system security

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Avira AntiVir Personal
Report file date: Tuesday, September 01, 2009 00:50

Scanning for 1675275 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ILI-RCNXYVOT0SI

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 04:47:36
ANTIVIR3.VDF : 7.1.5.188 393728 Bytes 8/31/2009 04:47:37
Engineversion : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 18:31:50
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 9/1/2009 04:47:39
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 14:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 18:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/1/2009 04:47:38
AEHELP.DLL : 8.1.6.0 233846 Bytes 9/1/2009 04:47:37
AEGEN.DLL : 8.1.1.59 356725 Bytes 9/1/2009 04:47:37
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 14:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,

Start of the scan: Tuesday, September 01, 2009 00:50

Starting search for hidden objects.
'84868' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'aim6.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'WLSngS.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'gtwpssrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '73' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Audition\audition3.zip
[0] Archive type: ZIP
--> audition3.2000/3/MessengerDBAgent.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> audition3.2000/4/ItemDBServer.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> audition3.2000/5/MessengerServer.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> audition3.2000/6/AuditionLoginServerD.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> audition3.2000/7/AuditionGameServerD.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Audition\Database\AU3.25.rar
[0] Archive type: RAR
--> AuditionGameServer\AuditionGameServerD.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> itemdbserver\ItemDBServer.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> LoginServer\AuditionLoginServerD.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Audition\Server files\AU3.25.rar
[0] Archive type: RAR
--> AuditionGameServer\AuditionGameServerD.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> itemdbserver\ItemDBServer.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
--> LoginServer\AuditionLoginServerD.exe
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Documents and Settings\ili\Application Data\BIT2C.tmp
[DETECTION] Is the TR/FakeRean.A.9 Trojan
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\21\5b7fd6d5-3c2b3c20
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\21\5b7fd6d5-44514a58
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\23\6622be57-2a951797
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\23\6622be57-7dcf70a4
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\30\518dc01e-26f24935
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\30\518dc01e-4b7198b4
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\52\6b28d634-126ebd55
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\52\6b28d634-5d220769
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\56\3105b5b8-22660ae2
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.B Java virus
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\56\3105b5b8-482f464c
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.B Java virus
C:\Documents and Settings\ili\Desktop\Shit\Reflexive\FFF-ReflexV3.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Documents and Settings\ili\Desktop\tools\Flash_Disinfector.exe

