Could Use Some Help

[ArmyVet1CD]

Followed a few other threads. Took that advice and followed suit. This is the log from ComboFix. My IE seems to be taken over. I click on a link in Google and it takes me to some random sites. Haven't tried it yet since running Combo, but here is the log anyway.

ComboFix 09-07-08.02 - Owner 07/08/2009 17:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1094 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090708-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\BM4ba9a43a.txt
c:\windows\BM4ba9a43a.xml
c:\windows\jestertb.dll
c:\windows\ld12.exe
c:\windows\pskt.ini
c:\windows\system32\403445
c:\windows\system32\ccMllnnn.ini
c:\windows\system32\ccMllnnn.ini2
c:\windows\system32\iehelper.dll
c:\windows\system32\JkUDKRqr.ini
c:\windows\system32\JkUDKRqr.ini2
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mcrh.tmp
c:\windows\system32\sykckxeh.ini
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\ykcyqotd.ini
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_drv
-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.
2009-07-08 21:38 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-08 21:38 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-08 05:08 . 2009-07-08 05:08 -------- d-----w- c:\program files\sfx
2009-07-07 17:14 . 2009-07-07 17:15 -------- d-----w- C:\Image Files
2009-07-07 11:49 . 2009-07-07 11:49 -------- d-----w- c:\program files\Vstep
2009-07-04 12:46 . 2009-07-04 12:46 -------- d-----w- c:\program files\Eidos
2009-07-03 00:06 . 2009-07-03 00:06 10134 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-07-03 00:06 . 2009-07-03 00:06 -------- d-----w- c:\program files\Microsoft WSE
2009-07-02 23:55 . 2009-07-02 23:55 -------- d-----w- c:\program files\Electronic Arts
2009-07-01 21:15 . 2009-07-01 21:15 -------- d-----w- c:\program files\Call of Duty Game of the Year Edition
2009-06-30 00:35 . 2008-10-10 22:25 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-30 00:35 . 2008-10-04 14:22 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-06-30 00:35 . 2009-06-30 00:35 -------- d-----w- c:\program files\ffdshow
2009-06-30 00:32 . 2009-06-30 02:01 -------- d-----w- C:\DVDTemp
2009-06-30 00:30 . 2009-06-30 01:58 -------- d-----w- c:\program files\Free DVD Creator
2009-06-29 18:45 . 2009-06-29 18:45 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-29 18:40 . 2009-06-29 18:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Roxio
2009-06-29 18:28 . 2009-06-29 18:28 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-29 18:28 . 2006-08-18 17:17 56056 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2009-06-29 18:28 . 2006-08-18 17:17 92920 ----a-w- c:\windows\DLA.EXE
2009-06-29 18:28 . 2006-08-11 15:05 51768 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2009-06-29 18:28 . 2006-08-11 14:35 12920 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2009-06-29 18:28 . 2006-08-11 14:35 28184 ----a-w- c:\windows\system32\drivers\DLARTL_M.SYS
2009-06-29 18:28 . 2006-07-21 15:21 99176 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2009-06-29 18:28 . 2009-06-29 18:36 -------- d-----w- c:\windows\system32\DLA
2009-06-29 18:14 . 2009-06-29 18:14 -------- d-----w- c:\program files\Common Files\HP
2009-06-29 18:07 . 2005-10-15 02:42 37376 ----a-w- c:\windows\system32\hpz3l43a.dll
2009-06-29 11:22 . 2009-06-29 11:23 -------- d-----w- c:\program files\AC3Filter
2009-06-25 03:13 . 2009-06-27 03:08 155064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-24 15:17 . 2009-06-24 15:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PunkBuster
2009-06-24 15:12 . 2009-07-01 20:31 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-06-24 04:31 . 2009-06-24 04:31 -------- d-----w- c:\program files\USArmy
2009-06-24 02:55 . 2009-06-26 18:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AA3DeployClient
2009-06-24 02:55 . 2009-06-24 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AA3DeployClient
2009-06-24 02:54 . 2009-06-26 18:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2009-06-24 02:39 . 2009-06-24 02:40 -------- d-----w- C:\697f7d78f790b13699b9
2009-06-24 02:39 . 2009-06-24 02:45 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-17 03:03 . 2009-06-17 03:19 302592 ----a-w- c:\windows\system32\EAREMOVE.EXE
2009-06-17 03:03 . 2009-06-17 03:03 -------- d-----w- C:\JANES
2009-06-17 01:06 . 2009-06-17 01:36 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-06-17 01:05 . 2009-06-17 01:06 -------- d-----w- c:\program files\DivX
2009-06-17 01:05 . 2009-06-17 01:06 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-12 01:29 . 2009-06-12 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\VirtualStore
2009-06-12 01:03 . 1999-03-19 20:36 33792 ------w- c:\windows\system32\Eaexec.exe
2009-06-12 01:03 . 1998-05-22 15:52 24576 ------w- c:\windows\system32\ealtest.exe
2009-06-12 01:02 . 2009-06-12 01:02 -------- d-----w- c:\program files\Jane's Combat Simulations
2009-06-12 00:59 . 2009-06-12 00:59 -------- d-----w- C:\FleetCommand Install
2009-06-11 23:33 . 2009-06-11 23:33 -------- d-----w- c:\program files\Linksys
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-10 19:25 . 2009-06-10 19:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Dyyno Receiver
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-08 21:44 . 2008-04-08 18:48 -------- d-----w- c:\program files\DNA
2009-07-08 21:44 . 2008-04-08 18:48 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-07-08 21:44 . 2009-02-04 13:44 5112 ----a-w- c:\windows\GPCIDrv.sys
2009-07-08 21:44 . 2008-04-08 17:15 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-07-08 21:41 . 2008-04-08 17:33 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2009-07-08 21:41 . 2008-04-08 17:33 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat
2009-07-08 21:03 . 2008-11-16 23:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-07-08 21:03 . 2008-11-16 23:25 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-07-08 18:22 . 2008-04-15 19:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-08 17:45 . 2008-05-06 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 13:25 . 2008-04-08 17:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 13:24 . 2009-03-22 15:26 -------- d-----w- c:\program files\Sony
2009-07-07 13:24 . 2008-04-09 13:28 -------- d-----w- c:\program files\EA GAMES
2009-07-07 11:47 . 2008-04-08 21:28 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-07-06 02:29 . 2008-04-08 17:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2009-07-06 02:28 . 2008-04-08 17:19 -------- d-----w- c:\program files\Xfire
2009-07-04 12:44 . 2008-09-01 00:50 -------- d-----w- c:\program files\Singles
2009-07-04 12:28 . 2008-04-08 20:55 -------- d-----w- c:\program files\LucasArts
