Thanks so much for all your help ^^ You're a lifesaver! This computer really is my lifeline and I'm glad you're helping me fix it.
Here's the ComboFix log:
ComboFix 09-10-30.01 - Miranda Rian 11/01/2009 18:04.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1529 [GMT -5:00]
Running from: c:\documents and settings\Miranda Rian\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Microsoft AData
c:\documents and settings\All Users\Microsoft AData\setup.exe
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\documents and settings\Miranda Rian\Start Menu\Programs\Personal Guard 2009
c:\documents and settings\Miranda Rian\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk
c:\documents and settings\Miranda Rian\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk
c:\program files\Personal Guard 2009
c:\program files\Personal Guard 2009\config.scf
c:\program files\Personal Guard 2009\mmbase.sdb
c:\program files\Personal Guard 2009\q.sdb
c:\program files\Personal Guard 2009\vvbase.sdb
c:\windows\microsoftdef.dll
c:\windows\system32\Data
c:\windows\system32\feviliru.dll
c:\windows\system32\fulemege.dll
c:\windows\system32\kopurege.dll
c:\windows\system32\latabaye.dll
c:\windows\system32\logon.exe
c:\windows\system32\pusekudu.dll
c:\windows\system32\sirifiwi.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-11-01 22:55 . 2009-11-01 22:59 -------- dc----w- C:\Combo-Fix
2009-10-31 20:20 . 2009-10-31 20:20 -------- d-----w- c:\documents and settings\Miranda Rian\Application Data\Malwarebytes
2009-10-31 20:20 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 20:19 . 2009-11-01 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 20:19 . 2009-10-31 20:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 20:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 04:25 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-31 04:25 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-31 04:25 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-31 04:25 . 2009-10-31 04:26 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-31 04:25 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-31 04:25 . 2009-10-31 18:29 -------- d-----w- c:\program files\Spyware Doctor
2009-10-31 04:25 . 2009-10-31 04:25 -------- d-----w- c:\documents and settings\Nelwyn Rian\Application Data\PC Tools
2009-10-31 04:25 . 2009-10-31 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-31 04:24 . 2009-11-01 02:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-31 01:49 . 2009-10-31 01:49 -------- d-----w- c:\documents and settings\Nelwyn Rian\Application Data\CyberLink
2009-10-31 01:49 . 2009-10-31 01:49 -------- d-----w- c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\PowerDVD
2009-10-31 00:50 . 2009-11-01 17:01 51197 ----a-w- c:\windows\spoov.exe
2009-10-31 00:50 . 2009-11-01 17:01 47872 ----a-w- c:\windows\certsystem.exe
2009-10-31 00:50 . 2009-11-01 17:01 38352 ----a-w- c:\windows\regred.exe
2009-10-31 00:50 . 2009-11-01 17:01 33149 ----a-w- c:\windows\usexplorer.exe
2009-10-31 00:50 . 2009-11-01 17:01 28320 ----a-w- c:\windows\securits.com
2009-10-29 02:03 . 2009-10-29 02:05 -------- d-----w- c:\program files\Rhapsody
2009-10-28 19:35 . 2009-10-28 19:35 -------- d-----w- c:\documents and settings\Miranda Rian\Local Settings\Application Data\Wizards_of_the_Coast
2009-10-26 01:25 . 2009-10-26 02:14 -------- d-----w- c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\Deployment
2009-10-26 00:14 . 2009-10-29 03:45 797664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-25 21:18 . 2009-10-25 21:18 -------- d-----w- c:\documents and settings\Miranda Rian\Local Settings\Application Data\AdventureTools
2009-10-25 21:16 . 2009-10-25 21:18 -------- d-----w- c:\documents and settings\Miranda Rian\Application Data\AdventureTools
2009-10-25 20:50 . 2009-10-28 19:18 -------- d-----w- c:\program files\Wizards of the Coast
2009-10-16 18:25 . 2009-10-16 18:25 -------- d-----w- c:\documents and settings\Miranda Rian\Local Settings\Application Data\PCHealth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-01 22:46 . 2009-01-11 04:46 -------- d-----w- c:\documents and settings\Miranda Rian\Application Data\uTorrent
2009-11-01 17:10 . 2008-06-08 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-31 18:30 . 2008-01-03 01:58 33640 ----a-w- c:\documents and settings\Miranda Rian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 04:08 . 2007-02-20 13:18 33640 ----a-w- c:\documents and settings\Nelwyn Rian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 01:47 . 2009-01-12 21:30 -------- d-----w- c:\documents and settings\Miranda Rian\Application Data\Corel
2009-10-31 01:47 . 2007-07-23 20:24 -------- d-----w- c:\documents and settings\Nelwyn Rian\Application Data\Corel
2009-10-31 01:47 . 2005-05-06 19:37 -------- d-----w- c:\documents and settings\Richard Rian\Application Data\Corel
2009-10-31 01:46 . 2009-07-29 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-31 01:43 . 2009-07-30 13:26 -------- d-----w- c:\program files\Pando Networks
2009-10-27 19:31 . 2009-07-29 15:59 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-27 19:31 . 2009-07-29 15:59 168 --sh--r- c:\documents and settings\All Users\Application Data\2E4DFE5E92.sys
2009-10-26 01:52 . 2005-04-23 04:41 -------- d-----w- c:\program files\Intel
2009-10-26 01:51 . 2005-04-23 04:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 20:54 . 2009-03-21 02:12 -------- d-----w- c:\program files\StepMania
2009-09-13 20:51 . 2005-04-23 04:49 -------- d-----w- c:\program files\Common Files\Real
2009-09-12 22:33 . 2008-06-03 23:43 -------- d-----w- c:\program files\Windows Live
2009-09-12 22:26 . 2009-02-21 18:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 15:20 . 2009-09-12 15:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-12 15:20 . 2005-04-23 04:40 -------- d-----w- c:\program files\Java
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 10:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-27 17:06 . 2008-06-08 19:02 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-27 17:06 . 2008-06-08 19:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-27 17:06 . 2007-01-02 10:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-21 20:51 . 2009-08-21 20:51 52338 ----a-w- c:\windows\system32\RadLightOggUninstall.exe
2009-08-06 23:24 . 2004-08-04 10:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 10:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2005-04-26 19:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2004-08-04 10:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 10:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2006-05-07 18:35 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-04 10:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 1980-01-01 05:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-08 289072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-12 149280]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-16 2025752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"P17Helper"="P17.dll" - c:\windows\SYSTEM32\P17.dll [2004-06-10 60928]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-27 17:06 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"12933:TCP"= 12933:TCP:BitComet 12933 TCP
"12933:UDP"= 12933:UDP:BitComet 12933 UDP
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [10/30/2009 11:25 PM 206256]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/8/2008 2:02 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/8/2008 2:02 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/9/2008 6:28 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/9/2008 6:28 PM 297752]
S3 dump_wmimmc;dump_wmimmc;\??\f:\the chronicles of spellborn\bin\client\GameGuard\dump_wmimmc.sys --> f:\the chronicles of spellborn\bin\client\GameGuard\dump_wmimmc.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/30/2009 11:25 PM 348824]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.comuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7cmStart Page =
hxxp://www.yahoo.commSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = *.local
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Miranda Rian\Application Data\Mozilla\Firefox\Profiles\ouel5a2r.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
BHO-{149066cb-9998-4b6b-9c8c-e83ff86eb6d5} - sirifiwi.dll
HKCU-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
HKLM-Run-komugemom - c:\windows\system32\musesiwo.dll
HKLM-Run-janakebimo - fulemege.dll
SharedTaskScheduler-{7dda203d-cbad-4203-9b1c-cc6a8bbd4b9d} - c:\windows\system32\musesiwo.dll
SSODL-SysNet-{CE412F8E-B8CB-426C-8BCF-DBED9635E113} - c:\documents and settings\All Users\Microsoft AData\sysnet.dll
SSODL-fezonorob-{7dda203d-cbad-4203-9b1c-cc6a8bbd4b9d} - c:\windows\system32\musesiwo.dll
AddRemove-HijackThis - c:\documents and settings\Miranda Rian\Desktop\HijackThis.exe
AddRemove-Mabinogi - f:\mab\Mabinogi.exe
AddRemove-Station Launcher - f:\sony\Station\Station Launcher\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-01 18:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2232)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2009-11-01 18:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-01 23:26
Pre-Run: 3,963,588,608 bytes free
Post-Run: 10,670,538,752 bytes free
- - End Of File - - 7C6768ED1A54386FBE1E8072A4110217