[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
C:\Documents and Settings\ili\Desktop\tools\SDFix.exe
[DETECTION] Contains recognition pattern of the APPL/PrcView.E application
C:\Program Files\Common Files\Enterbrain\RGSS\Standard\Graphics.exe
[0] Archive type: CAB SFX (self extracting)
--> Graphics\Animations\002-Action02.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Qoobox\Quarantine\C\Documents and Settings\ili\Application Data\pcdefender.exe.vir
[DETECTION] Is the TR/FakeRean.A.9 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\win3202132922767-12006.exe.vir
[DETECTION] Is the TR/Dldr.VB.aga Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\adrotate.dll.vir
[DETECTION] Contains recognition pattern of the ADSPY/TrafficSol.A adware or spyware
C:\Qoobox\Quarantine\C\WINDOWS\system32\baloon.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\cfrog.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcjaoyrdqcmoptxelphcxeyordxlatackt.dll.vir
[DETECTION] Is the TR/TDss.acdc Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\klomp.exe.vir
[DETECTION] Is the TR/Dldr.Agent.OLK Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\LinkSave.Droper.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mqapi.exe.vir
[0] Archive type: NSIS
--> ProgramFilesDir/jah34717.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rasha.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxctakdvpwxstotdygaybarsmdoujyoynkc.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.kqe root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxmaxtoeqh.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxosvdnrsr.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxserv.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_msqpdxmxfeoitu_.sys.zip
[0] Archive type: ZIP
--> msqpdxmxfeoitu.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084789.exe
[DETECTION] Is the TR/Agent.417280.B Trojan
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084793.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084794.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084795.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP181\A0088217.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZOEHOFHC\pass3471[1].exe
[0] Archive type: NSIS
--> ProgramFilesDir/jah34717.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Audition\audition3.zip
[NOTE] The file was moved to '4b00c6e2.qua'!
C:\Audition\Database\AU3.25.rar
[NOTE] The file was moved to '4acfc6c3.qua'!
C:\Audition\Server files\AU3.25.rar
[NOTE] The file was moved to '4acfc6c4.qua'!
C:\Documents and Settings\ili\Application Data\BIT2C.tmp
[DETECTION] Is the TR/FakeRean.A.9 Trojan
[NOTE] The file was moved to '4af0c6c0.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\21\5b7fd6d5-3c2b3c20
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '4ad3c6d9.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\21\5b7fd6d5-44514a58
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '4994b9ba.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\23\6622be57-2a951797
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '4acec6ad.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\23\6622be57-7dcf70a4
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '49845016.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\30\518dc01e-26f24935
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '4ad4c6a8.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\30\518dc01e-4b7198b4
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '4ad4c6a9.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\52\6b28d634-126ebd55
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '4acec6da.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\52\6b28d634-5d220769
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
[NOTE] The file was moved to '499d1023.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\56\3105b5b8-22660ae2
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.B Java virus
[NOTE] The file was moved to '4accc6a9.qua'!
C:\Documents and Settings\ili\Application Data\Sun\Java\Deployment\cache\6.0\56\3105b5b8-482f464c
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.B Java virus
[NOTE] The file was moved to '498060e2.qua'!
C:\Documents and Settings\ili\Desktop\Shit\Reflexive\FFF-ReflexV3.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4ae2c6be.qua'!
C:\Documents and Settings\ili\Desktop\tools\Flash_Disinfector.exe
[NOTE] The file was moved to '4afdc6e5.qua'!
C:\Documents and Settings\ili\Desktop\tools\SDFix.exe
[DETECTION] Contains recognition pattern of the APPL/PrcView.E application
[NOTE] The file was moved to '4ae2c6bd.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\ili\Application Data\pcdefender.exe.vir
[DETECTION] Is the TR/FakeRean.A.9 Trojan
[NOTE] The file was moved to '4b00c6dd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\win3202132922767-12006.exe.vir
[DETECTION] Is the TR/Dldr.VB.aga Trojan
[NOTE] The file was moved to '4b0ac6e4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\adrotate.dll.vir
[DETECTION] Contains recognition pattern of the ADSPY/TrafficSol.A adware or spyware
[NOTE] The file was moved to '4b0ec6e0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\baloon.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4b08c6dd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cfrog.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b0ec6e2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcjaoyrdqcmoptxelphcxeyordxlatackt.dll.vir
[DETECTION] Is the TR/TDss.acdc Trojan
[NOTE] The file was moved to '4b12c6f4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\klomp.exe.vir
[DETECTION] Is the TR/Dldr.Agent.OLK Trojan
[NOTE] The file was moved to '4b0bc6e8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\LinkSave.Droper.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b0ac6e5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mqapi.exe.vir
[NOTE] The file was moved to '4afdc6ed.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rasha.exe.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4b0fc6de.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\gxvxctakdvpwxstotdygaybarsmdoujyoynkc.sys.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.kqe root kit
[NOTE] The file was moved to '4b12c6f5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxmaxtoeqh.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4b0dc6f0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxosvdnrsr.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '486c8351.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\msqpdxserv.sys.vir
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4b0dc6f1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_msqpdxmxfeoitu_.sys.zip
[NOTE] The file was moved to '4b0fc6eb.qua'!
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084789.exe
[DETECTION] Is the TR/Agent.417280.B Trojan
[NOTE] The file was moved to '4accc6ae.qua'!
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084793.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4accc6af.qua'!
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084794.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4accc6b8.qua'!
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP170\A0084795.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4accc6c6.qua'!
C:\System Volume Information\_restore{A8CA578B-CB5B-4D0B-91F5-17A24253077B}\RP181\A0088217.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4accc6c8.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ZOEHOFHC\pass3471[1].exe
[NOTE] The file was moved to '4b0fc6f9.qua'!


End of the scan: Tuesday, September 01, 2009 03:00
Used time: 1:58:11 Hour(s)

The scan has been done completely.

