I have downloaded the ComboFix and Disable the TeaTimer on Spybot and ran ComboFix and then HiJack This! Here are my logs. And thank you for your help.

ComboFix 09-03-15.01 - User 2009-03-16 1:40:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.237 [GMT -4:00]
Running from: f:\william\Setup Programs\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 )))))))))))))))))))))))))))))))
.

2009-03-16 01:11 . 2009-03-16 01:11 <DIR> d-------- c:\program files\CCleaner
2009-03-16 00:19 . 2009-03-16 00:19 71,885,146 --a------ C:\SYM_REGISTRY_BACKUP.reg
2009-03-12 22:48 . 2008-05-09 06:53 512,000 --------- c:\windows\system32\dllcache\jscript.dll
2009-03-12 22:48 . 2008-05-09 06:53 430,080 --------- c:\windows\system32\dllcache\vbscript.dll
2009-03-12 22:48 . 2008-05-09 06:53 180,224 --------- c:\windows\system32\dllcache\scrobj.dll
2009-03-12 22:48 . 2008-05-09 06:53 172,032 --------- c:\windows\system32\dllcache\scrrun.dll
2009-03-12 22:48 . 2008-05-08 07:24 155,648 --------- c:\windows\system32\dllcache\wscript.exe
2009-03-12 22:48 . 2008-05-09 04:45 135,168 --------- c:\windows\system32\dllcache\cscript.exe
2009-03-12 22:48 . 2008-05-09 06:53 90,112 --------- c:\windows\system32\dllcache\wshext.dll
2009-03-12 08:23 . 2009-03-12 08:23 <DIR> d-------- c:\windows\system32\xircom
2009-03-12 08:23 . 2009-03-12 08:23 <DIR> d-------- c:\program files\microsoft frontpage
2009-03-12 07:58 . 2009-03-12 07:58 <DIR> d-------- c:\windows\system32\scripting
2009-03-12 07:58 . 2009-03-12 07:58 <DIR> d-------- c:\windows\system32\bits
2009-03-12 07:55 . 2009-03-12 07:59 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-11 22:09 . 2009-03-15 23:15 <DIR> d-------- c:\documents and settings\User\Application Data\U3
2009-03-11 17:39 . 2009-03-11 17:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-11 17:09 . 2009-03-11 17:09 <DIR> d-------- c:\documents and settings\User\Application Data\Media Player Classic
2009-03-11 01:09 . 2008-12-05 02:54 144,896 --------- c:\windows\system32\dllcache\schannel.dll
2009-03-11 01:08 . 2008-06-17 15:02 8,461,312 --------- c:\windows\system32\dllcache\shell32.dll
2009-03-10 20:42 . 2009-03-10 20:42 <DIR> d-------- c:\program files\The Learning Company
2009-03-10 20:42 . 2002-05-07 22:09 274,432 --a------ c:\windows\TLCUninstall.exe
2009-03-10 16:05 . 2009-03-10 16:05 <DIR> d-------- c:\windows\lhsp
2009-03-10 16:03 . 2009-03-10 16:03 <DIR> d-------- c:\windows\system32\QuickTime
2009-03-10 16:03 . 2009-03-10 16:05 <DIR> d-------- c:\windows\Bbstore
2009-03-10 16:03 . 2000-12-05 14:54 2,141,696 --a------ c:\windows\system32\QuickTimeMusicalInstruments.qtx
2009-03-10 16:03 . 2000-10-25 19:00 172,032 --a------ c:\windows\system32\TTSServer.dll
2009-03-10 16:01 . 2009-03-10 16:01 <DIR> d-------- c:\program files\Broderbund
2009-03-10 16:01 . 2009-03-10 16:01 <DIR> d-------- c:\documents and settings\User\WINDOWS
2009-03-10 16:01 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-10 16:01 . 2009-03-10 16:01 0 --a------ c:\windows\Setup32.INI
2009-03-09 22:51 . 2008-04-13 20:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2009-03-09 22:50 . 2008-04-13 20:10 102,912 --------- c:\windows\system32\dllcache\dpcdll.dll
2009-03-09 22:50 . 2008-04-13 20:11 86,016 --------- c:\windows\system32\mdmxsdk.dll
2009-03-09 22:50 . 2008-04-13 20:11 61,440 --------- c:\windows\system32\kmsvc.dll
2009-03-09 22:50 . 2008-04-13 20:11 37,376 --------- c:\windows\system32\l2gpstore.dll
2009-03-09 22:50 . 2008-04-13 20:09 24,064 --------- c:\windows\system32\dllcache\pidgen.dll
2009-03-09 22:50 . 2004-08-03 22:41 11,868 --------- c:\windows\system32\drivers\mdmxsdk.sys
2009-03-09 22:18 . 2009-03-09 22:18 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-09 22:09 . 2009-03-09 22:09 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-09 18:59 . 2008-05-07 01:12 1,288,192 --------- c:\windows\system32\dllcache\quartz.dll
2009-03-09 18:59 . 2008-10-23 08:36 286,720 --------- c:\windows\system32\dllcache\gdi32.dll
