win32/cryptor found in Iexplorer.exe and evchost.exe

DDS (Ver_09-05-14.01) - NTFSx86
Run by handsome kevin at 0:19:47.14 on Sat 05/16/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.292 [GMT 10:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kiwee Toolbar2\1.4.127\kwtbaim.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Apps\EZHome\EZStatus.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\handsome kevin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar2\1.4.127\KiweeIEToolbar.dll
mURLSearchHooks: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar2\1.4.127\KiweeIEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar2\1.4.127\KiweeIEToolbar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: 100% Free Chess Toolbar: {6f4f95af-1647-4b72-a632-055405455423} - c:\program files\100% free chess toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
TB: Kiwee Toolbar: {6638a9de-0745-4292-8a2e-ae530e7b9b3f} - c:\program files\kiwee toolbar2\1.4.127\KiweeIEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EzStatus] c:\apps\ezhome\EZStatus.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [AdobeBridge]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [VCSPlayer] "c:\program files\virtual cd v4 sdk\system\vcsplay.exe"
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [KiweeHook] "c:\program files\kiwee toolbar2\1.4.127\kwtbaim.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Bron-Spizaetus] "c:\windows\shellnew\sempalong.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [EzStatus] c:\apps\ezhome\EZStatus.exe
dRun: [Tok-Cirrhatus] "c:\documents and settings\handsome kevin\local settings\application data\smss.exe"
StartupFolder: c:\docume~1\handso~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\handso~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\handso~1\startm~1\programs\startup\itunes.lnk - c:\windows\installer\{80fd852f-5aac-4129-b931-06aaffa43138}\iTunesIco.exe
StartupFolder: c:\docume~1\handso~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n034p/EN/install/gtdownlr.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-2 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-2 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-2 108552]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [2007-6-28 49024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-9 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-9 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-6-14 47640]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\virtual cd v4 sdk\system\vcssecs.exe [2007-6-28 139264]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-2-5 710144]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-2-28 12192]
RUnknown jtzy;jtzy; [x]
S2 OneStepSearch Service;OneStepSearch Service;c:\program files\onestep\onestep.exe [2008-9-5 5632]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [1980-1-1 751104]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2008-2-5 15360]
S3 PageFau1t;PageFau1t;\??\c:\documents and settings\handsome kevin\desktop\pagefau1t.sys --> c:\documents and settings\handsome kevin\desktop\PageFau1t.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\xdva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva093;XDva093;\??\c:\windows\system32\xdva093.sys --> c:\windows\system32\XDva093.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\xdva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva129;XDva129;\??\c:\windows\system32\xdva129.sys --> c:\windows\system32\XDva129.sys [?]
S3 XDva181;XDva181;\??\c:\windows\system32\xdva181.sys --> c:\windows\system32\XDva181.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\xdva186.sys --> c:\windows\system32\XDva186.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-05-14 23:13 --d----- C:\_OTMoveIt
2009-04-24 19:23 --d----- c:\program files\Soldat
2009-04-17 10:21 --d----- c:\program files\iPod
2009-04-17 10:21 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 12:45 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-16 12:45 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2009-04-16 12:45 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-16 12:45 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-16 12:45 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 12:45 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-16 12:45 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 12:45 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-16 12:45 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-16 12:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-04-26 09:45 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-26 09:45 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-26 09:44 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-23 21:26 34 a------- c:\documents and settings\handsome kevin\jagex_runescape_preferences.dat
2009-03-22 00:18 986,112 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-07 00:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-05 22:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll

============= FINISH: 0:20:26.29 ===============

Wow, what a mess.
You also have an email worm, it likes to call home and download more malware.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (AVG8)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Nothins happening when I click ComboFix.exe
I have closed AVG8

Hello.
Delete your copy of Combofix you have right now.

Now do this. Re-download Combofix again, but before doing so, read this next instructions for renaming Combofix.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

ComboFix 09-05-14.07 - handsome kevin 05/16/2009 0:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.611 [GMT 10:00]
Running from: c:\documents and settings\handsome kevin\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\handsome kevin\Application Data\ShoppingReport
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\handsome kevin\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\handsome kevin\My Documents\mc-installer-0.8.exe
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\recycler\ADAPT_Installer.exe
c:\windows\100%_Free_Chess_Toolbar_Uninstaller_4921.exe
c:\windows\system32\drivers\UAClkjlnssckbvspfy.sys
c:\windows\system32\drivers\UACwpdwyhktlvltabo.sys
c:\windows\system32\UAChrmlamyxqvoyjte.dll
c:\windows\system32\UAChwvvuptgjilxfuj.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAColmeypneflcxunu.dll
c:\windows\system32\UACqdsxndlakmvekec.log
c:\windows\system32\UACqidlvrdomtlkklf.dll
c:\windows\system32\UACqppepmkhaqkivwm.dll
c:\windows\system32\UACswwwptpxubrqoxg.dll
c:\windows\system32\UACuyavwyqubhyiqrr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-14 13:13 . 2009-05-14 13:13 -------- d-----w C:\_OTMoveIt
2009-05-13 11:15 . 2009-05-13 11:15 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-13 11:15 . 2009-05-13 11:15 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-24 09:23 . 2009-04-26 10:15 -------- d-----w c:\program files\Soldat
2009-04-23 05:57 . 2009-04-23 05:57 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-17 00:21 . 2009-04-17 00:21 -------- d-----w c:\program files\iPod
2009-04-17 00:21 . 2009-04-17 00:21 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 02:45 . 2009-03-06 14:44 283648 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 02:45 . 2005-07-26 04:39 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-16 02:45 . 2009-02-09 10:20 399360 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 02:45 . 2009-02-06 17:14 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 02:45 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 02:45 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 02:45 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 02:45 . 2009-02-09 10:20 616960 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 02:45 . 2009-02-09 10:20 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 02:44 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 14:12 . 2008-06-14 11:12 -------- d-----w c:\program files\LogMeIn
2009-05-15 08:58 . 2007-06-28 02:09 -------- d-----w c:\program files\Java
2009-05-15 08:00 . 2009-02-16 04:35 -------- d-----w c:\program files\Norton Security Scan
2009-05-14 13:55 . 2007-06-28 02:51 110168 ----a-w c:\documents and settings\handsome kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 08:01 . 2007-06-28 02:14 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-01 12:38 . 2008-02-07 06:15 -------- d-----w c:\program files\LimeWire
2009-04-25 23:45 . 2008-06-02 06:08 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-25 23:45 . 2008-06-02 06:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-25 23:44 . 2008-06-02 06:08 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 11:26 . 2008-10-18 12:31 34 ----a-w c:\documents and settings\handsome kevin\jagex_runescape_preferences.dat
2009-04-17 00:21 . 2008-02-04 10:54 -------- d-----w c:\program files\iTunes
2009-04-17 00:21 . 2008-02-04 10:53 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 09:32 . 2008-03-13 05:01 -------- d-----w c:\program files\Valve
2009-04-12 13:11 . 2008-02-28 10:32 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 09:37 . 2009-04-10 09:37 -------- d-----w c:\program files\NeedforMadness_at
2009-04-06 23:44 . 2009-04-06 23:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-06 07:39 . 2009-04-05 09:46 -------- d-----w c:\program files\mIRC
2009-04-06 07:20 . 2008-11-03 06:49 -------- d-----w c:\program files\Warcraft III
2009-04-05 08:34 . 2007-06-28 02:09 -------- d-----w c:\program files\ATI Technologies
2009-04-02 09:16 . 2007-07-03 14:47 -------- d-----w c:\program files\Google
2009-03-25 04:56 . 2009-03-25 04:56 -------- d-----w c:\program files\QuickTime
2009-03-25 04:51 . 2008-03-29 00:54 -------- d-----w c:\program files\Safari
2009-03-25 04:50 . 2009-03-25 04:50 -------- d-----w c:\program files\Bonjour
2009-03-19 06:32 . 2008-01-29 01:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-17 04:55 . 2009-03-15 07:51 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-06 14:44 . 2004-08-10 06:38 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2009-03-25 04:53 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2008-08-02 03:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-08-11 08:41 . 2007-10-04 22:49 67696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-08-11 08:41 . 2007-10-04 22:49 54376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-11 08:41 . 2008-03-07 08:30 34952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-08-11 08:41 . 2008-03-07 08:30 46720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-08-11 08:41 . 2007-10-04 22:49 172144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll" [2008-03-14 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-03-14 03:08 265360 ----a-w c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll" [2008-03-14 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll" [2008-03-14 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EzStatus"="c:\apps\EZHome\EZStatus.exe" [2004-12-20 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-07 81920]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 299008]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"KiweeHook"="c:\program files\Kiwee Toolbar2\1.4.127\kwtbaim.exe" [2008-03-14 56456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-08 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-25 1947928]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-09-10 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-15 2557952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"EzStatus"="c:\apps\EZHome\EZStatus.exe" [2004-12-20 94208]