2009-07-04 12:28 . 2008-04-08 20:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Petroglyph
2009-07-04 12:23 . 2009-01-13 05:45 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-02 23:54 . 2009-02-09 04:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Roxio
2009-07-01 20:32 . 2008-04-08 19:18 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-01 20:32 . 2008-04-08 19:18 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-07-01 20:32 . 2008-04-08 19:18 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-07-01 20:32 . 2008-04-08 19:18 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-01 20:31 . 2008-04-08 19:18 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-29 18:59 . 2008-11-08 18:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Image Zone Express
2009-06-29 18:52 . 2008-11-08 18:11 110058 ----a-w- c:\windows\hpoins08.dat
2009-06-29 18:29 . 2009-02-04 04:53 -------- d-----w- c:\program files\Roxio
2009-06-29 18:29 . 2009-02-04 04:53 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-28 00:35 . 2008-04-08 18:42 -------- d-----w- c:\documents and settings\Owner\Application Data\teamspeak2
2009-06-25 20:03 . 2009-04-27 20:22 -------- d-----w- c:\program files\EQ Pixie
2009-06-25 20:02 . 2008-10-27 21:18 -------- d-----w- c:\program files\Common Files\AOL
2009-06-25 20:02 . 2008-10-27 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-25 20:02 . 2008-10-27 21:29 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
2009-06-25 02:52 . 2008-07-02 18:59 -------- d-----w- c:\program files\Activision Value
2009-06-25 02:51 . 2008-04-28 15:35 -------- d-----w- c:\program files\Microsoft Games
2009-06-24 02:54 . 2008-04-17 16:04 69880 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 01:11 . 2008-05-03 23:36 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-05-16 00:56 . 2009-05-10 21:49 -------- d-----w- c:\program files\rFactor
2009-05-16 00:49 . 2009-05-16 00:49 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2009-05-16 00:49 . 2009-05-16 00:49 -------- d-----w- c:\program files\TeamViewer
2009-05-13 21:54 . 2009-05-13 21:54 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-13 21:54 . 2009-05-13 21:54 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-13 21:54 . 2009-05-13 21:54 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-13 21:54 . 2009-05-13 21:54 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-13 21:54 . 2009-05-13 21:54 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-13 21:54 . 2009-05-13 21:54 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-10 21:56 . 2009-05-10 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-08 23:51 . 2009-05-08 23:51 1915520 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 18:20 . 2008-04-12 16:58 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-27 18:20 . 2008-04-08 17:23 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 02:21 . 2008-08-31 21:45 279712 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-04-10 02:21 . 2008-08-31 21:45 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-21 00:11 . 2008-07-21 00:11 61 --sh--w- c:\windows\cnerolf.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-14 342848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-10-29 25798440]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2007-01-02 544768]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 136600]
"EPSON Stylus Photo R320 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_FATI9FA.EXE" [2004-04-26 98304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"RCScheduleCheck"="c:\program files\VCOM\Recovery Commander\RCSCHED.EXE" [2003-06-09 151552]
"Fix-It AV"="c:\progra~1\VCOM\SYSTEM~1\MemCheck.exe" [2003-06-12 32768]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-10-27 26112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-18 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2002-07-02 24576]
"BridgeDeCor"="BridgeDeCor.exe" - c:\windows\system32\BridgeDeCor.exe [2002-03-26 32768]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"= "c:\program files\VCOM\Recovery Commander\RCHOOK.DLL" [2003-06-12 102400]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-VGA.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Atari\\ArmA\\arma.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ubisoft\\Silent Hunter 4 Wolves of the Pacific\\sh4.exe"=
"c:\\Program Files\\Digi-Watcher.com\\Watcher 2.33\\Watcher.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sudden Strike 3\\SS3Game.exe"=
"c:\\Program Files\\Atari\\ArmA\\beta\\arma.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\rFactor\\rBlack Edition\\rFactor.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\USArmy\\America's Army 3\\Binaries\\AA3Game.exe"=
"c:\\Program Files\\Electronic Arts\\The Sims 3\\Game\\Bin\\Sims3Launcher.exe"=
"c:\\Program Files\\Eidos\\Battlestations Pacific\\bsp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"6881:TCP"= 6881:TCP:Bit Torrent
"6882:TCP"= 6882:TCP:bit torrent
"6969:TCP"= 6969:TCP:BitTorrentPortCheck
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"443:TCP"= 443:TCP:Gtaiv
"8085:TCP"= 8085:TCP:sfx
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/8/2008 2:59 PM 114768]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMH ELPR.SYS [7/11/2008 5:34 PM 4064]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 4:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 51440]
R1 sfxdrv;sfxdrv;c:\program files\sfx\sfx.sys [7/8/2009 1:08 AM 9472]
R1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHD RV76.sys [4/28/2008 12:59 PM 53760]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [4/8/2008 2:59 PM 20560]
R2 Cepstral License Server;Cepstral License Server;c:\program files\Cepstral\bin\CepstralLicSrv.exe [4/18/2008 5:39 PM 57344]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [2/4/2009 9:44 AM 5112]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.s ys [4/8/2008 1:15 PM 17962]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S2 sfx;sfx;c:\windows\system32\svchost.exe -k sfx [8/4/2004 8:00 AM 14336]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2N DIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 STV673;WebCam II;c:\windows\system32\drivers\stv673.sys [10/26/2008 5:01 PM 103548]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
sfx REG_MULTI_SZ sfx
.
Contents of the 'Scheduled Tasks' folder
2009-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-06 03:41]
2009-07-08 c:\windows\Tasks\Scheduled Checkpoint.job
- c:\program files\VCOM\Recovery Commander\RCSCHED.EXE [2008-08-25 19:45]
.
- - - - ORPHANS REMOVED - - - -
BHO-{D977B477-C3D7-4B1C-910F-F18A4FF9335A} - (no file)
HKCU-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
HKLM-Run-CallControl 4.5 - c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-opnmNDtU - opnmNDtU.dll