2009-03-09 18:59 . 2008-07-07 16:26 253,952 --------- c:\windows\system32\dllcache\es.dll
2009-03-09 18:59 . 2008-06-24 12:43 74,240 --------- c:\windows\system32\dllcache\mscms.dll
2009-03-09 18:57 . 2008-10-24 07:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-09 18:57 . 2008-05-08 10:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-03-09 18:54 . 2008-10-03 06:02 247,326 --------- c:\windows\system32\dllcache\strmdll.dll
2009-03-09 18:52 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-09 18:52 . 2008-06-13 07:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-03-09 18:35 . 2009-02-09 07:13 1,846,784 --------- c:\windows\system32\dllcache\win32k.sys
2009-03-09 18:34 . 2008-08-14 06:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-09 18:34 . 2008-08-14 06:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-09 18:34 . 2008-08-14 05:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-09 18:34 . 2008-08-14 05:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-09 18:16 . 2008-12-11 06:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-03-09 18:15 . 2008-05-01 10:33 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2009-03-09 18:14 . 2008-04-11 15:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-03-09 18:04 . 2008-09-04 13:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2009-03-09 18:04 . 2008-10-15 12:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-03-09 17:09 . 2009-03-15 19:00 <DIR> d-------- c:\documents and settings\User\Tracing
2009-03-09 17:07 . 2009-03-09 17:07 <DIR> d-------- c:\program files\Microsoft
2009-03-09 17:06 . 2009-03-09 17:06 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-09 17:06 . 2009-03-09 17:07 <DIR> d-------- c:\program files\Windows Live
2009-03-09 16:56 . 2009-03-09 16:56 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-09 00:49 . 2009-03-09 00:49 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-09 00:49 . 2009-03-09 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Macrovision
2009-03-09 00:44 . 2009-03-09 00:44 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-03-09 00:41 . 2009-03-09 00:41 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-03-08 10:25 . 2009-03-08 10:26 <DIR> d-------- c:\program files\MagicDVDRipper
2009-03-08 10:25 . 2009-03-08 10:25 <DIR> d-------- c:\program files\Common Files\MagicDVDRipper
2009-03-07 12:39 . 2001-08-17 14:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-03-07 02:33 . 2009-03-07 02:33 <DIR> d-------- c:\program files\WMV9_VCM
2009-03-07 02:33 . 2009-03-07 02:33 <DIR> d-------- c:\program files\River Past
2009-03-07 02:33 . 2009-03-07 02:33 <DIR> d-------- c:\program files\Common Files\River Past
2009-03-07 02:33 . 2009-03-07 02:33 <DIR> d-------- c:\documents and settings\User\Application Data\River Past G5
2009-03-07 02:33 . 2009-03-07 03:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\River Past G5
2009-03-07 02:33 . 2009-03-07 02:33 166,092 --a------ c:\windows\Video Cleaner Pro Uninstaller.exe
2009-03-07 02:11 . 2009-03-07 02:11 <DIR> d-------- c:\program files\ASIO4ALL v2
2009-03-07 02:10 . 2009-03-12 13:15 <DIR> d-------- c:\program files\VstPlugins
2009-03-07 02:10 . 2002-07-07 18:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-03-07 02:10 . 2006-06-20 04:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-03-07 02:08 . 2009-03-07 02:08 <DIR> d-------- c:\program files\Outsim
2009-03-06 14:59 . 2009-03-06 14:59 <DIR> d-------- c:\program files\Trend Micro
2009-03-06 14:55 . 2009-03-06 23:12 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-06 14:55 . 2009-03-16 01:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-06 14:53 . 2009-03-06 14:53 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-05 15:20 . 2009-03-05 15:20 <DIR> d-------- c:\documents and settings\User\Application Data\Windows Search
2009-03-05 14:52 . 2009-03-05 15:20 <DIR> d-------- C:\OutputFolder
