w c:\program files\Java
2009-03-26 05:26 . 2009-03-26 05:26 -------- d-----w c:\program files\PremiumSoft
2009-03-24 19:30 . 2009-03-22 19:15 -------- d-----w c:\program files\NOS
2009-03-24 07:14 . 2009-03-24 07:14 -------- d-----w c:\program files\vestgame
2009-03-24 05:01 . 2009-03-19 06:48 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-24 02:48 . 2009-03-24 02:48 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-22 19:17 . 2009-03-22 19:17 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-22 19:17 . 2009-03-22 19:16 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 23:13 . 2009-03-21 23:12 -------- d-----w c:\program files\Easy Avi Divx Xvid to DVD Burner
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\AV Vcs 5.5 DIAMOND
2009-03-20 01:11 . 2009-03-20 01:11 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-20 01:11 . 2009-03-20 01:11 -------- d-----w c:\program files\Riva
2009-03-20 00:50 . 2009-03-20 00:50 -------- d-----w c:\program files\AnalogX
2009-03-19 02:44 . 2009-03-19 02:44 -------- d-----w c:\program files\CopyPod
2009-03-19 02:31 . 2009-03-13 20:48 -------- d-----w c:\program files\WindSolutions
2009-03-19 02:12 . 2009-03-19 02:11 -------- d-----w c:\program files\iTunes
2009-03-19 02:11 . 2009-03-19 02:11 -------- d-----w c:\program files\iPod
2009-03-19 02:11 . 2009-03-19 02:11 -------- d-----w c:\program files\Bonjour
2009-03-19 02:11 . 2009-03-19 02:11 -------- d-----w c:\program files\QuickTime
2009-03-19 02:11 . 2009-03-19 02:10 -------- d-----w c:\program files\Apple Software Update
2009-03-19 02:10 . 2009-03-19 02:10 -------- d-----w c:\program files\Common Files\Apple
2009-03-18 22:34 . 2009-03-18 22:34 -------- d-----w c:\program files\Xvid
2009-03-18 22:20 . 2009-03-18 22:14 -------- d-----w c:\program files\Sonicism Digital Audio Solutions
2009-03-17 22:17 . 2009-03-17 22:17 -------- d-----w c:\program files\Teamspeak2_RC2
2009-03-17 20:50 . 2009-03-17 20:50 -------- d-----w c:\program files\Samsung
2009-03-15 06:24 . 2009-03-11 21:57 87747 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-14 21:43 . 2009-03-14 21:43 -------- d-----w c:\program files\DivX
2009-03-14 21:43 . 2009-03-14 21:43 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-14 20:48 . 2009-03-14 20:48 -------- d-----w c:\program files\Common Files\Electronic Learning Products
2009-03-14 20:48 . 2009-03-14 20:48 -------- d-----w c:\program files\Electronic Learning Products
2009-03-14 03:17 . 2009-03-14 03:17 -------- d-----w c:\program files\Control Panel
2009-03-14 00:43 . 2009-03-14 00:43 -------- d-----r c:\program files\Skype
2009-03-14 00:36 . 2009-03-14 00:36 -------- d-----w c:\program files\Common Files\PCCamera
2009-03-14 00:36 . 2009-03-14 00:36 -------- d-----w c:\program files\PC VGA Camera
2009-03-13 21:54 . 2009-03-13 21:54 -------- d-----w c:\program files\Notepad++
2009-03-13 21:51 . 2009-03-13 21:51 66024 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-13 21:50 . 2009-03-13 21:50 -------- d-----w c:\program files\MSBuild
2009-03-13 21:50 . 2009-03-13 21:50 -------- d-----w c:\program files\Reference Assemblies
2009-03-13 21:48 . 2009-03-13 21:48 -------- d-----w c:\program files\MSXML 6.0
2009-03-13 21:31 . 2009-03-13 21:31 -------- d-----w c:\program files\SQLyog Enterprise
2009-03-13 21:25 . 2009-03-13 21:25 -------- d-----w c:\program files\MagicISO
2009-03-13 19:10 . 2009-03-12 22:45 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-13 04:35 . 2009-03-13 04:35 -------- d-----w c:\program files\Bome's Mouse Keyboard
2009-03-13 04:35 . 2009-03-13 04:35 -------- d-----w c:\program files\nerds.de
2009-03-13 04:25 . 2009-03-13 04:24 34308 ----a-w c:\windows\system32\Chip.dll
2009-03-13 04:25 . 2009-03-13 04:24 22004 ----a-w c:\windows\system32\Pvt.tmp
2009-03-12 22:52 . 2009-03-12 22:52 -------- d-----w c:\program files\BYOND
2009-03-11 22:24 . 2009-03-11 22:23 -------- d-----w c:\program files\Broadcom
2009-03-11 22:23 . 2009-03-11 22:23 -------- d-----w c:\program files\AMD
2009-03-11 22:22 . 2009-03-11 22:22 -------- d-----w c:\program files\SigmaTel
2009-03-11 22:19 . 2009-03-11 22:19 -------- d-----w c:\program files\Dell
2009-03-11 22:08 . 2009-03-11 22:08 129 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\fusioncache.dat
2009-03-11 22:08 . 2009-03-11 22:08 -------- d-----w c:\program files\EnglishOtto
2009-03-11 21:59 . 2009-03-11 21:59 -------- d-----w c:\program files\microsoft frontpage
2009-03-11 21:58 . 2004-08-10 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-11 21:55 . 2009-03-11 21:55 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-11 21:55 . 2009-03-11 21:54 -------- d-----w c:\program files\Windows Plus
2009-03-11 21:33 . 2009-03-11 21:33 -------- d-----w c:\program files\7-Zip
2009-03-11 21:32 . 2009-03-11 21:32 -------- d-----w c:\program files\BitTorrent
2009-03-11 21:29 . 2009-03-11 21:29 0 ----a-w c:\windows\nsreg.dat
2009-03-11 21:26 . 2009-03-11 21:26 -------- d-----w c:\program files\CONEXANT
2009-03-09 12:19 . 2009-03-17 20:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 11:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-19 02:10 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 06:59 . 2009-03-19 02:10 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-02-20 08:10 . 2006-03-04 03:33 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 11:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-10 11:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 11:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 11:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 11:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2005-03-30 01:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 11:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-30 01:23 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-10 11:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{184845B5-1457-413D-BB9C-7DB434C87283}]
2008-04-14 00:11 97792 ----a-w c:\windows\system32\catsr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-11 321344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 1260296]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 9479448]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2009-05-01 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

