PLZ i need help removing "Total Security" 100% FREE

Plz i need help removing "Total Security"!!!I've tried everything i could to remove it.
I've tried Malware,SpyHunter etc.

I've also tried going to my computer and make the hȋdden folders visible.I've found the file for Total Security and tried to delete it

So PLZ PLZ PLZ PLZ PLZ PLZ help me remove it.

Hi

ComboFix

Please download ComboFix from Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective
  programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Do not mouse-click Combofix's window while it is running. That may cause it to stall.

ComboFix 09-10-07.05 - Raymond 09/10/2009 14:07.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.196 [GMT 11:00]
Running from: c:\documents and settings\Raymond\Desktop\ComboFix.exe
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Raymond\LOCALS~1\Temp\nsf5.tmp\NotifyIcon.dll
c:\docume~1\Raymond\LOCALS~1\Temp\nsf5.tmp\ShutdownAllow.dll
c:\documents and settings\Raymond\Local Settings\Temp\nsf5.tmp\NotifyIcon.dll
c:\documents and settings\Raymond\Local Settings\Temp\nsf5.tmp\ShutdownAllow.dll
c:\program files\MyWebSearch
c:\program files\TS\tsc.exe
c:\windows\system32\drivers\gasfkywylvmpxv.sys
c:\windows\system32\gasfkybwuuesth.dll
c:\windows\system32\gasfkycbqpppyv.dat
c:\windows\system32\gasfkyhftiqjxa.dll
c:\windows\system32\gasfkyospyaflu.dat
c:\windows\system32\gasfkyxylnrpxu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gasfkyqwmimrmw
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_gasfkyqwmimrmw
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.