13807 Scanned directories
470662 Files were scanned
46 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
38 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
470613 Files not concerned
2700 Archives were scanned
5 Warnings
40 Notes
84868 Objects were scanned with rootkit scan
0 Hidden objects were found

Hello.
Now that we have an AV on your system, please run Combofix again. Before doing that though, we'll need to disable Avira.

We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.

ComboFix 09-08-31.04 - ili 09/01/2009 15:38.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -4:00]
Running from: c:\documents and settings\ili\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ili\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\ili\Local Settings\Temporary Internet Files\p3xfer.cfg
c:\windows\Fonts\Britannian Runes.TTF
c:\windows\Installer\10a982.msi
c:\windows\Installer\2475b6d.msi
c:\windows\Installer\53e1ce9.msi
c:\windows\Installer\d672b1.msi
c:\windows\system32\kdfinj.dll
c:\windows\system32\threat448y.bin
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 04:43 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-01 04:43 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-01 04:43 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-01 04:43 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-01 04:43 . 2009-09-01 04:43 -------- d-----w- c:\program files\Avira
2009-09-01 04:43 . 2009-09-01 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-30 21:25 . 2009-08-30 21:25 0 ----a-w- c:\windows\popcreg.dat
2009-08-30 21:25 . 2009-08-30 21:25 0 ----a-w- c:\windows\popcinfot.dat
2009-08-30 03:46 . 2009-08-30 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-08-30 03:45 . 2009-08-30 03:46 -------- d-----w- c:\program files\PopCap Games
2009-08-29 18:32 . 2009-08-29 19:16 -------- d-----w- c:\documents and settings\ili\Application Data\.minecraft
2009-08-24 08:38 . 2009-08-29 16:27 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-22 13:28 . 2009-09-01 06:59 -------- d-----w- C:\Audition
2009-08-21 22:01 . 2009-07-10 16:33 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2009-08-21 22:00 . 2009-08-21 22:00 -------- d-----w- c:\program files\PremiumSoft
2009-08-21 21:49 . 2009-08-21 21:49 -------- d-----w- c:\program files\MySQL
2009-08-21 21:49 . 2009-08-21 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MySQL
2009-08-17 11:21 . 2009-08-30 03:25 -------- d-----w- C:\RomAudition
2009-08-16 17:09 . 2009-08-16 17:09 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-16 17:09 . 2009-08-16 17:09 -------- d-----w- c:\program files\Reference Assemblies
2009-08-16 17:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-16 17:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-16 17:08 . 2009-08-16 17:08 -------- d-----w- C:\a81733658c0826f80b
2009-08-16 17:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-16 17:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-16 17:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-16 17:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-16 17:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-16 17:08 . 2009-08-16 17:21 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-14 07:26 . 2009-08-14 07:26 -------- d-----w- c:\program files\Games
2009-08-13 20:06 . 2009-08-13 20:06 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-13 20:06 . 2009-08-13 20:06 -------- d-----w- c:\documents and settings\ili\Application Data\skypePM
2009-08-13 20:04 . 2009-08-16 19:22 -------- d-----w- c:\documents and settings\ili\Application Data\Skype
2009-08-13 20:02 . 2009-08-13 20:02 -------- d-----w- c:\program files\Common Files\Skype
2009-08-13 20:02 . 2009-08-13 20:03 -------- d-----r- c:\program files\Skype
2009-08-13 20:02 . 2009-08-13 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-13 17:10 . 2009-08-13 17:10 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-08-12 21:46 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 15:27 . 2009-08-08 15:27 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-08-08 15:27 . 2009-08-08 15:27 -------- d-----w- c:\program files\Britannica Games
2009-08-08 15:17 . 2009-08-08 15:30 -------- d-----w- c:\program files\Magic Farm
2009-08-08 15:14 . 2009-08-08 15:14 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-08 08:00 . 2009-08-13 09:58 -------- d-----w- c:\documents and settings\ili\Application Data\IMVU
2009-08-08 08:00 . 2009-08-08 08:00 82041 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\Uninstall.exe
2009-08-08 07:59 . 2009-08-08 08:00 -------- d-----w- c:\documents and settings\ili\Application Data\IMVUClient
2009-08-08 07:10 . 2009-08-08 07:10 -------- d-----w- c:\documents and settings\ili\Application Data\EleFun Games
2009-08-08 06:09 . 2009-08-08 15:29 -------- d-----w- c:\documents and settings\ili\Application Data\Meridian93
2009-08-08 05:04 . 2009-08-08 15:27 -------- d-----w- c:\program files\Oberon Media
2009-08-06 17:05 . 2009-08-06 17:05 92192 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\IMVUupdater.exe
2009-08-06 17:05 . 2009-08-06 17:05 18688 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\imvuqualityagent.exe
2009-08-06 17:05 . 2009-08-06 17:05 52992 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\IMVUClient.exe
2009-08-06 16:59 . 2009-08-06 16:59 1252864 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\SceneWindow.dll
2009-08-06 16:59 . 2009-08-06 16:59 15872 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\MemoryHook.dll
2009-08-06 16:57 . 2009-08-06 16:57 296960 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\cal3d.dll
2009-08-06 16:57 . 2009-08-06 16:57 190976 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\boost_python.dll
2009-08-06 16:57 . 2009-08-06 16:57 30720 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\CallStack.dll
2009-08-06 16:57 . 2009-08-06 16:57 257536 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\audiere.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 21:58 . 2009-08-04 21:58 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-04 18:35 . 2009-08-04 18:35 -------- d-----w- C:\gPotato
2009-08-04 18:03 . 2009-08-04 18:03 49664 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\w9xpopen.exe
2009-08-04 18:03 . 2009-08-04 18:03 110080 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\pywintypes26.dll
2009-08-04 18:03 . 2009-08-04 18:03 353280 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\pythoncom26.dll
2009-08-04 18:03 . 2009-08-04 18:03 2251264 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\python26.dll
2009-08-03 06:05 . 2009-08-03 06:05 15240 ----a-w- c:\documents and settings\ili\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-08-03 04:14 . 2008-09-27 04:00 230752 ----a-w- c:\windows\patchw32.dll
2009-08-03 04:14 . 2008-09-27 04:00 118176 ----a-w- c:\windows\patchw.dll
2009-08-03 04:10 . 2009-08-03 04:14 -------- d-----w- c:\program files\Outspark