c:\documents and settings\kanota\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-4-10 3111248]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\windows\system32\rundll67.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"DEFGÎ,‘|-‘|q-‘|x-‘|>"= DEFGÎ,‘|-‘|q-‘|x-‘|>:Nod32 Runtime
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58964:TCP"= 58964:TCP:Pando Media Booster
"58964:UDP"= 58964:UDP:Pando Media Booster
"56559:TCP"= 56559:TCP:Pando Media Booster
"56559:UDP"= 56559:UDP:Pando Media Booster

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-09 2793784]
R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-05-02 12936]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-02 98440]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-02 90632]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-02 874776]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 231704]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]

.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-03 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:09]

2009-05-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:09]

2009-05-02 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2009-05-02 16:42]

2009-05-02 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2009-05-02 16:42]

2009-05-02 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-02 16:14]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-nvd32_r - c:\documents and settings\kanota\Application Data\unobi.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.metacrawler.com/crawler?general=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kanota\Application Data\Mozilla\Firefox\Profiles\y158e71h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=2&q=
FF - component: c:\documents and settings\kanota\Application Data\Mozilla\Firefox\Profiles\y158e71h.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\kanota\Application Data\Mozilla\Firefox\Profiles\y158e71h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-02 22:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-03 22:47
ComboFix-quarantined-files.txt 2009-05-03 05:47

Pre-Run: 78,358,548,480 bytes free
Post-Run: 78,362,353,664 bytes free

351 --- E O F --- 2009-04-15 10:02
============================================

and here is the hijackthis report AFTER the combofix scan:
============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:55 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O2 - BHO: (no name) - {184845B5-1457-413D-BB9C-7DB434C87283} - C:\WINDOWS\system32\catsr.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: YouTube Toolbar - {B63D81CF-90DC-4d13-8782-9524A2752039} - C:\Program Files\YouTube Toolbar\DCCFBF5.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7251 bytes
==============================================

0

Do yourself a favour and get rid of regcure. It will cause more problems than it fixes :).

==

1. Please open Notepad Click Start , then Run
Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:



KillAll::

File::
c:\windows\system32\rundll67.exe
c:\windows\system32\rundll97.exe
c:\windows\system32\catsr.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{184845B5-1457-413D-BB9C-7DB434C87283}]


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter youre-enable all the programs that were disabled during the running of ComboFix:Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments CFScript.gif 27.09 KB
0

Alright, regcure is gone.