2009-10-07 06:37 . 2009-10-07 07:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-07 05:47 . 2009-10-07 05:47 -------- d-----w- c:\program files\Enigma Software Group
2009-10-07 02:58 . 2009-10-07 02:58 -------- d-----w- c:\documents and settings\Raymond\Application Data\Malwarebytes
2009-10-07 02:58 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-07 02:58 . 2009-10-07 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 02:58 . 2009-10-07 02:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-07 02:58 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 13:05 . 2009-10-06 13:05 -------- d-----w- C:\Nexon
2009-10-06 13:05 . 2009-10-06 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2009-10-06 11:30 . 2009-10-09 03:03 -------- d-----w- c:\documents and settings\Raymond\Tracing
2009-10-06 11:28 . 2009-10-09 01:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-06 11:28 . 2009-10-06 11:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-06 11:23 . 2009-10-06 11:23 -------- d-----w- c:\program files\Microsoft
2009-10-06 11:22 . 2009-10-06 11:22 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-06 10:52 . 2009-10-06 10:52 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-06 10:46 . 2009-10-06 10:46 -------- d-----w- c:\program files\NudgeMania
2009-10-06 00:58 . 2009-10-06 00:59 148992 ----a-w- c:\windows\system32\41-v5.exe
2009-10-03 14:13 . 2009-10-03 14:13 -------- d-----w- c:\documents and settings\Raymond\Application Data\Bandoo
2009-10-03 14:12 . 2009-10-03 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
2009-10-03 14:12 . 2009-10-03 14:13 -------- d-----w- c:\program files\Bandoo
2009-10-03 14:05 . 2009-10-06 10:26 -------- d-----w- c:\documents and settings\Raymond\Application Data\iMeshMediabarTb
2009-10-03 14:05 . 2009-10-03 14:05 -------- d-----w- c:\program files\iMeshMediabarTb
2009-10-03 14:04 . 2009-10-03 14:04 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\iMesh
2009-10-03 14:04 . 2009-10-03 14:04 -------- d-----w- c:\program files\iMesh Applications
2009-10-03 04:44 . 2009-10-03 04:44 -------- d-----w- c:\program files\Pcsx2
2009-10-02 10:04 . 2008-10-16 04:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-02 10:04 . 2008-10-16 04:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-01 12:15 . 2000-04-06 23:54 28672 ----a-w- c:\windows\wutil.dll
2009-10-01 12:05 . 1999-10-11 01:01 41984 ----a-w- c:\windows\CTREGRUN.EXE
2009-10-01 11:08 . 2009-10-01 11:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Vodafone
2009-10-01 08:23 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-10-01 08:22 . 2009-10-01 08:22 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-01 08:16 . 2009-10-01 08:16 -------- d-----w- c:\documents and settings\Raymond\Contacts
2009-10-01 08:15 . 2009-10-02 11:47 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-01 08:07 . 2009-10-01 08:09 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-10-01 08:07 . 2009-10-06 11:27 -------- d-----w- c:\program files\Windows Live
2009-10-01 08:07 . 2009-10-01 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller
2009-10-01 07:00 . 2009-10-01 07:00 -------- d-----w- c:\program files\Pivot Stickfigure Animator
2009-09-27 12:37 . 2009-09-27 12:37 -------- d-----w- C:\Mr_Dead's Warez
2009-09-26 07:37 . 2009-09-26 07:37 -------- d-----w- c:\documents and settings\Raymond\Application Data\Blitware
2009-09-26 07:37 . 2009-09-26 07:37 -------- d-----w- c:\program files\Driver Robot
2009-09-26 06:51 . 2009-09-26 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-09-26 06:51 . 2009-09-26 06:51 -------- d-----w- c:\program files\RegCure
2009-09-26 06:20 . 2009-09-26 06:20 -------- d-----w- c:\program files\Dolphin
2009-09-26 02:06 . 2009-09-26 02:06 -------- d-----w- c:\program files\Common Files\AOL
2009-09-26 02:06 . 2009-09-26 02:06 335 ----a-w- c:\windows\nsreg.dat
2009-09-26 00:51 . 2009-09-26 02:06 2090 ----a-w- c:\windows\eReg.dat
2009-09-26 00:51 . 2009-09-26 00:51 -------- d-----w- c:\program files\Electronic Arts
2009-09-26 00:51 . 1999-04-02 06:37 33792 ----a-r- c:\windows\NPSExec.exe
2009-09-26 00:50 . 2009-09-26 00:50 -------- d-----w- c:\program files\Maxis
2009-09-26 00:49 . 1998-10-29 06:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-09-26 00:49 . 2009-09-26 00:49 -------- d-----w- c:\documents and settings\Raymond\WINDOWS
2009-09-24 04:48 . 2009-09-24 04:48 -------- d-----w- c:\program files\LittleFighter2
2009-09-19 03:48 . 2009-09-21 06:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-19 03:38 . 2009-09-19 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-19 03:19 . 2009-09-19 03:21 -------- d-----w- c:\windows\system32\Adobe
2009-09-18 14:06 . 2009-09-18 14:06 -------- d-----w- c:\program files\Common Files\TSUninstall
2009-09-18 14:05 . 2009-10-09 03:14 -------- d-----w- c:\program files\TS
2009-09-18 12:59 . 2009-09-18 12:59 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2009-09-17 06:18 . 2009-10-07 02:23 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Temp
2009-09-17 06:18 . 2009-09-17 06:20 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Google
2009-09-17 06:18 . 2009-09-17 06:18 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Deployment
2009-09-16 08:07 . 2009-10-06 15:19 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\PMB Files
2009-09-16 08:07 . 2009-10-06 12:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-09-16 08:06 . 2009-09-16 08:06 -------- d-----w- c:\program files\Pando Networks
2009-09-13 08:08 . 2009-09-13 08:08 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-13 08:08 . 2009-09-13 08:08 -------- d-----w- c:\program files\MSBuild
2009-09-13 08:08 . 2009-09-13 08:08 -------- d-----w- c:\program files\Reference Assemblies
2009-09-13 08:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-13 08:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-13 08:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-13 08:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-13 08:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-13 08:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-13 08:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-13 08:07 . 2009-10-07 06:24 -------- d-----w- C:\ZZZzzzzzZZZZZZ
2009-09-12 04:29 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-11 11:10 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-11 11:10 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-11 10:56 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-11 10:56 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-11 10:56 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-11 10:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-11 10:37 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-11 07:33 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-09-11 07:33 . 2009-10-07 02:02 -------- d--h--w- c:\windows\$hf_mig$
2009-09-10 07:42 . 2009-09-10 07:42 -------- d-----w- C:\Team17
2009-09-10 06:33 . 2009-09-10 06:33 -------- d-----w- c:\documents and settings\Raymond\Application Data\MSNInstaller
2009-09-10 06:23 . 2009-09-10 06:23 -------- d-----w- c:\documents and settings\Raymond\Local Settings\Application Data\Identities
2009-09-09 17:04 . 2008-04-14 00:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2009-09-09 17:04 . 2008-04-14 00:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-09-09 17:04 . 2008-04-14 00:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-09-09 17:04 . 2008-04-14 00:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-09-09 17:04 . 2008-04-14 00:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2009-09-09 17:04 . 2008-04-14 00:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2009-09-09 17:03 . 2008-04-14 00:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2009-09-09 17:03 . 2008-04-14 00:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-09-09 17:03 . 2008-04-13 22:09 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-09-09 17:03 . 2008-04-14 00:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-09-09 17:03 . 2008-04-14 00:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-09-09 17:03 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-09-09 17:03 . 2008-04-14 00:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-09-09 17:03 . 2001-08-17 13:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-09-09 17:01 . 2009-10-08 11:01 -------- d-sh--w- c:\windows\Installer
2009-09-09 17:01 . 2008-04-14 12:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll
2009-09-09 17:01 . 2008-04-14 12:00 61440 -c--a-w- c:\windows\system32\dllcache\spcplui.dll
2009-09-09 17:01 . 2008-04-14 12:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll
2009-09-09 17:01 . 2009-10-09 03:14 -------- d-----r- C:\Program Files
2009-09-09 17:01 . 2008-04-14 12:00 741376 -c--a-w- c:\windows\system32\dllcache\sapi.dll
2009-09-09 17:01 . 2008-04-14 12:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe
2009-09-09 16:59 . 2009-09-09 07:20 -------- d--h--w- c:\documents and settings\Default User
2009-09-09 16:59 . 2009-09-09 07:12 -------- d-----w- c:\documents and settings\All Users
2009-09-09 16:35 . 2009-10-09 03:03 -------- d-----w- c:\windows\system32\CatRoot2
2009-09-09 16:35 . 2009-10-06 11:25 -------- d-----w- c:\windows\system32\CatRoot
2009-09-09 14:04 . 2009-09-09 07:20 -------- d-----w- C:\Documents and Settings

