Windows Antivirus Pro

It isn't allowing me to run any executables, so as of now I can't post an HJT log.

Nevermind, was able to get one

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:51 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\svchast.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\cmd.execf
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\32788R22FWJFW\swreg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.Adobe.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10939 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Here's the log:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

8/19/2009 5:03:22 PM
mbam-log-2009-08-19 (17-03-22).txt

Scan type: Quick Scan
Objects scanned: 105669
Time elapsed: 12 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\system32\desot.exe "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.

The window for Antivirus Pro is still popping up after the desktop loads.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-08-10.06 - HP_Owner 08/19/2009 21:48.5.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1470.998 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\svchast.exe
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe


.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 68856]
"Octoshape Streaming Services"="c:\documents and settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-05 344064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-15 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-15 27136]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-7-23 3191696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-16 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft Public Test2\\Launcher.exe"=
"c:\\Documents and Settings\\HP_Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\hp\\KBD\\kbd.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WoWDownloader
"6112:TCP"= 6112:TCP:WoWDownloader
"6881:TCP"= 6881:TCP:WoWDownloader
"6882:TCP"= 6882:TCP:WoWDownloader
"6883:TCP"= 6883:TCP:WoWDownloader
"6884:TCP"= 6884:TCP:WoWDownloader
"6885:TCP"= 6885:TCP:WoWDownloader
"6886:TCP"= 6886:TCP:WoWDownloader
"6887:TCP"= 6887:TCP:WoWDownloader
"6888:TCP"= 6888:TCP:WoWDownloader
"6889:TCP"= 6889:TCP:WoWDownloader
"6900:TCP"= 6900:TCP:WoWDownloader
"57000:TCP"= 57000:TCP:Pando Media Booster
"57000:UDP"= 57000:UDP:Pando Media Booster
"56615:TCP"= 56615:TCP:Pando Media Booster
"56615:UDP"= 56615:UDP:Pando Media Booster


R2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38926d84-7ada-11dd-a856-0015f2eafc76}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4241471865-1589913580-660304882-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 00:53]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4241471865-1589913580-660304882-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 00:53]
.
- - - - ORPHANS REMOVED - - - -

BHO-{76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - c:\windows\system32\dddesot.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: Adobe.com\www
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
.
------- File Associations -------
.
exefile=c:\windows\system32\desot.exe "%1" %*
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 21:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETjriqrmkm]
"imagepath"="\systemroot\system32\drivers\SKYNETswudlxrv.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETjriqrmkm]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETswudlxrv.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(840)
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-20 21:56
ComboFix-quarantined-files.txt 2009-08-20 01:56
ComboFix2.txt 2009-07-29 18:30

Pre-Run: 70,265,573,376 bytes free
Post-Run: 70,461,186,048 bytes free

199 --- E O F --- 2009-08-13 03:30

Hello.
Please re-download Combofix, don't use an old version.

Now open a new notepad file.
Input this into the notepad file:

Driver::
AntipPro2009_100

RegLockDel::
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETjriqrmkm]

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNETjriqrmkm]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Belahzur,

the user you helped in this thread posted a new topic here: http://www.geekpolice.net/virus-spyware-malware-removal-f11/windows-security-center-t14106.htm#89075

As they did not reply to this topic, after you gave them instructions for ComboFix, they are still having trouble with malware. I have sent them back here to post a new HijackThis log, so you can continually help them.

Thanks.

Sorry about that. Here's the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:14 PM, on 9/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Protection System\psystem.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Protection System] "C:\Program Files\Protection System\psystem.exe" -noscan
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.Adobe.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12269 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [Protection System] "C:\Program Files\Protection System\psystem.exe" -noscan
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

9/11/2009 6:56:52 PM
mbam-log-2009-09-11 (18-56-52).txt

Scan type: Quick Scan
Objects scanned: 100057
Time elapsed: 42 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\protection system (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\protection system\blacklist.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\core.cga (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\firewall.dll (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\program files\protection system\help.ico (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\protection system\Protection System Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\protection system\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\protection system\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETtuwtpopn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETyrsybrnk.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACmowdpltewl.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\UACtqfvitrxhr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Hello, your Malwarebytes signature database is out of date, please update malwarebytes and do a quick scan again.

Malwarebytes' Anti-Malware 1.41
Database version: 2784
Windows 5.1.2600 Service Pack 3

9/12/2009 11:30:20 AM
mbam-log-2009-09-12 (11-30-20).txt

Scan type: Quick Scan
Objects scanned: 107167
Time elapsed: 47 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{58101905-d80f-4788-96f6-98618186178a} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\skynetjriqrmkm (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcm80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcp80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\Program Files\Windows Police Pro\msvcr80.dll (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

Can you re-run Combofix now please?

ComboFix 09-09-12.A0 - HP_Owner 09/13/2009 9:47.7.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1470.314 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1351 [VPS 090912-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\temp\IadHide5.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UACD.SYS


((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-09 21:31 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-09 21:31 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-09 21:31 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-09 21:31 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-09 21:31 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-09 21:31 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-09 21:31 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-09 21:31 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-09 21:30 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-09 21:30 . 2009-09-09 21:30 -------- d-----w- c:\program files\Alwil Software
2009-09-09 10:30 . 2009-09-13 14:11 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\LimeWire
2009-09-01 14:12 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-01 14:12 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-01 14:12 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-01 14:12 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-01 14:12 . 2009-09-01 14:12 -------- d-----w- c:\program files\Avira
2009-09-01 14:12 . 2009-09-01 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-21 16:58 . 2009-08-21 16:58 -------- d-----w- c:\program files\World of Warcraft ArenaS3.temp
2009-08-20 02:14 . 2009-08-20 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 18:52 . 2009-03-03 22:42 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Xfire
2009-09-12 14:41 . 2009-02-19 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:54 . 2009-07-27 19:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-07-27 19:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 14:15 . 2009-05-27 10:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-02 04:38 . 2009-03-03 22:42 -------- d-----w- c:\program files\Xfire
2009-09-01 18:32 . 2008-07-15 21:35 -------- d-----w- c:\program files\World of Warcraft
2009-08-21 17:00 . 2008-08-16 05:01 -------- d-----w- c:\program files\VstPlugins
2009-08-21 16:31 . 2007-12-25 01:11 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-12 05:26 . 2009-08-12 05:26 -------- d-----w- c:\program files\PayPal
2009-08-12 05:26 . 2006-02-16 04:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 05:26 . 2009-08-12 05:26 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\InstallShield
2009-08-08 16:50 . 2009-08-03 04:42 -------- d-----w- c:\program files\Cain
2009-08-07 01:00 . 2008-10-27 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-06 23:39 . 2009-08-06 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-06 23:35 . 2008-10-27 01:00 -------- d-----w- c:\program files\Yahoo!
2009-08-05 09:01 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 04:43 . 2009-08-03 04:42 -------- d-----w- c:\program files\WinPcap
2009-07-30 07:04 . 2009-07-30 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-30 07:04 . 2009-07-30 01:10 -------- d-----w- c:\program files\NOS
2009-07-28 23:18 . 2004-08-04 04:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-07-27 20:01 . 2009-07-27 20:01 15785 ----a-w- c:\documents and settings\HP_Owner\Application Data\wewytowequ.dll
2009-07-27 20:01 . 2009-07-27 20:01 15338 ----a-w- c:\documents and settings\HP_Owner\Application Data\dykarynywo.pif
2009-07-27 20:01 . 2009-07-27 20:01 15283 ----a-w- c:\documents and settings\HP_Owner\Application Data\odigatik.sys
2009-07-27 20:01 . 2009-07-27 20:01 13746 ----a-w- c:\program files\Common Files\igisubahu.com
2009-07-27 20:01 . 2009-07-27 20:01 12332 ----a-w- c:\documents and settings\HP_Owner\Application Data\cusovexab.dll
2009-07-23 14:22 . 2009-03-15 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-07-17 22:15 . 2007-12-25 01:19 57624 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 22:14 . 2009-07-17 22:14 -------- d-----w- c:\program files\Guitar Pro 5
2009-07-17 19:01 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-20_01.52.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-09-13 14:09 . 2009-09-13 14:09 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
+ 2009-09-12 15:32 . 2009-09-12 15:32 16384 c:\windows\temp\Perflib_Perfdata_6e4.dat
+ 2009-09-01 14:12 . 2009-05-11 14:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2009-09-03 15:47 . 2009-09-03 15:47 78924 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
+ 2009-09-03 15:47 . 2009-09-03 15:47 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009090320090904\index.dat
+ 2005-12-04 15:43 . 2009-09-11 19:58 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-12-04 15:43 . 2009-08-20 01:43 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-12-04 15:43 . 2009-09-11 19:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-08-12 22:21 . 2009-09-11 19:59 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-01 14:11 . 2009-09-01 14:11 228352 c:\windows\Installer\308ceb.msi
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 68856]
"Octoshape Streaming Services"="c:\documents and settings\HP_Owner\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Google Update"="c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-05 344064]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-31 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-15 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-15 27136]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-8-13 3109264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-2-16 36903]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft Public Test2\\Launcher.exe"=
"c:\\Documents and Settings\\HP_Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\hp\\KBD\\kbd.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Documents and Settings\\HP_Owner\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:WoWDownloader
"6112:TCP"= 6112:TCP:WoWDownloader
"6881:TCP"= 6881:TCP:WoWDownloader
"6882:TCP"= 6882:TCP:WoWDownloader
"6883:TCP"= 6883:TCP:WoWDownloader
"6884:TCP"= 6884:TCP:WoWDownloader
"6885:TCP"= 6885:TCP:WoWDownloader
"6886:TCP"= 6886:TCP:WoWDownloader
"6887:TCP"= 6887:TCP:WoWDownloader
"6888:TCP"= 6888:TCP:WoWDownloader
"6889:TCP"= 6889:TCP:WoWDownloader
"6900:TCP"= 6900:TCP:WoWDownloader
"57000:TCP"= 57000:TCP:Pando Media Booster
"57000:UDP"= 57000:UDP:Pando Media Booster
"56615:TCP"= 56615:TCP:Pando Media Booster
"56615:UDP"= 56615:UDP:Pando Media Booster

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/9/2009 5:31 PM 114768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/1/2009 10:12 AM 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/9/2009 5:31 PM 20560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 11:35 AM 50704]
.
Contents of the 'Scheduled Tasks' folder

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4241471865-1589913580-660304882-1009Core.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 00:53]

2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4241471865-1589913580-660304882-1009UA.job
- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 00:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: Adobe.com\www
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8ev2kbg1.default\
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\8ev2kbg1.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 10:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(476)
c:\windows\system32\WININET.dll
c:\program files\Xfire\xfire_toucan_38751.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-13 10:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 14:21
ComboFix2.txt 2009-09-03 17:30
ComboFix3.txt 2009-08-20 01:56
ComboFix4.txt 2009-07-29 18:30

Pre-Run: 59,183,026,176 bytes free
Post-Run: 60,463,181,824 bytes free

356 --- E O F --- 2009-08-13 03:30

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?