I did as you instructed.

Here is the ComboFix log:
ComboFix 09-05-02.4 - kanota 05/03/2009 9:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -7:00]
Running from: c:\documents and settings\kanota\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kanota\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\catsr.dll
c:\windows\system32\rundll67.exe
c:\windows\system32\rundll97.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\catsr.dll
c:\windows\system32\rundll67.exe
c:\windows\system32\rundll97.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-03 to 2009-05-03 )))))))))))))))))))))))))))))))
.

2009-05-03 02:42 . 2009-05-03 02:42 -------- d-----w c:\program files\Trend Micro
2009-05-03 02:05 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-03 02:05 . 2009-04-03 18:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-03 02:05 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-03 02:05 . 2009-05-03 04:41 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 02:05 . 2009-05-03 02:05 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-03 02:05 . 2008-12-10 18:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-03 02:05 . 2009-05-03 02:06 -------- d-----w c:\program files\Spyware Doctor
2009-05-03 02:05 . 2009-05-03 02:05 -------- d-----w c:\documents and settings\kanota\Application Data\PC Tools
2009-05-03 02:05 . 2009-05-03 02:05 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-02 22:43 . 2009-05-02 23:57 -------- d-----w c:\program files\NoAdware
2009-05-02 22:36 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 22:36 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 22:36 . 2009-05-02 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-02 22:36 . 2009-05-02 22:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 21:11 . 2009-05-02 21:11 -------- d-----w c:\program files\CCleaner
2009-05-02 20:55 . 2009-05-02 20:55 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-02 20:55 . 2009-05-02 20:55 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-02 20:55 . 2009-05-02 20:55 90632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-02 20:55 . 2009-05-02 20:55 98440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-02 20:55 . 2009-05-02 20:55 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-02 20:55 . 2009-05-03 01:46 -------- d-----w c:\documents and settings\kanota\Application Data\AVGTOOLBAR
2009-05-02 20:30 . 2009-05-02 20:30 -------- d-----w c:\program files\AVG
2009-05-02 20:30 . 2009-05-02 20:55 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-02 18:47 . 2009-05-02 18:47 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-05-02 18:47 . 2009-05-02 18:52 -------- d-----w c:\documents and settings\kanota\Application Data\Uniblue
2009-05-02 18:46 . 2009-05-02 18:52 -------- d-----w c:\program files\Uniblue
2009-05-01 21:57 . 2009-05-01 21:57 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup4167.exe
2009-05-01 21:51 . 2008-04-14 00:11 97792 ----a-w c:\windows\system32\avifil3.dll
2009-05-01 21:51 . 2009-05-01 21:51 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup5235.exe
2009-05-01 21:38 . 2009-05-01 21:38 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup986.exe
2009-05-01 21:37 . 2009-05-01 21:38 0 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\Codec_Setup_1240.exe
2009-05-01 21:37 . 2009-05-01 21:37 24576 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\codecsetup7920.exe
2009-05-01 21:33 . 2009-05-02 19:27 81984 ----a-w c:\windows\system32\bdod.bin
2009-05-01 06:05 . 2009-05-03 04:31 -------- d-----w c:\program files\Autorun Eater
2009-05-01 04:44 . 2009-05-01 04:44 -------- d-----w c:\program files\FormatFactory
2009-05-01 04:37 . 2009-05-01 04:37 27136 ----a-w c:\documents and settings\All Users\proto.dll
2009-05-01 04:33 . 2009-05-01 04:33 -------- d-----w C:\VideoOutput
2009-04-29 22:15 . 2009-05-01 03:08 16 ----a-w c:\windows\msocreg32.dat
2009-04-28 23:25 . 2009-04-28 23:25 -------- d-----w C:\Games
2009-04-28 04:30 . 2009-05-03 01:54 -------- d-----w c:\documents and settings\kanota\Tracing
2009-04-28 04:29 . 2009-04-28 04:29 -------- d-----w c:\program files\Microsoft
2009-04-28 04:28 . 2009-04-28 04:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-28 04:28 . 2009-04-28 04:29 -------- d-----w c:\program files\Windows Live
2009-04-28 04:25 . 2009-04-28 04:25 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-28 03:39 . 2009-04-28 03:40 -------- d-----w c:\documents and settings\kanota\Application Data\Ventrilo
2009-04-28 03:39 . 2009-04-28 03:39 -------- d-----w c:\program files\Ventrilo
2009-04-28 03:39 . 2009-04-28 03:39 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 21:55 . 2009-04-27 21:55 -------- d-----w c:\program files\Sierra
2009-04-25 00:07 . 2009-04-25 00:07 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-04-25 00:07 . 2009-04-25 00:07 368640 ----a-w c:\windows\system32\ReWire.dll
2009-04-24 23:29 . 2009-04-24 23:29 -------- d-----w c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-04-24 23:28 . 2009-04-24 23:28 -------- d-----w c:\program files\Propellerhead
2009-04-21 21:40 . 2009-04-21 22:29 -------- d-----w C:\Nexon
2009-04-21 21:40 . 2009-04-21 21:45 -------- d-----w c:\documents and settings\All Users\Application Data\NexonUS
2009-04-21 01:19 . 2009-04-21 01:19 -------- d-----w C:\CFLog
