usually im successful cleaning my pc and others myself, but this time to no avail. please help, here are my log files.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 08, 2008 4:46:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/03/2008
Kaspersky Anti-Virus database records: 614319
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 120567
Number of viruses found: 31
Number of infected objects: 84
Number of suspicious objects: 2
Duration of the scan process: 01:32:29

Infected Object Name / Virus Name / Last Action
C:\60fb2fb9fe81d43d9e\update\update.exe Object is locked skipped
C:\60fb2fb9fe81d43d9e\update\wpdinstallutil.dll Object is locked skipped
C:\83e1b02c3bcba4730f8a8d78\update\update.exe Object is locked skipped
C:\ae4e378fc3a446f32942afcf619dc9\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\d1cdb9e4e92b95ebc391\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\History\History.IE5\MSHist012008030820080309\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_c33791d4-dd2a-419d-8bbb-a64f24c5c0b2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12302007-135519.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\OnlineServices\usagestats.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.8/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\dammit.YOUR-4F1261A8E5\Application Data\Nero\Nero8\OnlineServices\registrationinfo.xml Object is locked skipped
C:\Documents and Settings\dammit.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\dammit.YOUR-4F1261A8E5\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\JoMomz\Application Data\Nero\Nero8\OnlineServices\registrationinfo.xml Object is locked skipped
C:\Documents and Settings\JoMomz\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\JoMomz\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\JoMomz\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\JoMomz\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\JoMomz\Local Settings\Temp\winvsnet.exe Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Documents and Settings\JoMomz\Local Settings\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Documents and Settings\JoMomz\Local Settings\Temp\yazzsnet.exe NSIS: infected - 1 skipped
C:\Documents and Settings\JoMomz\Local Settings\Temporary Internet Files\Content.IE5\1FPX53WY\26453da423d82a5fc6fae941d05f1151[1].zip/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\JoMomz\Local Settings\Temporary Internet Files\Content.IE5\1FPX53WY\26453da423d82a5fc6fae941d05f1151[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\JavaCore\JavaCore.exe Infected: not-a-virus:AdWare.Win32.Insider.b skipped
C:\Program Files\Microsoft Plus! Dancer LE\femowo89104.dll Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\Program Files\Outerinfo\FF\components\FF.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\styles\171313.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\styles\171313.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\styles\171313.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\styles\171313.exe WiseSFX: infected - 3 skipped
C:\styles\171313.exe WiseSFXDropper: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP101\A0039511.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP102\A0041575.DLL Infected: not-a-virus:AdWare.Win32.IWon skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP103\A0041674.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP105\A0041721.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP106\A0041740.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP106\A0041759.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP106\A0041760.exe Infected: Trojan-Downloader.Win32.Agent.krh skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP106\A0041762.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP107\A0041774.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP107\A0041789.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP107\A0041793.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP108\A0041795.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP108\A0041796.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP108\A0041797.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP108\A0041797.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP108\A0041801.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP108\change.log Object is locked skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0016394.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP32\A0016395.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP97\A0038219.exe Infected: Trojan-Downloader.Win32.Agent.jya skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038222.exe Infected: Trojan-Dropper.Win32.Agent.epz skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038242.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038263.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038265.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038266.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038270.exe Infected: Trojan-Downloader.Win32.Agent.jya skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038271.exe Infected: Trojan-Downloader.Win32.Agent.jya skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038272.exe Infected: Trojan-Dropper.Win32.Agent.eso skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038273.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038273.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP98\A0038274.exe Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll Infected: not-a-virus:AdWare.Win32.HotBar.av skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\mrofinu572.exe Infected: Trojan-Downloader.Win32.Agent.krh skipped
C:\WINDOWS\mrofinu572.exe.tmp Infected: Trojan-Downloader.Win32.Agent.krh skipped
C:\WINDOWS\system32\aemgwlmv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\ajonbxwc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\awvtq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\byxxvwt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\c4\np89104.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\WINDOWS\system32\c4\np89104.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\msfss.sys Infected: Rootkit.Win32.Agent.to skipped
C:\WINDOWS\system32\gykjdksb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\iDlo01\iDlo011065.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\WINDOWS\system32\igdfbuph.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\jccgtent.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\kjhdbfp.dll Infected: not-a-virus:AdWare.Win32.Agent.acn skipped
C:\WINDOWS\system32\kounbefe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\kownw64j.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\WINDOWS\system32\n5\rvdll36.exe Infected: Trojan-Downloader.Win32.Small.irm skipped
C:\WINDOWS\system32\ncjmkxvs.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\opnmmnn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\pcntplwb.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.aj skipped
C:\WINDOWS\system32\prqrhjsh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\pycinnxb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\qfkhysjj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\r2\renabcom4.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\WINDOWS\system32\rwwnw64d.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.am skipped
C:\WINDOWS\system32\stqwstbv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xxywvvt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\system32\yaywuvv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 5:30:33 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [BM5d330fe8] Rundll32.exe "C:\WINDOWS\system32\mumqdneo.dll",s
O4 - HKLM\..\Run: [5e003c74] rundll32.exe "C:\WINDOWS\system32\nlacdroq.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA4296] command /c del "C:\WINDOWS\b116.exe_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3101] cmd /c del "C:\WINDOWS\b116.exe_tobedeleted_old"
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8140] command /c del "C:\WINDOWS\b116.exe_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4510] cmd /c del "C:\WINDOWS\b116.exe_tobedeleted_old"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe



thanks for the help

Hello roadrage616,

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

----------------------------------------------- Step 2

Please download ComboFix by sUBs from HERE (http://download.bleepingcomputer.com/sUBs/ComboFix.exe).
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

thanks, im having troubles with hjt. when i click save list it closes hjt and i didnt see where it saved the list too. ill post my logs once i get it figured out.

i was only able to save the list from hjt after running combo fix, but here it is. thanks again.

Adobe Acrobat - Reader 6.0.2 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Anti-Spyware (Aluria)
Anti-Virus (Command Software)
Apple Mobile Device Support
Apple Software Update
Authentium AntiVirus SDK - 2
Auto Updater
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Cox (CVUS)
Cox High Speed Internet Security Suite
Crystal Maze from Hewlett-Packard Desktops (remove only)
DVD Region+CSS Free 5.9.8.5
DVD Shrink 3.2
ESP
Firewall (Core)
Firewall (User)
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
KBD
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 3.5 magicMoments - HPD
Nero 8
neroxml
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
Popup Blocker
Print Workshop 2006
PS2
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegCure 1.5.0.0
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
Sonic Express Labeler
Sonic RecordNow!
StyleXP (remove only)
Super Granny from Hewlett-Packard Desktops (remove only)
Third Party Prerequisites
Tradewinds from Hewlett-Packard Desktops (remove only)
Ultimate Mahjongg 20
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Updates from HP
VCRedistSetup
Ventrilo Client
Virtual Earth 3D (Beta)
Web Filtering (Base 2)
Web Filtering (Base)
Web Filtering (Kids Page)
Web Filtering (RuleSpace Anti-Phishing)
Web Filtering (Rulespace)
Windows Communication Foundation
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
World of Warcraft
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

****combofix log****

(((( Other Deletions )))).

