I kept getting this error while combofix was running. May not be serious, but I thought I'd show you just in case...
Combofix log:
ComboFix 10-07-14.01 - Alexander 07/14/2010 19:09:18.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.126 [GMT -7:00]
Running from: c:\documents and settings\Alexander\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ErrLog.txt
C:\Thumbs.db
c:\windows.1\system32\Cache
c:\windows.1\system32\haha.exe.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 )))))))))))))))))))))))))))))))
.
2010-07-14 10:55 . 2010-07-14 10:59 -------- d-----w- c:\documents and settings\Alexander\.pc_store_32
2010-07-14 10:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows.1\system32\drivers\mbamswissarmy.sys
2010-07-14 10:14 . 2010-07-14 10:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-14 10:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows.1\system32\drivers\mbam.sys
2010-07-12 22:09 . 2010-07-12 22:09 -------- d-----w- c:\windows.1\048298C9A4D3490B9FF9AB023A9238F3.TMP
2010-06-19 05:03 . 2010-06-29 07:57 -------- d-----w- c:\documents and settings\Alexander\.69cache_32
2010-06-16 23:55 . 2009-09-05 00:29 1974616 ----a-w- c:\windows.1\system32\D3DCompiler_42.dll
2010-06-16 23:54 . 2009-09-05 00:29 1892184 ----a-w- c:\windows.1\system32\D3DX9_42.dll
2010-06-16 23:52 . 2010-06-16 23:52 -------- d-----w- c:\windows.1\system32\drivers\umdf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-15 02:16 . 2010-01-22 06:39 -------- d-----w- c:\documents and settings\Alexander\Application Data\DNA
2010-07-14 20:06 . 2009-11-04 06:32 -------- d---a-w- c:\documents and settings\All Users.WINDOWS.1\Application Data\TEMP
2010-07-14 20:06 . 2010-01-22 06:39 -------- d-----w- c:\program files\DNA
2010-07-13 01:46 . 2009-11-07 06:14 99 ----a-w- c:\documents and settings\Alexander\jagex_runescape_preferences2.dat
2010-07-13 01:39 . 2009-11-07 06:14 46 ----a-w- c:\documents and settings\Alexander\jagex_runescape_preferences.dat
2010-07-12 23:44 . 2008-02-18 08:25 -------- d-----w- c:\program files\DivX
2010-07-12 22:04 . 2009-10-10 21:50 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-07-12 22:04 . 2006-07-25 02:54 -------- d-----w- c:\program files\QuickTime
2010-07-12 22:04 . 2009-08-06 01:11 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-07-12 22:04 . 2006-07-25 02:53 -------- d-----w- c:\program files\Java
2010-07-12 22:04 . 2006-12-08 17:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-12 22:04 . 2006-07-25 02:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-27 08:34 . 2009-11-24 09:00 -------- d-----w- c:\documents and settings\Alexander\Application Data\TeamViewer
2010-06-14 14:31 . 2009-11-03 17:17 744448 ----a-w- c:\windows.1\pchealth\helpctr\binaries\helpsvc.exe
2010-06-04 05:31 . 2006-07-25 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-05-25 08:47 . 2010-05-25 08:47 3724801 ----a-w- c:\documents and settings\All Users.WINDOWS.1\SPL18.tmp
2010-05-15 22:37 . 2009-11-10 22:52 138056 ----a-w- c:\documents and settings\Alexander\Application Data\PnkBstrK.sys
2010-05-15 22:37 . 2009-11-10 22:52 138056 ----a-w- c:\documents and settings\Alexander\Application Data\PnkBstrK.sys
2010-05-15 22:37 . 2009-12-09 02:37 189248 ----a-w- c:\windows.1\system32\PnkBstrB.exe
2010-05-12 21:49 . 2010-05-12 21:49 2560 ----a-w- c:\windows.1\_MSRSTRT.EXE
2010-05-12 21:42 . 2009-11-03 17:55 68384 ----a-w- c:\documents and settings\Alexander\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 10:41 . 2008-04-14 05:42 916480 ----a-w- c:\windows.1\system32\wininet.dll
2010-05-02 05:22 . 2008-04-14 01:00 1851264 ----a-w- c:\windows.1\system32\win32k.sys
2010-05-01 02:15 . 2009-12-09 02:37 75064 ----a-w- c:\windows.1\system32\PnkBstrA.exe
2010-04-20 06:41 . 2010-04-20 06:41 1175112 ----a-w- c:\documents and settings\All Users.WINDOWS.1\SPL5.tmp
2010-04-20 05:30 . 2008-04-14 05:39 285696 ----a-w- c:\windows.1\system32\atmfd.dll
.
------- Sigcheck -------
[-] 2008-07-19 . 649B4101C35E996E1866037C28A5FD42 . 1614848 . . [5.1.2600.5512] . . c:\windows.1\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2010-01-22 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-02-15 3168216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"msnmsgrv7"="c:\documents and settings\Alexander\msnmsgr7.exe" [2009-10-14 30208]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS.1\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS.1\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS.1\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS.1\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:Internet
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 pctgntdi;pctgntdi;c:\windows.1\system32\drivers\pctgntdi.sys [11/3/2009 11:33 PM 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/9/2009 11:53 PM 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows.1\system32\drivers\PCTAppEvent.sys [11/3/2009 11:33 PM 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows.1\system32\drivers\pctNdis-PacketFilter.sys [11/3/2009 11:32 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows.1\system32\drivers\pctNdis.sys [10/12/2009 5:54 PM 58816]
R3 pctplfw;pctplfw;c:\windows.1\system32\drivers\pctplfw.sys [11/3/2009 11:32 PM 115216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows.1\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows.1\system32\DRIVERS\ManyCam.sys --> c:\windows.1\system32\DRIVERS\ManyCam.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows.1\system32\GameMon.des -service --> c:\windows.1\system32\GameMon.des -service [?]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows.1\system32\drivers\pctNdis-DNS.sys [11/3/2009 11:32 PM 32680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows.1\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 XDva337;XDva337;\??\c:\windows.1\system32\XDva337.sys --> c:\windows.1\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows.1\system32\XDva341.sys --> c:\windows.1\system32\XDva341.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-06-20 c:\windows.1\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -
hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cabFF - ProfilePath - c:\documents and settings\Alexander\Application Data\Mozilla\Firefox\Profiles\gigk9imp.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - plugin: c:\documents and settings\All Users.WINDOWS.1\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Steam - f:\steam\Steam.exe
HKLM-Run-OpenDNS Update - c:\program files\OpenDNS Updater\OpenDNS Updater.exe
AddRemove-PopCap Browser Plugin - c:\program files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-14 19:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows.1\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(956)
c:\windows.1\system32\Ati2evxx.dll
.
Completion time: 2010-07-14 19:23:04
ComboFix-quarantined-files.txt 2010-07-15 02:22
Pre-Run: 8,893,685,760 bytes free
Post-Run: 8,918,200,320 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.1="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 1020D7DC6BD6C8680058F79AA78E0761