2009-04-21 01:13 . 2009-04-21 01:13 -------- d-----w c:\program files\Subagames
2009-04-20 04:34 . 2009-04-30 01:43 137992 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-20 04:34 . 2009-04-30 01:43 201816 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-20 04:34 . 2009-04-20 04:34 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\documents and settings\kanota\Application Data\PACE Anti-Piracy
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\documents and settings\kanota\Local Settings\Application Data\PACE Anti-Piracy
2009-04-20 00:37 . 2009-04-20 00:37 -------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-04-20 00:26 . 2005-05-26 22:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-19 02:44 . 2009-04-19 02:44 -------- d-----w C:\ProgramData
2009-04-19 02:44 . 2009-04-19 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-19 02:44 . 2009-04-20 00:09 -------- d-----w c:\program files\Electronic Arts
2009-04-15 04:48 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 04:48 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 04:48 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 04:48 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 04:48 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 04:48 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 04:48 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 04:48 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 04:48 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 04:48 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 04:48 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 23:23 . 2009-04-10 23:23 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-09 23:50 . 2009-04-09 23:52 -------- d-----w c:\documents and settings\kanota\Application Data\WeGame
2009-04-07 23:21 . 2003-06-19 00:31 17920 ----a-w c:\windows\system32\mdimon.dll
2009-04-07 23:20 . 2009-04-07 23:20 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-07 23:19 . 2009-04-07 23:20 -------- d-----w c:\windows\SHELLNEW
2009-04-07 23:17 . 2009-04-07 23:17 -------- d-----w c:\program files\Microsoft.NET
2009-04-07 23:16 . 2009-04-07 23:16 -------- d--h--r C:\MSOCache
2009-04-06 00:23 . 2001-08-18 05:36 5632 ----a-w c:\windows\system32\ptpusb.dll
2009-04-06 00:23 . 2008-04-14 00:12 159232 ----a-w c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-03 16:49 . 2009-03-11 21:32 -------- d-----w c:\program files\DNA
2009-05-03 16:48 . 2009-03-11 22:05 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-03 01:46 . 2009-03-24 01:47 -------- d-----w c:\program files\Pando Networks
2009-05-02 20:10 . 2009-03-11 22:10 -------- d-----w c:\program files\RGB
2009-05-02 20:09 . 2009-03-20 05:56 -------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-05-02 19:59 . 2009-03-17 01:14 -------- d-----w c:\program files\Axxa's Wow Logo Creator - Phase Two
2009-05-02 18:48 . 2009-05-02 18:48 272 ----a-w c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2009-05-02 18:47 . 2009-05-02 18:47 394 ----a-w c:\windows\Tasks\Uniblue SpeedUpMyPC.job
2009-05-02 18:47 . 2009-05-02 18:47 340 ----a-w c:\windows\Tasks\Uniblue SpyEraser.job
2009-05-01 17:52 . 2009-03-19 02:11 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-05-01 15:01 . 2009-03-13 04:17 -------- d-----w c:\program files\Acoustica Mixcraft 4
2009-04-29 22:09 . 2009-03-11 22:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 04:30 . 2009-03-11 21:25 45176 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 03:24 . 2009-03-11 22:18 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-24 22:08 . 2009-03-13 04:23 -------- d-----w c:\program files\Acoustica Shared Effects
2009-04-24 00:24 . 2009-03-11 21:35 -------- d-----w c:\program files\Xfire
2009-04-18 23:48 . 2009-03-13 18:12 -------- d-----w c:\program files\World of Warcraft
2009-04-08 23:07 . 2009-03-17 20:47 -------- d-----w c:\program files\LimeWire
2009-04-04 22:24 . 2009-03-17 20:49 -------- d-----w c:\program files\Sprint Instinct Applications
2009-04-04 21:10 . 2009-03-17 20:48 -------- d-----w c:\program files\Java
2009-03-26 05:26 . 2009-03-26 05:26 -------- d-----w c:\program files\PremiumSoft
2009-03-24 19:30 . 2009-03-22 19:15 -------- d-----w c:\program files\NOS
2009-03-24 07:14 . 2009-03-24 07:14 -------- d-----w c:\program files\vestgame
2009-03-24 05:01 . 2009-03-19 06:48 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-24 02:48 . 2009-03-24 02:48 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-22 19:17 . 2009-03-22 19:17 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-22 19:17 . 2009-03-22 19:16 -------- d-----w c:\program files\Common Files\Adobe
2009-03-21 23:13 . 2009-03-21 23:12 -------- d-----w c:\program files\Easy Avi Divx Xvid to DVD Burner
2009-03-20 21:43 . 2009-03-20 21:43 -------- d-----w c:\program files\AV Vcs 5.5 DIAMOND
2009-03-20 01:11 . 2009-03-20 01:11 -------- d-----w c:\program files\Common Files\SWF Studio
2009-03-20 01:11 . 2009-03-20 01:11 -------- d-----w c:\program files\Riva
2009-03-20 00:50 . 2009-03-20 00:50 -------- d-----w c:\program files\AnalogX
2009-03-19 02:44 . 2009-03-19 02:44 -------- d-----w c:\program files\CopyPod
2009-03-19 02:31 . 2009-03-13 20:48 -------- d-----w c:\program files\WindSolutions