C:\Documents and Settings\JoMomz\My Documents\CROSOF~1
C:\Documents and Settings\JoMomz\My Documents\RACLE~1
C:\Documents and Settings\JoMomz\My Documents\RACLE~1\?racle\
C:\Documents and Settings\JoMomz\Start Menu\Programs\Outerinfo
C:\Program Files\crosof~1
C:\Program Files\fnts~1
C:\Program Files\Microsoft Plus! Dancer LE\femowo89104.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BM5d330fe8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aemgwlmv.dll
C:\WINDOWS\system32\ajonbxwc.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\byxxvwt.dll
C:\WINDOWS\system32\c2
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\c4\np89104.exe
C:\WINDOWS\system32\chdgydlm.dll
C:\WINDOWS\system32\dneqctgw.dll
C:\WINDOWS\system32\drivers\msfss.sys
C:\WINDOWS\system32\fredrmer.ini
C:\WINDOWS\system32\goksxief.ini
C:\WINDOWS\system32\gykjdksb.dll
C:\WINDOWS\system32\hcblpfry.ini
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\igdfbuph.dll
C:\WINDOWS\system32\iiqroato.dll
C:\WINDOWS\system32\jccgtent.dll
C:\WINDOWS\system32\jinniief.ini
C:\WINDOWS\system32\kjhdbfp.dll
C:\WINDOWS\system32\kounbefe.dll
C:\WINDOWS\system32\mldygdhc.ini
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\mumqdneo.dll
C:\WINDOWS\system32\n5
C:\WINDOWS\system32\n5\rvdll36.exe
C:\WINDOWS\system32\ncjmkxvs.dll
C:\WINDOWS\system32\nlacdroq.dll
C:\WINDOWS\system32\opnmmnn.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prqrhjsh.dll
C:\WINDOWS\system32\pycinnxb.dll
C:\WINDOWS\system32\qfkhysjj.dll
C:\WINDOWS\system32\qordcaln.ini
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\r2\renabcom4.exe
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\s7\gbsu011.exe
C:\WINDOWS\system32\stqwstbv.dll
C:\WINDOWS\system32\taqtdbak.dll
C:\WINDOWS\system32\thwfyeve.dll
C:\WINDOWS\system32\udbnokwx.dll
C:\WINDOWS\system32\ujdumotp.dll
C:\WINDOWS\system32\vbtswqts.ini
C:\WINDOWS\system32\whkrseen.dll
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\x3
C:\WINDOWS\system32\xxywvvt.dll
C:\WINDOWS\system32\yaywuvv.dll
C:\WINDOWS\system32\yrfplbch.dll
C:\WINDOWS\system32\zxdnt3d.cfg
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_MSFSS
-------\msfss