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 19:34 . 2006-12-10 19:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-01 19:27 . 2009-07-26 02:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-01 19:27 . 2009-07-26 02:00 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-31 04:22 . 2007-01-22 00:24 29 ----a-w- c:\windows\popcinfo.dat
2009-08-30 21:31 . 2006-08-26 21:55 -------- d-----w- c:\documents and settings\ili\Application Data\BitTorrent
2009-08-26 04:27 . 2006-06-03 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-26 04:26 . 2006-06-03 03:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-25 02:33 . 2003-03-11 06:57 -------- d-----w- c:\documents and settings\ili\Application Data\Xfire
2009-08-19 06:21 . 2003-03-11 06:57 -------- d-s---w- c:\program files\Xfire
2009-08-18 22:46 . 2008-12-29 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-17 19:48 . 2009-08-17 19:48 687104 ----a-w- c:\windows\isRS-000.tmp
2009-08-17 19:47 . 2009-01-15 05:44 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-16 19:30 . 2006-05-15 01:01 113688 ----a-w- c:\documents and settings\ili\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 17:29 . 2009-01-15 07:14 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-08-13 17:11 . 2009-02-22 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-08 15:25 . 2006-11-25 21:39 -------- d-----w- c:\program files\MSN Games
2009-08-08 05:15 . 2006-05-13 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-08 05:15 . 2006-05-13 17:09 -------- d-----w- c:\documents and settings\ili\Application Data\PlayFirst
2009-08-06 21:33 . 2009-06-04 17:14 83288 ----a-w- c:\windows\system32\kdfapi.dll
2009-08-06 21:33 . 2009-06-04 17:14 674384 ----a-w- c:\windows\system32\GZGHAAYR.exe
2009-08-06 21:33 . 2009-06-04 17:14 61440 ----a-w- c:\windows\system32\proDefense.dll
2009-08-06 21:33 . 2009-06-04 17:14 59976 ----a-w- c:\windows\system32\Kdfhok.dll
2009-08-06 21:33 . 2009-06-04 17:14 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-08-05 09:01 . 2006-05-15 00:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2008-12-29 20:39 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2008-12-29 20:39 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 04:10 . 2006-05-21 22:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 18:01 . 2008-09-24 17:06 34 ----a-w- c:\documents and settings\ili\jagex_runescape_preferences.dat
2009-08-01 17:48 . 2009-08-01 17:49 91656 ----a-w- c:\program files\RuneScape.exe
2009-08-01 02:41 . 2009-04-04 01:29 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-01 02:41 . 2003-03-12 03:16 -------- d-----w- c:\program files\MSN Messenger
2009-07-31 00:19 . 2006-05-13 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-07-30 03:54 . 2008-10-18 04:27 -------- d-----w- c:\program files\Cute Knight
2009-07-26 02:02 . 2009-07-26 01:58 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-07-26 01:58 . 2009-07-26 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-07-26 01:58 . 2006-09-09 21:37 -------- d-----w- c:\program files\Logitech
2009-07-24 01:45 . 2009-07-24 01:45 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-24 01:44 . 2009-07-24 01:44 -------- d-----w- c:\program files\Linksys
2009-07-24 01:44 . 2009-07-24 01:44 -------- d-----w- c:\documents and settings\ili\Application Data\InstallShield
2009-07-18 04:20 . 2006-05-13 14:58 -------- d-----w- c:\program files\Yahoo! Games
2009-07-18 04:17 . 2006-06-22 22:54 -------- d-----w- c:\program files\Maxis
2009-07-17 23:55 . 2009-05-26 00:16 -------- d-----w- c:\documents and settings\ili\Application Data\Sonic
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 22:30 . 2009-06-21 00:58 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-14 03:43 . 2005-01-28 20:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-24 21:26 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 03:08 . 2009-06-15 03:08 262144 ----a-w- C:\ntuser.dat
2009-06-12 12:31 . 2003-03-31 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 14:13 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2006-05-13 01:53 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-03-31 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\ili\Application Data\IMVUClient\pixomatic.dll
2009-06-04 17:14 . 2009-06-04 17:13 270445 ----a-w- c:\windows\system32\kdfmod.dll
2009-06-04 17:12 . 2009-06-04 17:12 261384 ----a-w- c:\windows\system32\p3xsvr.exe
2009-06-04 17:12 . 2009-06-04 17:12 146696 ----a-w- c:\windows\system32\p3xfer.dll
2009-06-04 17:12 . 2009-06-04 17:12 1201624 ----a-w- c:\windows\system32\p3xAudition.exe
2008-10-23 03:38 . 2008-10-23 03:37 89811 ----a-w- c:\program files\Uninstal.exe
2006-12-10 23:42 . 2008-01-27 19:15 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-12-20 11:04 . 2006-12-18 19:44 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 11:04 . 2006-12-18 19:44 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-20 11:04 . 2006-12-18 19:44 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 11:04 . 2006-12-18 19:44 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 11:04 . 2006-12-18 19:44 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-11-20 08:36 . 2008-11-20 08:36 56 --sh--r- c:\windows\system32\17A98B4007.sys
2009-02-01 18:05 . 2008-11-20 08:36 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-03-15 2652056]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-25 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

c:\documents and settings\ili\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
backup=c:\windows\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ili^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\ili\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ili^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\ili\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/15/2009 3:16 AM 159600]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/1/2009 12:43 AM 108289]
R2 GTWPSService;GTWPSSRV;c:\program files\Linksys\WMP110\gtwpssrv.exe [7/23/2009 9:44 PM 34816]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/15/2009 3:16 AM 73840]
R2 WLSng Service;WLSng Service;c:\program files\Linksys\WMP110\WLSngS.exe [7/23/2009 9:44 PM 233472]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [7/23/2009 9:44 PM 57344]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [5/12/2006 10:49 PM 36224]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 cpuz131;cpuz131;\??\c:\docume~1\ili\LOCALS~1\Temp\cpuz131\cpuz_x32.sys --> c:\docume~1\ili\LOCALS~1\Temp\cpuz131\cpuz_x32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\gpotato\Luna Online\GameGuard\dump_wmimmc.sys --> c:\gpotato\Luna Online\GameGuard\dump_wmimmc.sys [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Linksys\WMP110\jswpsapi.exe [7/23/2009 9:44 PM 352338]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [4/26/2009 6:14 AM 131072]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [4/26/2009 6:14 AM 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/15/2009 3:15 AM 95640]
S3 ProDefense;ProDefense;\??\c:\windows\system32\drivers\ProDefense.sys --> c:\windows\system32\drivers\ProDefense.sys [?]
S3 WMP110;Linksys WMP110 RangePlus Wireless PCI Adapter Service;c:\windows\system32\drivers\WMP110.sys [7/23/2009 9:44 PM 1299520]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva262;XDva262;\??\c:\windows\system32\XDva262.sys --> c:\windows\system32\XDva262.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
FastUserSwitchingCompatibility
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
Schedule
Seclogon
SRService
Themes
TrkWks
W32Time
Wmi
WmdmPmSp
winmgmt
TermService
wuauserv
BITS
ShellHWDetection
helpsvc
xmlprov
wscsvc
napagent
hkmsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Search
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: &Google Search
IE: &Translate English Word
IE: &Windows Live Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ili\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx321/kdfense8.cab
DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://114.31.32.13/download/hsloadset_20080115.cab
DPF: {D6440B15-8FD8-455C-AE55-8D3198F49638} - hxxp://audition.hanbiton.com/game/ExHbsAudition.cab
FF - ProfilePath - c:\documents and settings\ili\Application Data\Mozilla\Firefox\Profiles\63q60lpc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - component: c:\documents and settings\ili\Application Data\Mozilla\Firefox\Profiles\63q60lpc.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 16:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-01 16:14
ComboFix-quarantined-files.txt 2009-09-01 20:14
ComboFix2.txt 2008-12-30 00:20
ComboFix3.txt 2008-12-29 23:51
ComboFix4.txt 2008-12-29 22:06

Pre-Run: 22,038,900,736 bytes free
Post-Run: 22,249,758,720 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=5 Sets=1,2,3,4,5
347 --- E O F --- 2009-08-26 17:00

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

i ran it, it uninstalled combo fix. but the computer is still running real bad. it's hard for me to play games on it it takes a long time to open, or just doesnt open at all <_<

Please post a new Hijack This log, we'll see what we can do about performance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:00 AM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WMP110\WLSngS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Sid Registration.lnk = D:\ATR1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Sid Registration.lnk = D:\ATR1.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ili\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} (NlsComm Component Class) - http://login.hanbiton.com/cab/NLSnSSO.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232539992776
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://kings.nefficient.co.kr/kings/kdfx/kdfx321/kdfense8.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} (Tilecity Control) - http://www.worldwinner.com/games/v42/tilecity/tilecity.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} (MysteryPI Control) - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://114.31.32.13/download/hsloadset_20080115.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6440B15-8FD8-455C-AE55-8D3198F49638} (ExcuteHbsAudition Class) - http://audition.hanbiton.com/game/ExHbsAudition.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: GTWPSSRV (GTWPSService) - Unknown owner - C:\Program Files\Linksys\WMP110\gtwpssrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Linksys\WMP110\jswpsapi.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: WLSng Service - TODO: - C:\Program Files\Linksys\WMP110\WLSngS.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14208 bytes

Hello.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
  O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
  O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
  O4 - S-1-5-18 Startup: Sid Registration.lnk = D:\ATR1.exe (User 'SYSTEM')
  O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
  O4 - .DEFAULT Startup: Sid Registration.lnk = D:\ATR1.exe (User 'Default user')
  O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
  O4 - Startup: Sid Registration.lnk = D:\ATR1.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

9/10/2009 5:48:23 PM
mbam-log-2009-09-10 (17-48-23).txt

Scan type: Quick Scan
Objects scanned: 119153
Time elapsed: 12 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Hello.
How is the machine running now?
I'd say this is ok now.