c:\documents and settings\handsome kevin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-17 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 23:45 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 11:10 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusDisableNotify"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\Warcraft III\\war3.exe"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\Games\\halo\\halo.exe"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Media Converter SA Edition\\Media Converter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6122:TCP"= 6122:TCP:Warcraft

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/2/2008 4:08 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/2/2008 4:08 PM 108552]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [6/28/2007 12:18 PM 49024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/9/2009 7:34 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/9/2009 7:34 PM 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/14/2008 9:12 PM 47640]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 4:53 PM 226656]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [6/28/2007 12:18 PM 139264]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2/5/2008 8:29 PM 710144]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2/28/2008 3:31 PM 12192]
S2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe [9/5/2008 10:23 AM 5632]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [1/1/1980 751104]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2/5/2008 8:58 PM 15360]
S3 PageFau1t;PageFau1t;\??\c:\documents and settings\handsome kevin\Desktop\PageFau1t.sys --> c:\documents and settings\handsome kevin\Desktop\PageFau1t.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva093;XDva093;\??\c:\windows\system32\XDva093.sys --> c:\windows\system32\XDva093.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva129;XDva129;\??\c:\windows\system32\XDva129.sys --> c:\windows\system32\XDva129.sys [?]
S3 XDva181;XDva181;\??\c:\windows\system32\XDva181.sys --> c:\windows\system32\XDva181.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20568520-5420-11dc-aae9-00132014273f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a2844de-99c3-11dd-acb4-00132014273f}]
\Shell\AutoRun\command - F:\mkofh1rk.bat
\Shell\explore\Command - F:\mkofh1rk.bat
\Shell\open\Command - F:\mkofh1rk.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{875c54c8-2d74-11de-90be-00132014273f}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32cf1f8-5ec6-11dc-aaf3-00132014273f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4ee268b-4d56-11dd-ac4e-00132014273f}]
\Shell\AutoRun\command - E:\tmf3w3g0.com
\Shell\explore\Command - E:\tmf3w3g0.com
\Shell\open\Command - E:\tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beaed5c3-3216-11dd-ac1d-00132014273f}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1e835f-251e-11dc-aac6-806d6172696f}]
\Shell\AutoRun\command - D:\launch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2008-12-23 c:\windows\Tasks\At3.job
- c:\program files\norton pc checkup\pc_checkup.exe [2009-01-29 22:10]

2009-05-10 c:\windows\Tasks\At4.job
- c:\program files\norton pc checkup\pc_checkup.exe [2009-01-29 22:10]

2009-05-15 c:\windows\Tasks\Norton Security Scan for handsome kevin.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-18 09:20]
.