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fb5gadik.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 17:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-73586283-1580818891-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:45,bc,96,c8,a3,16,1c,19,c2,59,eb,44,44,f2 ,af,0b,f0,26,86,66,48,7e,aa,
4e,a2,fb,85,c5,ad,d9,ff,b4,87,84,2a,64,c5,ab,1d,45 ,72,a2,d5,03,e3,35,ff,8e,\
"??"=hex:08,27,76,34,e7,35,85,98,49,ab,97,49,c3,d3 ,9c,04
[HKEY_USERS\S-1-5-21-73586283-1580818891-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ca,85,6d,3c,4e,28,22,8d,1d,a9,8e,71 ,be,1b,a0,88,02,65,d6,47,25,
b3,77,8e,57,a5,1d,55,85,6e,36,5f,54,35,83,bf,4a,74 ,61,3b,e7,ea,d3,2b,05,cf,\
"rkeysecu"=hex:88,5a,34,a3,95,6e,80,65,96,d2,61,db ,2b,74,a0,fa
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3768)
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\ctagent.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\progra~1\VCOM\SYSTEM~1\MXTask.exe
c:\progra~1\VCOM\SYSTEM~1\MXTask.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WinPlcMan.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-07-08 17:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 21:51
Pre-Run: 26,735,276,032 bytes free
Post-Run: 29,296,349,184 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
382 --- E O F --- 2009-06-24 07:02

[LDTate]

Please download Rooter.exe... Copyrighted © by... Eric_71. Save it to your desktop.