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 11:29 . 2009-09-09 07:47 64176 ----a-w- c:\documents and settings\Raymond\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-01 12:05 . 2009-09-09 07:56 -------- d-----w- c:\program files\Creative
2009-09-26 01:50 . 2009-09-09 07:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 16:35 . 2009-09-09 16:35 0 ----a-w- c:\windows\SET1.tmp
2009-09-09 14:03 . 2009-09-09 13:42 37 ----a-w- c:\documents and settings\Raymond\jagex_runescape_preferences.dat
2009-09-09 13:45 . 2009-09-09 13:44 45 ----a-w- c:\documents and settings\Raymond\jagex_runescape_preferences2.dat
2009-09-09 13:41 . 2009-09-09 13:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 13:41 . 2009-09-09 13:41 -------- d-----w- c:\program files\Java
2009-09-09 11:17 . 2009-09-09 11:17 -------- d-----w- c:\documents and settings\Raymond\Application Data\CyberLink
2009-09-09 11:17 . 2009-09-09 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-09 08:14 . 2009-09-09 08:14 -------- d-----w- c:\program files\C-Media PCI Audio
2009-09-09 08:14 . 2009-09-09 07:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-09 07:59 . 2009-09-09 07:56 -------- d-----w- c:\program files\Carambis
2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\documents and settings\Raymond\Application Data\Vodafone
2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-09-09 07:47 . 2009-09-09 07:47 -------- d-----w- c:\documents and settings\LocalService\Application Data\Vodafone
2009-09-09 07:46 . 2009-09-09 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Vodafone
2009-09-09 07:46 . 2009-09-09 07:46 -------- d-----w- c:\program files\Vodafone
2009-09-09 07:43 . 2009-09-09 07:43 8464 ----a-w- c:\windows\system32\SpOrder.dll
2009-09-09 07:40 . 2009-09-09 07:39 -------- d-----w- c:\program files\CyberLink
2009-09-09 07:37 . 2009-09-09 07:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-09 07:29 . 2009-09-09 07:29 -------- d-----w- c:\program files\Common Files\L&H
2009-09-09 07:28 . 2009-09-09 07:28 -------- d-----w- c:\program files\Microsoft.NET
2009-09-09 07:28 . 2009-09-09 07:28 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-09 07:27 . 2009-09-09 07:27 -------- d-----w- c:\program files\Microsoft Works
2009-09-09 07:13 . 2009-09-09 07:13 -------- d-----w- c:\program files\microsoft frontpage
2009-09-09 07:09 . 2009-09-09 07:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-26 05:44 . 2009-07-26 05:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 02:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58 91568 ----a-w- c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-09-29 07:24 1863616 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Raymond\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-17 133104]
"NudgeMania"="c:\program files\NudgeMania\NudgeMania.exe" [2007-02-25 65821]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-09 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Team17\\Worms World Party\\wwp.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"c:\\Documents and Settings\\Raymond\\Desktop\\Games\\BGM\\bgb.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57773:TCP"= 57773:TCP:Pando Media Booster
"57773:UDP"= 57773:UDP:Pando Media Booster

R2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4/11/2008 12:39 PM 14336]
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.4\DriverRobot.exe [2009-09-26 00:22]

2009-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1220945662-1606980848-1004Core.job
- c:\documents and settings\Raymond\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-17 06:18]

2009-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1220945662-1606980848-1004UA.job
- c:\documents and settings\Raymond\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-17 06:18]

2009-10-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-09 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-07 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.duxet.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {EC7D9EB4-C322-4DC2-92B4-B91A52182EE5} = 203.2.193.67 202.135.30.4
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TS - c:\program files\TS\tsc.exe
HKLM-Run-CmPCIaudio - CMICNFG3.CPL
AddRemove-HijackThis - c:\documents and settings\Raymond\My Documents\Downloads\HijackThis.exe
AddRemove-TS - c:\program files\TS\tsc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 14:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Bandoo\Bandoo.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Raymond\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\docume~1\Raymond\LOCALS~1\Temp\nsz4.tmp\NM.exe
.
**************************************************************************
.
Completion time: 2009-10-09 14:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 03:28

Pre-Run: 13,103,435,776 bytes free
Post-Run: 13,858,480,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

314 --- E O F --- 2009-10-08 11:02

Hi

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   DirLook::
   c:\documents and settings\All Users\Application Data\TEMP
   c:\documents and settings\Raymond\Local Settings\Application Data\PMB Files
   C:\ZZZzzzzzZZZZZZ
   
   Registry::
   [-HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
   
   Folder::
   c:\program files\Bandoo
   c:\documents and settings\Raymond\Application Data\Bandoo
   c:\program files\NudgeMania
   c:\documents and settings\Raymond\Application Data\iMeshMediabarTb
   c:\program files\iMeshMediabarTb
   c:\documents and settings\Raymond\Local Settings\Application Data\iMesh
   c:\program files\iMesh Applications
   C:\Mr_Dead's Warez
   c:\documents and settings\Raymond\Application Data\Blitware
   c:\program files\Driver Robot
   c:\documents and settings\All Users\Application Data\RegCure
   c:\program files\RegCure
   c:\program files\Common Files\TSUninstall
   c:\program files\TS
   
   File::
   c:\windows\system32\41-v5.exe
   
   Suspect::
   c:\windows\system32\drivers\nocashio.sys
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.