WnPc Virus: How do I get rid of it when Malaware is hijacked?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:35 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Security Solutions Antivirus\bin\ClamTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Jack\Application Data\winav.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Jack\Local Settings\Temporary Internet Files\Content.IE5\YBYZAXPG\hijackgpthis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://movies.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivirprotection.com
O1 - Hosts: 94.232.248.66 www.antivirprotection.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 199638 helper - {65768B48-B004-4B26-9BAC-A3BAC39643D1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BHO - {BBD4551A-9B23-41cd-9BCD-818AA2DA7B63} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\Security Solutions Antivirus\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [AVScan] C:\Documents and Settings\Jack\Application Data\winav.exe
O4 - HKCU\..\Run: [ErrorFix] C:\Program Files\ErrorFix\ErrorFix.exe -boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189468129171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189468236000
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7941 bytes
A few days ago my computer was hacked by the WnPc Antivirus Security Center virus, which poses as a fake security center. I tired to download Malaware to get rid of it, but every time the download is close to being down, WnPc freezes it and stops it. I downloaded hijack and am waiting for your reply as of what to do next.

Above is my hijack logfile.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
  O1 - Hosts: ::1 localhost
  O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
  O1 - Hosts: 94.232.248.66 antivirprotection.com
  O1 - Hosts: 94.232.248.66 www.antivirprotection.com
  O2 - BHO: 199638 helper - {65768B48-B004-4B26-9BAC-A3BAC39643D1} - (no file)
  O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV..

• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-05-25.05 - Jack 05/25/2009 21:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.446 [GMT -4:00]
Running from: c:\documents and settings\Jack\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Microsoft Common
c:\windows\f23567.dat
c:\windows\ieocx.dll
c:\windows\system32\199638
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\UACxpnesejgddohsdi.sys
c:\windows\system32\mdm.exe
c:\windows\system32\UACctjmujvicceodcx.dll
c:\windows\system32\UACeyykyfmmatwpilt.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkdfxuqlmvmdjhgq.log
c:\windows\system32\UACkwuncniiohgvwvu.dll
c:\windows\system32\UAClmykygsarlwtuuo.dat
c:\windows\system32\UACmnvhajeosvjhghf.log
c:\windows\system32\UACmvppyaqnpjcuppi.dll
c:\windows\system32\UACrqpveopshovnklw.dll
c:\windows\system32\UACsvnxyojlqvosuvd.dll
c:\windows\system32\wbem\proquota.exe
c:\windows\t55ft2668f44.dat

----- BITS: Possible infected sites -----

hxxp://downloadsoftwareserver.com
[color=blue]c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\$NtServicePackUninstall$\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 01:14 . 2004-08-04 07:56 50176 -c--a-w c:\windows\system32\dllcache\proquota.exe
2009-05-26 01:14 . 2004-08-04 07:56 50176 ----a-w c:\windows\system32\proquota.exe
2009-05-25 23:01 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-25 23:01 . 2009-05-26 01:09 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-25 23:01 . 2009-05-25 23:34 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-25 23:01 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-25 23:01 . 2009-05-25 23:02 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-25 23:01 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-25 23:01 . 2009-05-26 01:07 -------- d-----w c:\program files\Spyware Doctor
2009-05-25 23:01 . 2009-05-25 23:01 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-25 23:01 . 2009-05-25 23:01 -------- d-----w c:\docume~1\Jack\APPLIC~1\PC Tools
2009-05-24 18:45 . 2009-05-24 19:00 -------- d-----w c:\docume~1\Jack\APPLIC~1\ErrorFix
2009-05-24 18:23 . 2009-05-24 18:27 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\NOS
2009-05-24 18:21 . 2009-05-24 18:27 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-24 18:21 . 2009-05-24 18:21 -------- d-----w c:\program files\NOS
2009-05-24 15:18 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-24 15:18 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 15:18 . 2009-05-24 15:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-24 15:18 . 2009-05-24 15:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 19:48 . 2009-05-12 19:48 1244 ---h--w c:\windows\f5087.dat
2009-05-08 12:38 . 2009-05-08 12:38 -------- d-----w c:\docume~1\Jack\APPLIC~1\.clamwin
2009-05-08 12:38 . 2009-05-08 12:38 -------- d-----w c:\program files\Security Solutions Antivirus
2009-05-08 12:38 . 2009-05-08 12:38 -------- d-----w c:\documents and settings\All Users\.clamwin
2009-05-08 12:25 . 2009-05-23 16:33 -------- d-----w c:\program files\Spyware Protect 2009
2009-05-08 03:55 . 2009-05-08 03:55 -------- d-sh--w c:\documents and settings\Jack\IECompatCache
2009-05-08 02:14 . 2009-05-08 02:14 -------- d-sh--w c:\documents and settings\Jack\PrivacIE
2009-05-08 00:46 . 2009-05-08 00:46 -------- d-sh--w c:\documents and settings\Jack\IETldCache
2009-05-08 00:45 . 2009-05-08 00:45 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-08 00:23 . 2009-05-08 00:23 -------- d-----w c:\windows\system32\scripting
2009-05-08 00:23 . 2009-05-08 00:23 -------- d-----w c:\windows\l2schemas
2009-05-08 00:23 . 2009-05-08 00:23 -------- d-----w c:\windows\system32\en
2009-05-05 02:45 . 2009-05-05 02:45 -------- d-----w c:\windows\ie8updates
2009-05-05 02:38 . 2009-05-05 02:38 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-05 02:38 . 2009-05-05 02:44 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-05 02:38 . 2009-05-05 02:38 -------- d-----w c:\docume~1\Jack\APPLIC~1\Yahoo!
2009-05-05 02:37 . 2009-05-05 02:38 -------- d-----w c:\program files\Yahoo!
2009-05-05 02:35 . 2009-05-05 02:44 -------- dc-h--w c:\windows\ie8
2009-05-05 02:34 . 2009-05-05 02:46 -------- d--h--w c:\windows\msdownld.tmp
2009-05-05 02:32 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-03 15:28 . 2009-05-03 15:28 1174 ----a-w C:\DL32.bat
2009-05-03 15:27 . 2009-05-26 00:49 -------- d-----w c:\windows\system32\796525

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 03:46 . 2009-05-23 03:46 177 ----a-w c:\docume~1\Jack\APPLIC~1\asd.bat
2009-05-23 01:04 . 2009-05-23 01:04 1096704 ----a-w c:\docume~1\Jack\APPLIC~1\winav.exe
2009-05-19 18:19 . 2007-09-18 23:58 -------- d-----w c:\program files\Dl_cats
2009-05-08 11:28 . 2007-09-11 04:05 -------- d-----w c:\documents and settings\All Users\Application Data\avg7
2009-05-08 11:28 . 2007-09-11 04:06 -------- d-----w c:\docume~1\Jack\APPLIC~1\AVG7
2009-05-08 00:28 . 2007-09-10 04:50 77423 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-01 19:38 . 2007-09-12 00:37 -------- d-----w c:\program files\Java
2009-03-08 08:34 . 2006-06-23 15:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2003-07-16 20:32 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2003-07-16 20:25 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2003-07-16 20:49 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2003-07-16 20:23 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2003-07-16 20:30 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2003-07-16 20:30 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2003-07-16 20:35 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2003-07-16 20:35 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2003-07-16 20:36 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2003-07-16 20:41 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"AVScan"="c:\documents and settings\Jack\Application Data\winav.exe" [2009-05-23 1096704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ClamWin"="c:\program files\Security Solutions Antivirus\bin\ClamTray.exe" [2008-08-07 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Spyware Protect 2009\\avscan.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/25/2009 7:01 PM 130936]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/25/2009 7:01 PM 348752]
S2 MOizlameq;MOizlameq;c:\windows\System32\svchost.exe -k netsvcs [7/16/2003 4:47 PM 14336]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/24/2009 2:21 PM 33176]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
MOizlameq

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-ErrorFix - c:\program files\ErrorFix\ErrorFix.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://movies.yahoo.com/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 21:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-26 21:17
ComboFix-quarantined-files.txt 2009-05-26 01:17

Pre-Run: 2,014,011,392 bytes free
Post-Run: 2,757,771,264 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

190 --- E O F --- 2009-05-13 07:02

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\f5087.dat
c:\windows\system32\796525
C:\DL32.bat
c:\docume~1\Jack\APPLIC~1\asd.bat
c:\docume~1\Jack\APPLIC~1\winav.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.