• Double-click on Rooter.exe icon on your desktop, to execute.
  If you recieve the "Open File" security warning, press Run. The Rooter interface will appear, with a variety of options displayed.
• To run the Scan... press the Scan...button.
• Notepad will open with a file created called "Rooter#.txt" ... located at %systemdrive%\Rooter$\Rooter#.txt. (# is the number assigned to the report)
  The location of the report file is shown in the bottom display window.
• Press the Close button, to close the Rooter window.

Please copy and paste the contents of Rooter#.txt in you next reply.[/code]

[ArmyVet1CD]

This is what popped up:


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 10 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:27 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [CD_Rom]
G:\ [CD_Rom]
H:\ [CD_Rom]
I:\ [CD_Rom]
.
Scan : 20:25.05
Path : C:\Documents and Settings\Owner\Desktop\Rooter.exe
User : Owner ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (584)
______ \??\C:\WINDOWS\system32\csrss.exe (648)
______ \??\C:\WINDOWS\system32\winlogon.exe (672)
______ C:\WINDOWS\system32\services.exe (716)
______ C:\WINDOWS\system32\lsass.exe (728)
______ C:\WINDOWS\system32\svchost.exe (952)
______ C:\WINDOWS\system32\svchost.exe (1012)
______ C:\WINDOWS\System32\svchost.exe (1084)
______ C:\WINDOWS\system32\svchost.exe (1124)
______ C:\WINDOWS\system32\svchost.exe (1248)
______ C:\WINDOWS\system32\svchost.exe (1328)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1380)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1436)
______ C:\WINDOWS\system32\spoolsv.exe (1664)
______ C:\WINDOWS\system32\svchost.exe (340)
______ C:\Program Files\LSI SoftModem\agrsmsvc.exe (432)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (444)
______ C:\Program Files\Cepstral\bin\CepstralLicSrv.exe (460)
______ C:\Program Files\Java\jre6\bin\jqs.exe (552)
______ C:\WINDOWS\system32\nvsvc32.exe (608)
______ C:\WINDOWS\system32\PnkBstrA.exe (732)
______ C:\WINDOWS\system32\PnkBstrB.exe (848)
______ C:\WINDOWS\system32\tcpsvcs.exe (1812)
______ C:\WINDOWS\System32\snmp.exe (1860)
______ C:\WINDOWS\system32\svchost.exe (1896)
______ C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe (1912)
______ C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe (2456)
______ C:\WINDOWS\System32\alg.exe (2916)
______ C:\WINDOWS\System32\svchost.exe (2572)
______ C:\WINDOWS\system32\wuauclt.exe (2836)
______ C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe (3004)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (2356)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3084)
______ C:\Program Files\iTunes\iTunesHelper.exe (3456)
______ C:\WINDOWS\system32\RUNDLL32.EXE (3624)
______ C:\WINDOWS\system32\BridgeDeCor.exe (1148)
______ C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (3840)
______ C:\WINDOWS\system32\ctfmon.exe (3792)
______ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (3760)
______ C:\Program Files\DNA\btdna.exe (3936)
______ C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (1604)
______ C:\WINDOWS\explorer.exe (3768)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (2228)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (1680)
______ C:\WINDOWS\system32\winplcman.exe (3532)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (4088)
______ C:\Documents and Settings\Owner\Desktop\Rooter.exe (3928)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:160031015424)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Scheduled Checkpoint.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:25.36
.
C:\Rooter$\Rooter_1.txt - (08/07/2009 | 20:25.36).c

[LDTate]

That looks pretty good.

"copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

[LDTate]

The following will implement some cleanup procedures as well as reset System Restore points:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  • 
  
  
  Here's my usual all clean post
  
  
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
       
    5. Change the Download signed ActiveX controls to Prompt
       
    6. Change the Download unsigned ActiveX controls to Disable
       
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
       
    8. Change the Installation of desktop items to Prompt
       
    9. Change the Launching programs and files in an IFRAME to Prompt
       
    10. Change the Navigate sub-frames across different domains to Prompt
        
    11. When all these settings have been made, click on the OK button.
        
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
  (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
  Without a firewall your computer is succeptible to being hacked and taken over.
  I am very serious about this and see it happen almost every day with my clients.
  Simply using a Firewall in its default configuration can lower your risk greatly.
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
  This will ensure your computer has always the latest security updates available installed on your computer.
  If there are new updates to install, install them immediately, reboot your computer, and revisit the site
  until there are no more critical updates.
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly.
  Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.


I would suggest you read How to Prevent Malware: