Unable to connect to microsoft websites or windows updates, error 0x8024402c

This began when Windows Defender was trying to update, I received the error 0x8024402c. I thought I'd just get the new definitions off the website, but I couldn't connect to any of them. My internet connection is fine, but I simply can't connect to microsoft websites or windows updates.

I'm beginning to think this is due to a virus, here's my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:16 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\User\Local Settings\Temp\EI40_\msxml4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7088 bytes

bump

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I think the link you gave is broken, or whatever is preventing me from going to microsoft websites is also blocking that. I already have database version 2430 of Malwarbyte's. Here's the log of it's quick scan:

Malwarebytes' Anti-Malware 1.39
Database version: 2430
Windows 5.1.2600 Service Pack 3

8/15/2009 5:53:40 PM
mbam-log-2009-08-15 (17-53-40).txt

Scan type: Quick Scan
Objects scanned: 95490
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-08-10.06 - User 08/15/2009 21:37.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.646 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1145c5.msi
c:\windows\Installer\17e641.msi
c:\windows\Installer\199ccc5.msi
c:\windows\Installer\1f3a6.msi
c:\windows\Installer\1fe07.msi
c:\windows\Installer\393826.msi
c:\windows\Installer\55521.msi
c:\windows\Installer\568a9.msi
c:\windows\Installer\5db0b.msi
c:\windows\Installer\6bf15.msi
c:\windows\Installer\a7496.msi
c:\windows\TEMP\logishrd\LVPrcInj01.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCPROC


((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.

2009-08-15 21:49 . 2009-08-15 21:49 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 16:58 . 2009-08-09 17:07 -------- d-----w- c:\documents and settings\User\Application Data\Reg Tool
2009-08-09 16:58 . 2009-08-09 17:02 -------- d-----w- c:\program files\Reg Tool
2009-08-09 16:52 . 2009-08-09 16:52 -------- d-----w- c:\program files\Windows Defender
2009-08-09 16:37 . 2009-08-09 16:37 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2009-08-09 15:52 . 2009-08-09 15:58 -------- d-----w- c:\program files\RegCure
2009-08-09 06:10 . 2009-08-09 06:10 -------- d-----w- C:\8c124f04d79973546ed5a80d37
2009-08-09 05:25 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-09 05:25 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-09 05:25 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-09 05:25 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-09 05:25 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-09 05:25 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-09 05:25 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-09 05:25 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-06 02:38 . 2009-08-06 02:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-30 19:46 . 2009-07-30 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Windows Desktop Search
2009-07-30 19:46 . 2009-08-01 07:01 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-30 19:46 . 2009-07-30 19:46 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-30 19:44 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-30 19:44 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-30 19:44 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 01:43 . 2009-02-10 00:50 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-08-16 01:42 . 2008-07-19 16:13 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-16 01:42 . 2008-07-19 16:13 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-16 01:42 . 2003-12-02 03:09 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
2009-08-16 01:42 . 2003-12-02 03:09 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
2009-08-15 21:50 . 2005-03-02 02:15 -------- d-----w- c:\program files\Java
2009-08-15 21:44 . 2009-02-10 02:21 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-08-09 16:57 . 2008-12-28 22:21 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-08-09 15:59 . 2004-04-25 19:15 71424 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 06:14 . 2008-07-19 16:49 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2009-08-04 20:07 . 2005-08-10 20:33 -------- d-----w- c:\program files\World of Warcraft
2009-07-26 04:50 . 2008-07-19 03:16 -------- d-----w- c:\program files\Real Alternative
2009-07-25 09:23 . 2008-11-28 00:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 07:01 . 2008-12-29 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-14 20:41 . 2009-07-14 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-13 17:36 . 2009-07-14 20:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-07-14 20:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 16:50 . 2004-02-06 22:05 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2003-12-22 09:20 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 04:24 . 2008-05-27 02:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-09-08 02:01 . 2004-09-08 02:01 56 -csh--r- c:\windows\system32\88510203B7.sys
2009-03-21 14:06 . 2003-03-31 12:00 158658 --sha-r- c:\windows\system32\ucgkglr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 135168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-21 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sxfceuy

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:World of Warcraft
"8087:TCP"= 8087:TCP:World of Warcraft
"9081:TCP"= 9081:TCP:World of Warcraft
"9090:TCP"= 9090:TCP:World of Warcraft
"9097:TCP"= 9097:TCP:World of Warcraft
"9100:TCP"= 9100:TCP:World of Warcraft
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6891:TCP"= 6891:TCP:Blizzard Downloader
"6892:TCP"= 6892:TCP:Blizzard Downloader
"6893:TCP"= 6893:TCP:Blizzard Downloader
"6894:TCP"= 6894:TCP:Blizzard Downloader
"6895:TCP"= 6895:TCP:Blizzard Downloader
"6890:TCP"= 6890:TCP:Blizzard Downloader
"6896:TCP"= 6896:TCP:Blizzard Downloader
"6897:TCP"= 6897:TCP:Blizzard Downloader
"6898:TCP"= 6898:TCP:Blizzard Downloader
"6899:TCP"= 6899:TCP:Blizzard Downloader
"6900:TCP"= 6900:TCP:Blizzard Downloader
"6901:TCP"= 6901:TCP:Blizzard Downloader
"6902:TCP"= 6902:TCP:Blizzard Downloader
"6903:TCP"= 6903:TCP:Blizzard Downloader
"6904:TCP"= 6904:TCP:Blizzard Downloader
"6905:TCP"= 6905:TCP:Blizzard Downloader
"6906:TCP"= 6906:TCP:Blizzard Downloader
"6907:TCP"= 6907:TCP:Blizzard Downloader
"6908:TCP"= 6908:TCP:Blizzard Downloader
"6909:TCP"= 6909:TCP:Blizzard Downloader
"6910:TCP"= 6910:TCP:Blizzard Downloader
"6911:TCP"= 6911:TCP:Blizzard Downloader
"6912:TCP"= 6912:TCP:Blizzard Downloader
"6913:TCP"= 6913:TCP:Blizzard Downloader
"6914:TCP"= 6914:TCP:Blizzard Downloader
"6915:TCP"= 6915:TCP:Blizzard Downloader
"6916:TCP"= 6916:TCP:Blizzard Downloader
"6917:TCP"= 6917:TCP:Blizzard Downloader
"6918:TCP"= 6918:TCP:Blizzard Downloader
"6919:TCP"= 6919:TCP:Blizzard Downloader
"6920:TCP"= 6920:TCP:Blizzard Downloader
"6921:TCP"= 6921:TCP:Blizzard Downloader
"6922:TCP"= 6922:TCP:Blizzard Downloader
"6923:TCP"= 6923:TCP:Blizzard Downloader
"6924:TCP"= 6924:TCP:Blizzard Downloader
"6925:TCP"= 6925:TCP:Blizzard Downloader
"6926:TCP"= 6926:TCP:Blizzard Downloader
"6927:TCP"= 6927:TCP:Blizzard Downloader
"6928:TCP"= 6928:TCP:Blizzard Downloader
"6929:TCP"= 6929:TCP:Blizzard Downloader
"6930:TCP"= 6930:TCP:Blizzard Downloader
"6931:TCP"= 6931:TCP:Blizzard Downloader
"6932:TCP"= 6932:TCP:Blizzard Downloader
"6933:TCP"= 6933:TCP:Blizzard Downloader
"6934:TCP"= 6934:TCP:Blizzard Downloader
"6935:TCP"= 6935:TCP:Blizzard Downloader
"6936:TCP"= 6936:TCP:Blizzard Downloader
"6937:TCP"= 6937:TCP:Blizzard Downloader
"6938:TCP"= 6938:TCP:Blizzard Downloader
"6939:TCP"= 6939:TCP:Blizzard Downloader
"6940:TCP"= 6940:TCP:Blizzard Downloader
"6941:TCP"= 6941:TCP:Blizzard Downloader
"6942:TCP"= 6942:TCP:Blizzard Downloader
"6943:TCP"= 6943:TCP:Blizzard Downloader
"6944:TCP"= 6944:TCP:Blizzard Downloader
"6945:TCP"= 6945:TCP:Blizzard Downloader
"6946:TCP"= 6946:TCP:Blizzard Downloader
"6947:TCP"= 6947:TCP:Blizzard Downloader
"6948:TCP"= 6948:TCP:Blizzard Downloader
"6949:TCP"= 6949:TCP:Blizzard Downloader
"6950:TCP"= 6950:TCP:Blizzard Downloader
"6951:TCP"= 6951:TCP:Blizzard Downloader
"6952:TCP"= 6952:TCP:Blizzard Downloader
"6953:TCP"= 6953:TCP:Blizzard Downloader
"6957:TCP"= 6957:TCP:Blizzard Downloader
"6958:TCP"= 6958:TCP:Blizzard Downloader
"6959:TCP"= 6959:TCP:Blizzard Downloader
"6960:TCP"= 6960:TCP:Blizzard Downloader
"6961:TCP"= 6961:TCP:Blizzard Downloader
"6962:TCP"= 6962:TCP:Blizzard Downloader
"6963:TCP"= 6963:TCP:Blizzard Downloader
"6964:TCP"= 6964:TCP:Blizzard Downloader
"6965:TCP"= 6965:TCP:Blizzard Downloader
"6966:TCP"= 6966:TCP:Blizzard Downloader
"6967:TCP"= 6967:TCP:Blizzard Downloader
"6968:TCP"= 6968:TCP:Blizzard Downloader
"6969:TCP"= 6969:TCP:Blizzard Downloader
"6970:TCP"= 6970:TCP:Blizzard Downloader
"6971:TCP"= 6971:TCP:Blizzard Downloader
"6972:TCP"= 6972:TCP:Blizzard Downloader
"6973:TCP"= 6973:TCP:Blizzard Downloader
"6974:TCP"= 6974:TCP:Blizzard Downloader
"6975:TCP"= 6975:TCP:Blizzard Downloader
"6976:TCP"= 6976:TCP:Blizzard Downloader
"6977:TCP"= 6977:TCP:Blizzard Downloader
"6978:TCP"= 6978:TCP:Blizzard Downloader
"6979:TCP"= 6979:TCP:Blizzard Downloader
"6980:TCP"= 6980:TCP:Blizzard Downloader
"6981:TCP"= 6981:TCP:Blizzard Downloader
"6982:TCP"= 6982:TCP:Blizzard Downloader
"6983:TCP"= 6983:TCP:Blizzard Downloader
"6984:TCP"= 6984:TCP:Blizzard Downloader
"6985:TCP"= 6985:TCP:Blizzard Downloader
"6986:TCP"= 6986:TCP:Blizzard Downloader
"6987:TCP"= 6987:TCP:Blizzard Downloader
"6988:TCP"= 6988:TCP:Blizzard Downloader
"6989:TCP"= 6989:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"6956:TCP"= 6956:TCP:Blizzard Downloader
"6955:TCP"= 6955:TCP:Blizzard Downloader
"6954:TCP"= 6954:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9105:TCP"= 9105:TCP:nhnsmdto