- - - - ORPHANS REMOVED - - - -

Toolbar-{6F4F95AF-1647-4B72-A632-055405455423} - c:\program files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
WebBrowser-{6F4F95AF-1647-4B72-A632-055405455423} - c:\program files\100% Free Chess Toolbar\v3.2.0.0\100%_Free_Chess_Toolbar.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-CleanEasyImg - c:\apps\easydvd\cleanall.exe
HKU-Default-Run-Tok-Cirrhatus - c:\documents and settings\handsome kevin\Local Settings\Application Data\smss.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 00:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,6c,84,a2,95,e8,
c3,ee,d8,c8,28,51,af,b0,29,a3,98,1b,5a,55,b7,2c,fe,65,30,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,0b,e8,7a,a4,
8c,3f,82,71,3b,04,66,8b,46,0d,96,2c,46,83,03,6a,cf,97,1f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,b3,d4,5d,e6,86,
b5,2c,29,25,da,ec,7e,55,20,c9,26,af,00,5d,1d,59,65,64,70,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,88,24,86,e3,1b,
da,87,b2,3e,1e,9e,e0,57,5a,93,61,d2,3c,be,a3,d6,6e,8a,73,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e8,03,56,95,d5,
56,8e,59,cd,44,cd,b9,a6,33,6c,cd,96,78,13,26,0a,c5,33,44,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,83,3c,4d,52,6f,
aa,2d,7b,b0,18,ed,a7,3f,8d,37,a4,6a,2b,ff,76,41,fc,ce,ce,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,49,1c,62,bd,f4,
7d,5d,5c,31,77,e1,ba,b1,f8,68,02,7e,e8,49,bf,57,38,78,0b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,21,3c,6c,95,81,
93,15,34,83,6c,56,8b,a0,85,96,ab,f5,f5,9f,b3,b7,ba,fb,55,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d5,82,08,44,f1,
e9,71,db,51,fa,6e,91,28,9e,14,cc,a3,28,39,2c,10,03,cf,1a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6b,11,b5,e1,83,
8c,54,e9,b1,cd,45,5a,a8,c4,f8,b9,5d,dd,cc,ea,a1,1a,a1,6d,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,0b,0b,75,91,54,
38,34,a6,e3,0e,66,d5,eb,bc,2f,6b,d8,b5,95,c0,8d,2a,77,26,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,1a,af,7b,92,3f,
7a,e1,8e,fa,ea,66,7f,d4,3b,6b,70,06,40,74,9e,b5,92,40,cd,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-05-15 0:45
ComboFix-quarantined-files.txt 2009-05-15 14:45

Pre-Run: 68,565,262,336 bytes free
Post-Run: 68,550,029,312 bytes free

367 --- E O F --- 2009-05-13 13:19

Am I close to done? It's almost 1AM and I have saturday school (damn-it!) tomorrow morn. ><

Yeah, theres a few things to tidy up, but it can wait, no serious threat anymore.

Go get some sleep.

Haha alright Thanks.
Good night.

Im backkk!
What's my next step ><

Getting an uninstall log.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

100% Free Chess Toolbar
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
3D Interstellar Voyager
3-D Salt Water Fish Tank Dem-esd Screen Saver
3DVIA player 4.1
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Any Video Converter 2.6.2
AoA Audio Extractor 1.0
Apple Mobile Device Support
Apple Software Update
Ashampoo Photo Commander 5.40
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI Parental Control & Encoder
AVG 8.5
BA Installer
Bonjour
Choice Guard
Combat Arms
Counter-Strike 1.6
COWON Media Center - jetAudio Basic
Cube Maniak 1.8.0.0
Cucusoft YouTube Mate 7.13
Desktop Destroyer 3D Screensaver Free
Digital Locker Assistant
Easy Duplicate Finder v. 2.1
Free Video to iPod Converter version 3.1
Free YouTube Uploader version 1.5
Gabbasoft Cube Demo
GameArena The Arena
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GunboundWC
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB835221
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Intel(R) PRO Network Adapters and Drivers
iTunes
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Junk Mail filter update
Kiwee Toolbar
LimeWire 5.1.2
Liquid Desktop Free
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LogMeIn
Magic DVD Ripper V5.2.1 build 8
Map Button (Windows Live Toolbar)
MapleStory
Media Converter SA Edition 0.8
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Microsoft XML Parser and SDK
mIRC
MobileMe Control Panel
Moleskinsoft Clone Remover 3.3
Mozilla Firefox (2.0.0.16)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music Rescue
Music Rescue 3.1.6 iPod Distribution
Need for Madness
Network Play System (Patching)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Norton PC Checkup
Norton Security Scan
Norton Security Scan (Symantec Corporation)
OneCare Advisor (Windows Live Toolbar)
OneStepSearch 1.0 build 182
OpenOffice.org Installer 1.0
PC Connectivity Solution
Popup Blocker (Windows Live Toolbar)
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Sloud Music Content Inspector 1.4 beta
Smart Link 56K Modem
Smart Menus (Windows Live Toolbar)
Soldat 1.5.0
Soldat 1.5.0
Sonic MyDVD
Sonic RecordNow!
Total Video Converter 3.12 080330
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Windows Driver Package - ASUSTeK (3xHybrid) MEDIA (05/05/2005 1.3.2.5)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xfire (remove only)

Wow.. I dont use half of that stuff. I needa do some cleaning
Computers getting slow XDD

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Adobe Reader 8.1.2
  Java 2 Runtime Environment, SE v1.4.2_05
  Java(TM) 6 Update 2
  Java(TM) 6 Update 3
  Java(TM) 6 Update 5
  LimeWire 5.1.2
  

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
OneStepSearch Service

Folder::
C:\_OTMoveIt
c:\program files\LimeWire
c:\program files\OneStep

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
"AntiVirusDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a2844de-99c3-11dd-acb4-00132014273f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{875c54c8-2d74-11de-90be-00132014273f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4ee268b-4d56-11dd-ac4e-00132014273f}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Hmm.. Why do I need to delete adobe reader? and limewire *presses delete* sob sob*

a new update to combofix? >< *presses download*

You had a rootkit infection, do you want to it come back again? all because you downloaded an infection from Limewire.

Combofix is updated daily, so get the new version if it asks.

ComboFix 09-05-15.06 - handsome kevin 05/17/2009 0:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.467 [GMT 10:00]
Running from: c:\documents and settings\handsome kevin\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\handsome kevin\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_OTMoveIt
c:\_otmoveit\MovedFiles\05142009_231348.log
c:\_otmoveit\MovedFiles\05142009_231348.res
c:\_otmoveit\MovedFiles\05142009_231348\DOCUME~1\HANDSO~1\LOCALS~1\Temp\NGLALog.txt
c:\_otmoveit\MovedFiles\05142009_231348\DOCUME~1\HANDSO~1\LOCALS~1\Temp\NGLATempNokia\Nokia Sans Wide Bold v3.1.ttf
c:\_otmoveit\MovedFiles\05142009_231348\Documents and Settings\handsome kevin\Local Settings\Temporary Internet Files\Content.IE5\O0WPPG9P\MsgrConfig[7].asmx
c:\_otmoveit\MovedFiles\05142009_231348\Documents and Settings\handsome kevin\Local Settings\Temporary Internet Files\Content.IE5\O0WPPG9P\signin[2].htm
c:\_otmoveit\MovedFiles\05142009_231348\Documents and Settings\handsome kevin\Local Settings\Temporary Internet Files\Content.IE5\RREW40LA\acCA02GIG8.htm
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid1340.log
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\LimeWire.rar
c:\program files\OneStep
c:\program files\OneStep\home.js
c:\program files\OneStep\onestep.exe
c:\program files\OneStep\osopt.exe
c:\program files\OneStep\readme.html
c:\program files\OneStep\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ONESTEPSEARCH_SERVICE
-------\Service_OneStepSearch Service


((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-13 11:15 . 2009-05-13 11:15 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-05-13 11:15 . 2009-05-13 11:15 -------- d-sh--w c:\documents and settings\Administrator\IETldCache
2009-04-24 09:23 . 2009-04-26 10:15 -------- d-----w c:\program files\Soldat
2009-04-23 05:57 . 2009-04-23 05:57 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-17 00:21 . 2009-04-17 00:21 -------- d-----w c:\program files\iPod
2009-04-17 00:21 . 2009-04-17 00:21 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 14:17 . 2008-06-14 11:12 -------- d-----w c:\program files\LogMeIn
2009-05-16 14:05 . 2007-06-28 02:09 -------- d-----w c:\program files\Java
2009-05-16 14:02 . 2007-08-14 01:13 -------- d-----w c:\program files\Common Files\Adobe
2009-05-15 08:00 . 2009-02-16 04:35 -------- d-----w c:\program files\Norton Security Scan
2009-05-14 13:55 . 2007-06-28 02:51 110168 ----a-w c:\documents and settings\handsome kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 08:01 . 2007-06-28 02:14 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-25 23:45 . 2008-06-02 06:08 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-25 23:45 . 2008-06-02 06:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-25 23:44 . 2008-06-02 06:08 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 11:26 . 2008-10-18 12:31 34 ----a-w c:\documents and settings\handsome kevin\jagex_runescape_preferences.dat
2009-04-17 00:21 . 2008-02-04 10:54 -------- d-----w c:\program files\iTunes
2009-04-17 00:21 . 2008-02-04 10:53 -------- d-----w c:\program files\Common Files\Apple
2009-04-14 09:32 . 2008-03-13 05:01 -------- d-----w c:\program files\Valve
2009-04-12 13:11 . 2008-02-28 10:32 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 09:37 . 2009-04-10 09:37 -------- d-----w c:\program files\NeedforMadness_at
2009-04-06 23:44 . 2009-04-06 23:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-06 07:39 . 2009-04-05 09:46 -------- d-----w c:\program files\mIRC
2009-04-06 07:20 . 2008-11-03 06:49 -------- d-----w c:\program files\Warcraft III
2009-04-05 08:34 . 2007-06-28 02:09 -------- d-----w c:\program files\ATI Technologies
2009-04-02 09:16 . 2007-07-03 14:47 -------- d-----w c:\program files\Google
2009-03-25 04:56 . 2009-03-25 04:56 -------- d-----w c:\program files\QuickTime
2009-03-25 04:51 . 2008-03-29 00:54 -------- d-----w c:\program files\Safari
2009-03-25 04:50 . 2009-03-25 04:50 -------- d-----w c:\program files\Bonjour
2009-03-19 06:32 . 2008-01-29 01:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:44 . 2004-08-10 06:38 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2009-03-25 04:53 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2008-08-02 03:08 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-08-11 08:41 . 2007-10-04 22:49 67696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-08-11 08:41 . 2007-10-04 22:49 54376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-08-11 08:41 . 2008-03-07 08:30 34952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-08-11 08:41 . 2008-03-07 08:30 46720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-08-11 08:41 . 2007-10-04 22:49 172144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-15_14.44.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-16 14:18 . 2009-05-16 14:18 16384 c:\windows\Temp\Perflib_Perfdata_850.dat
+ 2009-05-16 14:18 . 2009-05-16 14:18 16384 c:\windows\Temp\Perflib_Perfdata_428.dat
+ 2004-08-10 06:38 . 2009-05-16 05:40 63188 c:\windows\system32\perfc009.dat
- 2004-08-10 06:38 . 2009-05-15 14:17 63188 c:\windows\system32\perfc009.dat
+ 2004-08-10 06:38 . 2009-05-16 05:40 403968 c:\windows\system32\perfh009.dat
- 2004-08-10 06:38 . 2009-05-15 14:17 403968 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll" [2008-03-14 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-03-14 03:08 265360 ----a-w c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll" [2008-03-14 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "c:\program files\Kiwee Toolbar2\1.4.127\KiweeIEToolbar.dll" [2008-03-14 265360]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EzStatus"="c:\apps\EZHome\EZStatus.exe" [2004-12-20 94208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-07 81920]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2004-03-04 299008]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-23 33648]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"KiweeHook"="c:\program files\Kiwee Toolbar2\1.4.127\kwtbaim.exe" [2008-03-14 56456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-08 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-25 1947928]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2004-09-10 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-09-15 2557952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"EzStatus"="c:\apps\EZHome\EZStatus.exe" [2004-12-20 94208]

c:\documents and settings\handsome kevin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-17 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 23:45 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 11:10 87352 ----a-w c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Nexon\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\Warcraft III\\war3.exe"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ATI Technologies\\ATI.ACE\\CLI.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\Games\\halo\\halo.exe"=
"c:\\Documents and Settings\\handsome kevin\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Media Converter SA Edition\\Media Converter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6122:TCP"= 6122:TCP:Warcraft

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/2/2008 4:08 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/2/2008 4:08 PM 108552]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\drivers\vcsmpdrv.sys [6/28/2007 12:18 PM 49024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/9/2009 7:34 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/9/2009 7:34 PM 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 3:31 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/14/2008 9:12 PM 47640]
R2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 4:53 PM 226656]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\System\vcssecs.exe [6/28/2007 12:18 PM 139264]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2/5/2008 8:29 PM 710144]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2/28/2008 3:31 PM 12192]
S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [1/1/1980 751104]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2/5/2008 8:58 PM 15360]
S3 PageFau1t;PageFau1t;\??\c:\documents and settings\handsome kevin\Desktop\PageFau1t.sys --> c:\documents and settings\handsome kevin\Desktop\PageFau1t.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]
S3 XDva093;XDva093;\??\c:\windows\system32\XDva093.sys --> c:\windows\system32\XDva093.sys [?]
S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?]
S3 XDva129;XDva129;\??\c:\windows\system32\XDva129.sys --> c:\windows\system32\XDva129.sys [?]
S3 XDva181;XDva181;\??\c:\windows\system32\XDva181.sys --> c:\windows\system32\XDva181.sys [?]
S3 XDva186;XDva186;\??\c:\windows\system32\XDva186.sys --> c:\windows\system32\XDva186.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2008-12-23 c:\windows\Tasks\At3.job
- c:\program files\norton pc checkup\pc_checkup.exe [2009-01-29 22:10]

2009-05-16 c:\windows\Tasks\At4.job
- c:\program files\norton pc checkup\pc_checkup.exe [2009-01-29 22:10]

2009-05-15 c:\windows\Tasks\Norton Security Scan for handsome kevin.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-18 09:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 00:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,6c,84,a2,95,e8,
c3,ee,d8,c8,28,51,af,b0,29,a3,98,1b,5a,55,b7,2c,fe,65,30,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,43,0b,e8,7a,a4,
8c,3f,82,71,3b,04,66,8b,46,0d,96,2c,46,83,03,6a,cf,97,1f,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,b3,d4,5d,e6,86,
b5,2c,29,25,da,ec,7e,55,20,c9,26,af,00,5d,1d,59,65,64,70,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,88,24,86,e3,1b,
da,87,b2,3e,1e,9e,e0,57,5a,93,61,d2,3c,be,a3,d6,6e,8a,73,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e8,03,56,95,d5,
56,8e,59,cd,44,cd,b9,a6,33,6c,cd,96,78,13,26,0a,c5,33,44,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,83,3c,4d,52,6f,
aa,2d,7b,b0,18,ed,a7,3f,8d,37,a4,6a,2b,ff,76,41,fc,ce,ce,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,49,1c,62,bd,f4,
7d,5d,5c,31,77,e1,ba,b1,f8,68,02,7e,e8,49,bf,57,38,78,0b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,21,3c,6c,95,81,
93,15,34,83,6c,56,8b,a0,85,96,ab,f5,f5,9f,b3,b7,ba,fb,55,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,d5,82,08,44,f1,
e9,71,db,51,fa,6e,91,28,9e,14,cc,a3,28,39,2c,10,03,cf,1a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6b,11,b5,e1,83,
8c,54,e9,b1,cd,45,5a,a8,c4,f8,b9,5d,dd,cc,ea,a1,1a,a1,6d,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,0b,0b,75,91,54,
38,34,a6,e3,0e,66,d5,eb,bc,2f,6b,d8,b5,95,c0,8d,2a,77,26,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,1a,af,7b,92,3f,
7a,e1,8e,fa,ea,66,7f,d4,3b,6b,70,06,40,74,9e,b5,92,40,cd,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(880)
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\apps\ABoard\AOSD.EXE
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-05-16 0:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-16 14:23
ComboFix2.txt 2009-05-15 14:45

Pre-Run: 68,714,438,656 bytes free
Post-Run: 68,597,166,080 bytes free

360 --- E O F --- 2009-05-13 13:19

What about adobe reader?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Nothing detected by AVG, and it seems to run smoother with less lag
Thanks heaps.
Could you give me a list of the infections I had just so I can do a bit of research on what they do
Thanks

The main infection was that rootkit, part of the TDSS family.

Thank again, you helped heaps goodnight.