((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-12 20:44 . 2008-03-12 20:44 200,774 --a------ C:\WINDOWS\system32\pcntplwd.exe
2008-03-08 22:48 . 2008-03-12 21:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-08 22:48 . 2008-03-08 22:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-08 22:46 . 2008-03-08 22:46 <DIR> d-------- C:\Program Files\iPod
2008-03-08 22:43 . 2008-03-08 22:43 <DIR> d-------- C:\Program Files\Java
2008-03-08 20:36 . 2008-03-08 20:36 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-4F1261A8E5\Application Data\Nero
2008-03-08 19:34 . 2008-03-08 19:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-08 18:41 . 2008-03-08 18:41 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-03-06 20:10 . 2008-03-08 18:30 <DIR> d-------- C:\malscan
2008-03-06 19:27 . 2008-03-06 20:09 1,307,894 ---hs---- C:\WINDOWS\system32\dqkfmxus.ini
2008-03-05 18:17 . 2008-03-06 19:15 1,308,034 ---hs---- C:\WINDOWS\system32\nybkyfrj.ini
2008-03-01 18:00 . 2008-03-12 21:00 <DIR> d-------- C:\HJT
2008-03-01 17:23 . 2008-03-01 17:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-01 17:23 . 2008-03-01 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-01 17:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-01 17:18 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-01 17:18 . 2008-02-28 12:37 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-01 17:18 . 2008-03-01 00:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-01 17:18 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-01 17:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-01 17:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-01 15:55 . 2008-03-01 15:55 <DIR> d-------- C:\Documents and Settings\JoMomz\.housecall6.6
2008-03-01 14:14 . 2008-03-01 14:21 1,386 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-01 12:50 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-01 00:32 . 2008-03-01 00:32 <DIR> d-------- C:\Documents and Settings\JoMomz\Application Data\MSNInstaller
2008-02-29 19:05 . 2008-03-01 14:00 <DIR> d-------- C:\backups
2008-02-28 20:43 . 2008-03-08 18:29 94 --a------ C:\WINDOWS\wininit.ini
2008-02-28 20:11 . 2008-02-28 20:11 49,174 --a------ C:\WINDOWS\system32\kownw64j.exe
2008-02-28 19:42 . 2008-02-28 19:42 200,774 --a------ C:\WINDOWS\system32\pcntplwb.exe
2008-02-28 19:42 . 2008-02-28 19:42 49,167 --a------ C:\WINDOWS\system32\rwwnw64d.exe
2008-02-22 23:57 . 2008-02-23 00:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-16 02:20 . 2008-02-16 02:20 <DIR> d-------- C:\Program Files\RCA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 01:09 --------- d-----w C:\Program Files\Microsoft Plus! Dancer LE
2008-03-09 02:47 --------- d-----w C:\Program Files\iTunes
2008-03-09 02:44 --------- d-----w C:\Program Files\QuickTime
2008-03-08 22:35 --------- d-----w C:\Program Files\Common Files\Authentium Shared
2008-02-29 23:59 --------- d-----w C:\Program Files\Windows Defender
2008-02-29 00:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 06:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 00:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-09 17:23 --------- d-----w C:\Documents and Settings\JoMomz\Application Data\AdobeUM
2008-02-09 04:36 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2008-01-27 19:51 --------- d-----w C:\Program Files\World of Warcraft
2008-01-26 16:34 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-01-20 16:48 --------- d-----w C:\Program Files\Print Workshop 2006
2007-12-14 00:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2006-08-16 18:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"{03-3C-CD-DB-DW}"="c:\windows\system32\rwwnw64d.exe" [2008-02-28 19:42 49167]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"ExploreUpdSched"="C:\WINDOWS\system32\pcntplwd.exe" [2008-03-12 20:44 200774]

C:\Documents and Settings\JoMomz\Start Menu\Programs\Startup\
Shortcut to xxx.lnk - C:\Documents and Settings\JoMomz\Desktop\xxx.bat [2008-03-01 13:51:09 696]

C:\Documents and Settings\dammit.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Deewoo.lnk - C:\WINDOWS\system32\pcntplwd.exe [2008-03-12 20:44:01 200774]
DW_Start.lnk - C:\WINDOWS\system32\rwwnw64d.exe [2008-02-28 19:42:35 49167]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 16:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywvvt]
xxywvvt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-11-02 11:59 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 17:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-09 02:29:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-13 01:15:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-13 01:14:57 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-31 20:38:17 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-13 01:15:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-03-09 05:55:44 C:\WINDOWS\Tasks\zipcryptftp.job"
- C:\qvault\zipcryptftp.bat
- C:\qvault.rcecil
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 21:15:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\winpfz37.sys 922 bytes
C:\WINDOWS\system32\zxdnt3d.cfg 21 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2008-03-12 21:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 01:17:34
.
2008-03-06 23:24:29 --- E O F ---

Hello roadrage616,

1. Please open Notepad
Click Start , then Run
Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\pcntplwd.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\dqkfmxus.ini
C:\WINDOWS\system32\nybkyfrj.ini
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\kownw64j.exe
C:\WINDOWS\system32\pcntplwb.exe
C:\WINDOWS\system32\rwwnw64d.exe
C:\Documents and Settings\JoMomz\Desktop\xxx.bat
C:\WINDOWS\system32\winpfz37.sys
C:\WINDOWS\system32\zxdnt3d.cfg

DirLook::
C:\malscan

Registy::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{03-3C-CD-DB-DW}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywvvt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
Combofix.txt
A new HijackThis log.
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.