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [12/28/2008 6:38 PM 23200]
S2 sckjqlxr;Network Installer;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 8:00 AM 14336]
S3 bjsfos;bjsfos; [x]
S3 bzqpxwqc;bzqpxwqc;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 iywwnxomf;iywwnxomf;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 LSWL_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [9/14/2006 5:47 PM 41232]
S3 mqxuqs;mqxuqs;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 parhjt;parhjt;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 qjhaennwj;qjhaennwj; [x]
S3 qweodvv;qweodvv; [x]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 tsprpinf;tsprpinf;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 wpmpnri;wpmpnri; [x]
S3 xssdt;xssdt;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 ympne;ympne; [x]
S3 zhzfyxs;zhzfyxs; [x]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wwslgodl
sckjqlxr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2009-08-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-02-14 03:20]

2009-08-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-02-14 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9863xxpq.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.johnshopkins.edu/uPortal/render.userLayoutRootNode.uP
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 21:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bzqpxwqc]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iywwnxomf]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mqxuqs]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\parhjt]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tsprpinf]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xssdt]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sckjqlxr]
"ServiceDll"="c:\windows\system32\ucgkglr.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7580)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-08-16 21:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 01:46

Pre-Run: 27,761,958,912 bytes free
Post-Run: 27,663,683,584 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

374

Hello.

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\Rnure.dat

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sxfceuy]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9105:TCP"=-

Driver::
sckjqlxr
bjsfos
bzqpxwqc
iywwnxomf
mqxuqs
parhjt
qjhaennwj
qweodvv
SetupNTGLM7X
tsprpinf
wpmpnri
xssdt
ympne
zhzfyxs

NetSvc::
wwslgodl
sckjqlxr

DDS::
mSearch Bar =

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-08-20.07 - User 08/21/2009 20:08.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.701 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\windows\Rnure.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SCKJQLXR
-------\Legacy_SETUPNTGLM7X
-------\Service_bjsfos
-------\Service_bzqpxwqc
-------\Service_iywwnxomf
-------\Service_mqxuqs
-------\Service_parhjt
-------\Service_qjhaennwj
-------\Service_qweodvv
-------\Service_sckjqlxr
-------\Service_SetupNTGLM7X
-------\Service_tsprpinf
-------\Service_wpmpnri
-------\Service_xssdt
-------\Service_ympne
-------\Service_zhzfyxs


((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-15 21:49 . 2009-08-15 21:49 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 16:58 . 2009-08-09 17:07 -------- d-----w- c:\documents and settings\User\Application Data\Reg Tool
2009-08-09 16:58 . 2009-08-09 17:02 -------- d-----w- c:\program files\Reg Tool
2009-08-09 16:52 . 2009-08-09 16:52 -------- d-----w- c:\program files\Windows Defender
2009-08-09 16:37 . 2009-08-09 16:37 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2009-08-09 15:52 . 2009-08-09 15:58 -------- d-----w- c:\program files\RegCure
2009-08-09 06:10 . 2009-08-09 06:10 -------- d-----w- C:\8c124f04d79973546ed5a80d37
2009-08-09 05:25 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-09 05:25 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-09 05:25 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-09 05:25 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-09 05:25 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-09 05:25 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-09 05:25 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-09 05:25 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-06 02:38 . 2009-08-06 02:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-07-30 19:46 . 2009-07-30 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Windows Desktop Search
2009-07-30 19:46 . 2009-08-01 07:01 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-30 19:46 . 2009-07-30 19:46 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-30 19:44 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-30 19:44 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-30 19:44 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 00:13 . 2009-02-10 00:50 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-08-22 00:13 . 2008-07-19 16:13 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-22 00:13 . 2008-07-19 16:13 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-22 00:12 . 2003-12-02 03:09 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
2009-08-22 00:12 . 2003-12-02 03:09 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
2009-08-22 00:03 . 2009-02-10 02:21 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-08-16 06:22 . 2008-12-28 22:21 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-08-15 21:50 . 2005-03-02 02:15 -------- d-----w- c:\program files\Java
2009-08-09 15:59 . 2004-04-25 19:15 71424 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 06:14 . 2008-07-19 16:49 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2009-08-04 20:07 . 2005-08-10 20:33 -------- d-----w- c:\program files\World of Warcraft
2009-07-26 04:50 . 2008-07-19 03:16 -------- d-----w- c:\program files\Real Alternative
2009-07-25 09:23 . 2008-11-28 00:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 07:01 . 2008-12-29 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-14 20:41 . 2009-07-14 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-13 17:36 . 2009-07-14 20:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-07-14 20:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 16:50 . 2004-02-06 22:05 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2003-12-22 09:20 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 04:24 . 2008-05-27 02:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-09-08 02:01 . 2004-09-08 02:01 56 -csh--r- c:\windows\system32\88510203B7.sys
2009-03-21 14:06 . 2003-03-31 12:00 158658 --sha-r- c:\windows\system32\ucgkglr.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-16_01.43.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 00:13 . 2009-08-22 00:13 16384 c:\windows\Temp\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 135168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-21 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:World of Warcraft
"8087:TCP"= 8087:TCP:World of Warcraft
"9081:TCP"= 9081:TCP:World of Warcraft
"9090:TCP"= 9090:TCP:World of Warcraft
"9097:TCP"= 9097:TCP:World of Warcraft
"9100:TCP"= 9100:TCP:World of Warcraft
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6891:TCP"= 6891:TCP:Blizzard Downloader
"6892:TCP"= 6892:TCP:Blizzard Downloader
"6893:TCP"= 6893:TCP:Blizzard Downloader
"6894:TCP"= 6894:TCP:Blizzard Downloader
"6895:TCP"= 6895:TCP:Blizzard Downloader
"6890:TCP"= 6890:TCP:Blizzard Downloader
"6896:TCP"= 6896:TCP:Blizzard Downloader
"6897:TCP"= 6897:TCP:Blizzard Downloader
"6898:TCP"= 6898:TCP:Blizzard Downloader
"6899:TCP"= 6899:TCP:Blizzard Downloader
"6900:TCP"= 6900:TCP:Blizzard Downloader
"6901:TCP"= 6901:TCP:Blizzard Downloader
"6902:TCP"= 6902:TCP:Blizzard Downloader
"6903:TCP"= 6903:TCP:Blizzard Downloader
"6904:TCP"= 6904:TCP:Blizzard Downloader
"6905:TCP"= 6905:TCP:Blizzard Downloader
"6906:TCP"= 6906:TCP:Blizzard Downloader
"6907:TCP"= 6907:TCP:Blizzard Downloader
"6908:TCP"= 6908:TCP:Blizzard Downloader
"6909:TCP"= 6909:TCP:Blizzard Downloader
"6910:TCP"= 6910:TCP:Blizzard Downloader
"6911:TCP"= 6911:TCP:Blizzard Downloader
"6912:TCP"= 6912:TCP:Blizzard Downloader
"6913:TCP"= 6913:TCP:Blizzard Downloader
"6914:TCP"= 6914:TCP:Blizzard Downloader
"6915:TCP"= 6915:TCP:Blizzard Downloader
"6916:TCP"= 6916:TCP:Blizzard Downloader
"6917:TCP"= 6917:TCP:Blizzard Downloader
"6918:TCP"= 6918:TCP:Blizzard Downloader
"6919:TCP"= 6919:TCP:Blizzard Downloader
"6920:TCP"= 6920:TCP:Blizzard Downloader
"6921:TCP"= 6921:TCP:Blizzard Downloader
"6922:TCP"= 6922:TCP:Blizzard Downloader
"6923:TCP"= 6923:TCP:Blizzard Downloader
"6924:TCP"= 6924:TCP:Blizzard Downloader
"6925:TCP"= 6925:TCP:Blizzard Downloader
"6926:TCP"= 6926:TCP:Blizzard Downloader
"6927:TCP"= 6927:TCP:Blizzard Downloader
"6928:TCP"= 6928:TCP:Blizzard Downloader
"6929:TCP"= 6929:TCP:Blizzard Downloader
"6930:TCP"= 6930:TCP:Blizzard Downloader
"6931:TCP"= 6931:TCP:Blizzard Downloader
"6932:TCP"= 6932:TCP:Blizzard Downloader
"6933:TCP"= 6933:TCP:Blizzard Downloader
"6934:TCP"= 6934:TCP:Blizzard Downloader
"6935:TCP"= 6935:TCP:Blizzard Downloader
"6936:TCP"= 6936:TCP:Blizzard Downloader
"6937:TCP"= 6937:TCP:Blizzard Downloader
"6938:TCP"= 6938:TCP:Blizzard Downloader
"6939:TCP"= 6939:TCP:Blizzard Downloader
"6940:TCP"= 6940:TCP:Blizzard Downloader
"6941:TCP"= 6941:TCP:Blizzard Downloader
"6942:TCP"= 6942:TCP:Blizzard Downloader
"6943:TCP"= 6943:TCP:Blizzard Downloader
"6944:TCP"= 6944:TCP:Blizzard Downloader
"6945:TCP"= 6945:TCP:Blizzard Downloader
"6946:TCP"= 6946:TCP:Blizzard Downloader
"6947:TCP"= 6947:TCP:Blizzard Downloader
"6948:TCP"= 6948:TCP:Blizzard Downloader
"6949:TCP"= 6949:TCP:Blizzard Downloader
"6950:TCP"= 6950:TCP:Blizzard Downloader
"6951:TCP"= 6951:TCP:Blizzard Downloader
"6952:TCP"= 6952:TCP:Blizzard Downloader
"6953:TCP"= 6953:TCP:Blizzard Downloader
"6957:TCP"= 6957:TCP:Blizzard Downloader
"6958:TCP"= 6958:TCP:Blizzard Downloader
"6959:TCP"= 6959:TCP:Blizzard Downloader
"6960:TCP"= 6960:TCP:Blizzard Downloader
"6961:TCP"= 6961:TCP:Blizzard Downloader
"6962:TCP"= 6962:TCP:Blizzard Downloader
"6963:TCP"= 6963:TCP:Blizzard Downloader
"6964:TCP"= 6964:TCP:Blizzard Downloader
"6965:TCP"= 6965:TCP:Blizzard Downloader
"6966:TCP"= 6966:TCP:Blizzard Downloader
"6967:TCP"= 6967:TCP:Blizzard Downloader
"6968:TCP"= 6968:TCP:Blizzard Downloader
"6969:TCP"= 6969:TCP:Blizzard Downloader
"6970:TCP"= 6970:TCP:Blizzard Downloader
"6971:TCP"= 6971:TCP:Blizzard Downloader
"6972:TCP"= 6972:TCP:Blizzard Downloader
"6973:TCP"= 6973:TCP:Blizzard Downloader
"6974:TCP"= 6974:TCP:Blizzard Downloader
"6975:TCP"= 6975:TCP:Blizzard Downloader
"6976:TCP"= 6976:TCP:Blizzard Downloader
"6977:TCP"= 6977:TCP:Blizzard Downloader
"6978:TCP"= 6978:TCP:Blizzard Downloader
"6979:TCP"= 6979:TCP:Blizzard Downloader
"6980:TCP"= 6980:TCP:Blizzard Downloader
"6981:TCP"= 6981:TCP:Blizzard Downloader
"6982:TCP"= 6982:TCP:Blizzard Downloader
"6983:TCP"= 6983:TCP:Blizzard Downloader
"6984:TCP"= 6984:TCP:Blizzard Downloader
"6985:TCP"= 6985:TCP:Blizzard Downloader
"6986:TCP"= 6986:TCP:Blizzard Downloader
"6987:TCP"= 6987:TCP:Blizzard Downloader
"6988:TCP"= 6988:TCP:Blizzard Downloader
"6989:TCP"= 6989:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"6956:TCP"= 6956:TCP:Blizzard Downloader
"6955:TCP"= 6955:TCP:Blizzard Downloader
"6954:TCP"= 6954:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [12/28/2008 6:38 PM 23200]
S3 LSWL_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [9/14/2006 5:47 PM 41232]
S3 souexvcp;souexvcp;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2009-08-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-02-14 03:20]

2009-08-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-02-14 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9863xxpq.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.johnshopkins.edu/uPortal/render.userLayoutRootNode.uP
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 20:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\souexvcp]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8096)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\windows\SoftwareDistribution\Download\e4c2007810f05e435207a9313d458bee\update\update.exe
.
**************************************************************************
.
Completion time: 2009-08-22 20:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 00:16
ComboFix2.txt 2009-08-16 01:46

Pre-Run: 27,304,304,640 bytes free
Post-Run: 27,191,349,248 bytes free

350

Now open a new notepad file.
Input this into the notepad file:

Folder::
C:\8c124f04d79973546ed5a80d37

Driver::
souexvcp

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-08-21.02 - User 08/22/2009 14:40.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.648 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\8c124f04d79973546ed5a80d37
c:\8c124f04d79973546ed5a80d37\amd64\filterpipelineprintproc.dll
c:\8c124f04d79973546ed5a80d37\amd64\msxpsdrv.cat
c:\8c124f04d79973546ed5a80d37\amd64\msxpsdrv.inf
c:\8c124f04d79973546ed5a80d37\amd64\msxpsinc.gpd
c:\8c124f04d79973546ed5a80d37\amd64\msxpsinc.ppd
c:\8c124f04d79973546ed5a80d37\amd64\mxdwdrv.dll
c:\8c124f04d79973546ed5a80d37\amd64\xpssvcs.dll
c:\8c124f04d79973546ed5a80d37\i386\filterpipelineprintproc.dll
c:\8c124f04d79973546ed5a80d37\i386\msxpsdrv.cat
c:\8c124f04d79973546ed5a80d37\i386\msxpsdrv.inf
c:\8c124f04d79973546ed5a80d37\i386\msxpsinc.gpd
c:\8c124f04d79973546ed5a80d37\i386\msxpsinc.ppd
c:\8c124f04d79973546ed5a80d37\i386\mxdwdrv.dll
c:\8c124f04d79973546ed5a80d37\i386\xpssvcs.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_souexvcp