2009-03-19 02:12 . 2009-03-19 02:11 -------- d-----w c:\program files\iTunes
2009-03-19 02:11 . 2009-03-19 02:11 -------- d-----w c:\program files\iPod
2009-03-19 02:11 . 2009-03-19 02:11 -------- d-----w c:\program files\Bonjour
2009-03-19 02:11 . 2009-03-19 02:11 -------- d-----w c:\program files\QuickTime
2009-03-19 02:11 . 2009-03-19 02:10 -------- d-----w c:\program files\Apple Software Update
2009-03-19 02:10 . 2009-03-19 02:10 -------- d-----w c:\program files\Common Files\Apple
2009-03-18 22:34 . 2009-03-18 22:34 -------- d-----w c:\program files\Xvid
2009-03-18 22:20 . 2009-03-18 22:14 -------- d-----w c:\program files\Sonicism Digital Audio Solutions
2009-03-17 22:17 . 2009-03-17 22:17 -------- d-----w c:\program files\Teamspeak2_RC2
2009-03-17 20:50 . 2009-03-17 20:50 -------- d-----w c:\program files\Samsung
2009-03-15 06:24 . 2009-03-11 21:57 87747 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-14 21:43 . 2009-03-14 21:43 -------- d-----w c:\program files\DivX
2009-03-14 21:43 . 2009-03-14 21:43 -------- d-----w c:\program files\Common Files\DivX Shared
2009-03-14 20:48 . 2009-03-14 20:48 -------- d-----w c:\program files\Common Files\Electronic Learning Products
2009-03-14 20:48 . 2009-03-14 20:48 -------- d-----w c:\program files\Electronic Learning Products
2009-03-14 03:17 . 2009-03-14 03:17 -------- d-----w c:\program files\Control Panel
2009-03-14 00:43 . 2009-03-14 00:43 -------- d-----r c:\program files\Skype
2009-03-14 00:36 . 2009-03-14 00:36 -------- d-----w c:\program files\Common Files\PCCamera
2009-03-14 00:36 . 2009-03-14 00:36 -------- d-----w c:\program files\PC VGA Camera
2009-03-13 21:54 . 2009-03-13 21:54 -------- d-----w c:\program files\Notepad++
2009-03-13 21:51 . 2009-03-13 21:51 66024 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-03-13 21:50 . 2009-03-13 21:50 -------- d-----w c:\program files\MSBuild
2009-03-13 21:50 . 2009-03-13 21:50 -------- d-----w c:\program files\Reference Assemblies
2009-03-13 21:48 . 2009-03-13 21:48 -------- d-----w c:\program files\MSXML 6.0
2009-03-13 21:31 . 2009-03-13 21:31 -------- d-----w c:\program files\SQLyog Enterprise
2009-03-13 21:25 . 2009-03-13 21:25 -------- d-----w c:\program files\MagicISO
2009-03-13 19:10 . 2009-03-12 22:45 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-13 04:35 . 2009-03-13 04:35 -------- d-----w c:\program files\Bome's Mouse Keyboard
2009-03-13 04:35 . 2009-03-13 04:35 -------- d-----w c:\program files\nerds.de
2009-03-13 04:25 . 2009-03-13 04:24 34308 ----a-w c:\windows\system32\Chip.dll
2009-03-13 04:25 . 2009-03-13 04:24 22004 ----a-w c:\windows\system32\Pvt.tmp
2009-03-12 22:52 . 2009-03-12 22:52 -------- d-----w c:\program files\BYOND
2009-03-11 22:24 . 2009-03-11 22:23 -------- d-----w c:\program files\Broadcom
2009-03-11 22:23 . 2009-03-11 22:23 -------- d-----w c:\program files\AMD
2009-03-11 22:22 . 2009-03-11 22:22 -------- d-----w c:\program files\SigmaTel
2009-03-11 22:19 . 2009-03-11 22:19 -------- d-----w c:\program files\Dell
2009-03-11 22:08 . 2009-03-11 22:08 129 ----a-w c:\documents and settings\kanota\Local Settings\Application Data\fusioncache.dat
2009-03-11 22:08 . 2009-03-11 22:08 -------- d-----w c:\program files\EnglishOtto
2009-03-11 21:59 . 2009-03-11 21:59 -------- d-----w c:\program files\microsoft frontpage
2009-03-11 21:58 . 2004-08-10 11:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-11 21:55 . 2009-03-11 21:55 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-11 21:55 . 2009-03-11 21:54 -------- d-----w c:\program files\Windows Plus
2009-03-11 21:33 . 2009-03-11 21:33 -------- d-----w c:\program files\7-Zip
2009-03-11 21:32 . 2009-03-11 21:32 -------- d-----w c:\program files\BitTorrent
2009-03-11 21:29 . 2009-03-11 21:29 0 ----a-w c:\windows\nsreg.dat
2009-03-11 21:26 . 2009-03-11 21:26 -------- d-----w c:\program files\CONEXANT
2009-03-09 12:19 . 2009-03-17 20:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 11:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-19 02:10 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 06:59 . 2009-03-19 02:10 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-02-20 08:10 . 2006-03-04 03:33 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-10 11:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-10 11:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 11:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 11:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 11:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2005-03-30 01:01 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 11:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-03-30 01:23 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 11:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2004-08-10 11:00 56832 ----a-w c:\windows\system32\secur32.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-03_05.46.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-03 16:48 . 2009-05-03 16:48 16384 c:\windows\temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-11 321344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-08 1260296]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-12-07 9479448]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2009-05-01 27136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]

c:\documents and settings\kanota\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-4-10 3111248]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
"wave3"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\windows\system32\rundll67.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"DEFGÎ,‘|-‘|q-‘|x-‘|>"= DEFGÎ,‘|-‘|q-‘|x-‘|>:Nod32 Runtime
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58964:TCP"= 58964:TCP:Pando Media Booster
"58964:UDP"= 58964:UDP:Pando Media Booster
"56559:TCP"= 56559:TCP:Pando Media Booster
"56559:UDP"= 56559:UDP:Pando Media Booster

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-09 2793784]
R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\DRIVERS\PA707UCM.SYS [2005-10-18 154752]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-05-02 12936]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-02 98440]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-02 90632]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-02 874776]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-02 231704]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]

.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-02 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2009-05-02 16:42]

2009-05-02 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2009-05-02 16:42]

2009-05-02 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-05-02 16:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = \blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.metacrawler.com/crawler?general=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\kanota\Application Data\Mozilla\Firefox\Profiles\y158e71h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=2&q=
FF - component: c:\documents and settings\kanota\Application Data\Mozilla\Firefox\Profiles\y158e71h.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\kanota\Application Data\Mozilla\Firefox\Profiles\y158e71h.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\BYOND\bin\npbyond.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-03 09:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-03 9:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-03 16:52
ComboFix2.txt 2009-05-03 05:47

Pre-Run: 78,365,548,544 bytes free
Post-Run: 78,359,785,472 bytes free

357 --- E O F --- 2009-04-15 10:02
===============================================

And here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:30 AM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: YouTube Toolbar - {B63D81CF-90DC-4d13-8782-9524A2752039} - C:\Program Files\YouTube Toolbar\DCCFBF5.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7186 bytes

0

Everything is working as it should!
Thanks for your help!!

You are welcome :)

Let's get rid of Combofix now that we are finished with it.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /, it needs to be there.
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.