((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-22 02:48 . 2009-08-22 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-22 00:16 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-15 21:49 . 2009-08-15 21:49 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 16:58 . 2009-08-09 17:07 -------- d-----w- c:\documents and settings\User\Application Data\Reg Tool
2009-08-09 16:58 . 2009-08-09 17:02 -------- d-----w- c:\program files\Reg Tool
2009-08-09 16:52 . 2009-08-09 16:52 -------- d-----w- c:\program files\Windows Defender
2009-08-09 16:37 . 2009-08-09 16:37 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PCHealth
2009-08-09 15:52 . 2009-08-09 15:58 -------- d-----w- c:\program files\RegCure
2009-08-09 05:25 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-08-09 05:25 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-08-09 05:25 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-08-09 05:25 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-08-09 05:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-08-09 05:25 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-08-09 05:25 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-08-09 05:25 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-08-09 05:25 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-08-06 02:38 . 2009-08-06 02:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 19:46 . 2009-07-30 19:46 -------- d-----w- c:\documents and settings\User\Application Data\Windows Desktop Search
2009-07-30 19:46 . 2009-08-01 07:01 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-30 19:46 . 2009-07-30 19:46 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-30 19:44 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-30 19:44 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-30 19:44 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 18:46 . 2009-02-10 00:50 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-08-22 18:45 . 2008-07-19 16:13 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-08-22 18:45 . 2008-07-19 16:13 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-08-22 18:44 . 2003-12-02 03:09 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
2009-08-22 18:44 . 2003-12-02 03:09 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000002-00001102-00000004-20021102}.dat
2009-08-22 18:15 . 2005-08-10 20:33 -------- d-----w- c:\program files\World of Warcraft
2009-08-22 18:14 . 2009-02-10 02:21 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-08-22 02:48 . 2008-12-28 22:21 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2009-08-15 21:50 . 2005-03-02 02:15 -------- d-----w- c:\program files\Java
2009-08-09 15:59 . 2004-04-25 19:15 71424 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 06:14 . 2008-07-19 16:49 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2009-08-05 09:01 . 2003-12-02 03:06 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 04:50 . 2008-07-19 03:16 -------- d-----w- c:\program files\Real Alternative
2009-07-25 09:23 . 2008-11-28 00:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 07:01 . 2008-12-29 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 20:57 . 2009-07-14 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-14 20:41 . 2009-07-14 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-13 17:36 . 2009-07-14 20:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 17:36 . 2009-07-14 20:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 14:08 . 2004-04-23 23:11 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:50 . 2004-02-06 22:05 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2003-03-31 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2003-03-31 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2003-03-31 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2003-12-02 12:15 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-03-31 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-12-22 09:20 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 04:24 . 2008-05-27 02:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2004-09-08 02:01 . 2004-09-08 02:01 56 -csh--r- c:\windows\system32\88510203B7.sys
2009-03-21 14:06 . 2003-03-31 12:00 158658 --sha-r- c:\windows\system32\ucgkglr.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-16_01.43.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 18:45 . 2009-08-22 18:45 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2004-04-23 23:11 . 2009-07-13 14:08 286720 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\1232319.msp
+ 2003-09-17 04:25 . 2009-07-13 14:08 5537792 c:\windows\system32\wmp.dll
- 2003-09-17 04:25 . 2007-04-30 12:20 5537792 c:\windows\system32\wmp.dll
+ 2003-09-17 04:25 . 2009-07-13 14:08 5537792 c:\windows\system32\dllcache\wmp.dll
- 2003-09-17 04:25 . 2007-04-30 12:20 5537792 c:\windows\system32\dllcache\wmp.dll
+ 2003-12-02 12:15 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 135168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-04-30 966706]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-21 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6999:TCP"= 6999:TCP:Blizzard Downloader
"8086:TCP"= 8086:TCP:World of Warcraft
"8087:TCP"= 8087:TCP:World of Warcraft
"9081:TCP"= 9081:TCP:World of Warcraft
"9090:TCP"= 9090:TCP:World of Warcraft
"9097:TCP"= 9097:TCP:World of Warcraft
"9100:TCP"= 9100:TCP:World of Warcraft
"6882:TCP"= 6882:TCP:Blizzard Downloader
"6883:TCP"= 6883:TCP:Blizzard Downloader
"6884:TCP"= 6884:TCP:Blizzard Downloader
"6885:TCP"= 6885:TCP:Blizzard Downloader
"6886:TCP"= 6886:TCP:Blizzard Downloader
"6887:TCP"= 6887:TCP:Blizzard Downloader
"6888:TCP"= 6888:TCP:Blizzard Downloader
"6889:TCP"= 6889:TCP:Blizzard Downloader
"6891:TCP"= 6891:TCP:Blizzard Downloader
"6892:TCP"= 6892:TCP:Blizzard Downloader
"6893:TCP"= 6893:TCP:Blizzard Downloader
"6894:TCP"= 6894:TCP:Blizzard Downloader
"6895:TCP"= 6895:TCP:Blizzard Downloader
"6890:TCP"= 6890:TCP:Blizzard Downloader
"6896:TCP"= 6896:TCP:Blizzard Downloader
"6897:TCP"= 6897:TCP:Blizzard Downloader
"6898:TCP"= 6898:TCP:Blizzard Downloader
"6899:TCP"= 6899:TCP:Blizzard Downloader
"6900:TCP"= 6900:TCP:Blizzard Downloader
"6901:TCP"= 6901:TCP:Blizzard Downloader
"6902:TCP"= 6902:TCP:Blizzard Downloader
"6903:TCP"= 6903:TCP:Blizzard Downloader
"6904:TCP"= 6904:TCP:Blizzard Downloader
"6905:TCP"= 6905:TCP:Blizzard Downloader
"6906:TCP"= 6906:TCP:Blizzard Downloader
"6907:TCP"= 6907:TCP:Blizzard Downloader
"6908:TCP"= 6908:TCP:Blizzard Downloader
"6909:TCP"= 6909:TCP:Blizzard Downloader
"6910:TCP"= 6910:TCP:Blizzard Downloader
"6911:TCP"= 6911:TCP:Blizzard Downloader
"6912:TCP"= 6912:TCP:Blizzard Downloader
"6913:TCP"= 6913:TCP:Blizzard Downloader
"6914:TCP"= 6914:TCP:Blizzard Downloader
"6915:TCP"= 6915:TCP:Blizzard Downloader
"6916:TCP"= 6916:TCP:Blizzard Downloader
"6917:TCP"= 6917:TCP:Blizzard Downloader
"6918:TCP"= 6918:TCP:Blizzard Downloader
"6919:TCP"= 6919:TCP:Blizzard Downloader
"6920:TCP"= 6920:TCP:Blizzard Downloader
"6921:TCP"= 6921:TCP:Blizzard Downloader
"6922:TCP"= 6922:TCP:Blizzard Downloader
"6923:TCP"= 6923:TCP:Blizzard Downloader
"6924:TCP"= 6924:TCP:Blizzard Downloader
"6925:TCP"= 6925:TCP:Blizzard Downloader
"6926:TCP"= 6926:TCP:Blizzard Downloader
"6927:TCP"= 6927:TCP:Blizzard Downloader
"6928:TCP"= 6928:TCP:Blizzard Downloader
"6929:TCP"= 6929:TCP:Blizzard Downloader
"6930:TCP"= 6930:TCP:Blizzard Downloader
"6931:TCP"= 6931:TCP:Blizzard Downloader
"6932:TCP"= 6932:TCP:Blizzard Downloader
"6933:TCP"= 6933:TCP:Blizzard Downloader
"6934:TCP"= 6934:TCP:Blizzard Downloader
"6935:TCP"= 6935:TCP:Blizzard Downloader
"6936:TCP"= 6936:TCP:Blizzard Downloader
"6937:TCP"= 6937:TCP:Blizzard Downloader
"6938:TCP"= 6938:TCP:Blizzard Downloader
"6939:TCP"= 6939:TCP:Blizzard Downloader
"6940:TCP"= 6940:TCP:Blizzard Downloader
"6941:TCP"= 6941:TCP:Blizzard Downloader
"6942:TCP"= 6942:TCP:Blizzard Downloader
"6943:TCP"= 6943:TCP:Blizzard Downloader
"6944:TCP"= 6944:TCP:Blizzard Downloader
"6945:TCP"= 6945:TCP:Blizzard Downloader
"6946:TCP"= 6946:TCP:Blizzard Downloader
"6947:TCP"= 6947:TCP:Blizzard Downloader
"6948:TCP"= 6948:TCP:Blizzard Downloader
"6949:TCP"= 6949:TCP:Blizzard Downloader
"6950:TCP"= 6950:TCP:Blizzard Downloader
"6951:TCP"= 6951:TCP:Blizzard Downloader
"6952:TCP"= 6952:TCP:Blizzard Downloader
"6953:TCP"= 6953:TCP:Blizzard Downloader
"6957:TCP"= 6957:TCP:Blizzard Downloader
"6958:TCP"= 6958:TCP:Blizzard Downloader
"6959:TCP"= 6959:TCP:Blizzard Downloader
"6960:TCP"= 6960:TCP:Blizzard Downloader
"6961:TCP"= 6961:TCP:Blizzard Downloader
"6962:TCP"= 6962:TCP:Blizzard Downloader
"6963:TCP"= 6963:TCP:Blizzard Downloader
"6964:TCP"= 6964:TCP:Blizzard Downloader
"6965:TCP"= 6965:TCP:Blizzard Downloader
"6966:TCP"= 6966:TCP:Blizzard Downloader
"6967:TCP"= 6967:TCP:Blizzard Downloader
"6968:TCP"= 6968:TCP:Blizzard Downloader
"6969:TCP"= 6969:TCP:Blizzard Downloader
"6970:TCP"= 6970:TCP:Blizzard Downloader
"6971:TCP"= 6971:TCP:Blizzard Downloader
"6972:TCP"= 6972:TCP:Blizzard Downloader
"6973:TCP"= 6973:TCP:Blizzard Downloader
"6974:TCP"= 6974:TCP:Blizzard Downloader
"6975:TCP"= 6975:TCP:Blizzard Downloader
"6976:TCP"= 6976:TCP:Blizzard Downloader
"6977:TCP"= 6977:TCP:Blizzard Downloader
"6978:TCP"= 6978:TCP:Blizzard Downloader
"6979:TCP"= 6979:TCP:Blizzard Downloader
"6980:TCP"= 6980:TCP:Blizzard Downloader
"6981:TCP"= 6981:TCP:Blizzard Downloader
"6982:TCP"= 6982:TCP:Blizzard Downloader
"6983:TCP"= 6983:TCP:Blizzard Downloader
"6984:TCP"= 6984:TCP:Blizzard Downloader
"6985:TCP"= 6985:TCP:Blizzard Downloader
"6986:TCP"= 6986:TCP:Blizzard Downloader
"6987:TCP"= 6987:TCP:Blizzard Downloader
"6988:TCP"= 6988:TCP:Blizzard Downloader
"6989:TCP"= 6989:TCP:Blizzard Downloader
"6990:TCP"= 6990:TCP:Blizzard Downloader
"6991:TCP"= 6991:TCP:Blizzard Downloader
"6992:TCP"= 6992:TCP:Blizzard Downloader
"6993:TCP"= 6993:TCP:Blizzard Downloader
"6994:TCP"= 6994:TCP:Blizzard Downloader
"6995:TCP"= 6995:TCP:Blizzard Downloader
"6996:TCP"= 6996:TCP:Blizzard Downloader
"6997:TCP"= 6997:TCP:Blizzard Downloader
"6998:TCP"= 6998:TCP:Blizzard Downloader
"6956:TCP"= 6956:TCP:Blizzard Downloader
"6955:TCP"= 6955:TCP:Blizzard Downloader
"6954:TCP"= 6954:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [12/28/2008 6:38 PM 23200]
S3 LSWL_USB;Instant Wireless USB Network Adapter ver.2.5 Driver;c:\windows\system32\drivers\LSWLUSB.sys [9/14/2006 5:47 PM 41232]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2009-08-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-02-14 03:20]

2009-08-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-02-14 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9863xxpq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxps://my.johnshopkins.edu/uPortal/render.userLayoutRootNode.uP
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 14:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5160)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Ahead\InCD\incdsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-08-22 14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 18:48
ComboFix2.txt 2009-08-22 00:16
ComboFix3.txt 2009-08-16 01:46

Pre-Run: 27,413,790,720 bytes free
Post-Run: 27,356,868,608 bytes free

367 --- E O F --- 2009-08-22 05:31

Update Malwarebytes anti malware and do a quick scan, once done, post the results back here.

Malwarebytes' Anti-Malware 1.39
Database version: 2430
Windows 5.1.2600 Service Pack 3

8/23/2009 11:25:49 AM
mbam-log-2009-08-23 (11-25-49).txt

Scan type: Quick Scan
Objects scanned: 95371
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Fine, thank you for all your help! If it's alright, I have a similar problem with my laptop, should I create a new thread for it or just continue this one?

Create a new one please.