2009-03-05 14:50 . 2009-03-05 15:16 <DIR> d-------- c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2009-03-05 14:11 . 2009-03-05 14:36 <DIR> d-------- c:\documents and settings\User\Application Data\Apple Computer
2009-03-05 14:11 . 2008-04-17 14:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-05 14:11 . 2008-04-17 14:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-05 14:10 . 2009-03-05 14:11 <DIR> d-------- c:\program files\iTunes
2009-03-05 14:10 . 2009-03-05 14:10 <DIR> d-------- c:\program files\iPod
2009-03-05 14:10 . 2009-03-05 14:10 <DIR> d-------- c:\program files\Bonjour
2009-03-05 14:10 . 2009-03-05 14:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-05 14:09 . 2009-03-05 14:11 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-05 14:09 . 2009-03-05 14:10 <DIR> d-------- c:\program files\QuickTime
2009-03-05 14:09 . 2009-03-05 14:09 <DIR> d-------- c:\program files\Apple Software Update
2009-03-05 14:09 . 2009-03-05 14:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-05 14:09 . 2008-09-05 23:16 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-05 14:09 . 2008-09-05 23:16 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-03-05 14:08 . 2009-03-05 14:09 <DIR> d-------- c:\program files\Common Files\Apple
2009-03-05 14:08 . 2009-03-05 14:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-05 13:34 . 2009-03-05 13:34 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-05 13:31 . 2009-03-09 00:47 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-05 13:26 . 2009-03-06 08:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-05 10:06 . 2008-04-13 14:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-05 03:04 . 2009-03-05 03:04 <DIR> d-------- C:\.jagex_cache_32
2009-03-05 02:54 . 2009-03-05 02:54 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-05 02:47 . 2009-03-05 02:47 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-05 02:47 . 2009-03-11 00:50 34 --a------ c:\documents and settings\User\jagex_runescape_preferences.dat
2009-03-05 02:35 . 2009-03-05 02:35 <DIR> d-------- c:\program files\Xvid
2009-03-05 02:35 . 2009-03-05 02:35 <DIR> d-------- c:\program files\XP Codec Pack
2009-03-05 02:35 . 2008-12-04 22:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2009-03-05 02:35 . 2008-07-09 05:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2009-03-05 02:35 . 2008-12-04 22:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2009-03-05 02:35 . 2008-12-13 21:01 77,824 --a------ c:\windows\system32\xvid.ax
2009-03-05 02:19 . 2009-03-05 02:19 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-03-05 02:19 . 2009-03-05 02:19 <DIR> d-------- c:\program files\Windows Desktop Search
2009-03-05 02:19 . 2009-03-05 02:19 <DIR> d-------- c:\documents and settings\User\Application Data\Windows Desktop Search
2009-03-05 02:19 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-03-05 02:18 . 2009-03-13 03:09 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-05 02:18 . 2008-03-07 13:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2009-03-05 02:18 . 2008-03-07 13:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2009-03-05 02:18 . 2008-03-07 13:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 04:52 --------- d-----w c:\documents and settings\User\Application Data\uTorrent
2009-03-11 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-05 06:54 --------- d-----w c:\program files\Java
2009-03-04 18:02 --------- d-----w c:\program files\Opera
2009-03-04 17:57 --------- d-----w c:\program files\Common Files\Nero
2009-03-04 17:57 --------- d-----w c:\documents and settings\User\Application Data\Nero
2009-03-04 17:56 --------- d-----w c:\program files\Nero
2009-03-04 17:56 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-03-04 17:48 --------- d-----w c:\program files\Security
2009-03-04 17:48 --------- d-----w c:\program files\Common Files\Java
2009-03-04 17:48 --------- d-----w c:\documents and settings\User\Application Data\URSoft
2009-03-04 17:48 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP
2009-03-04 17:47 --------- d-----w c:\program files\Alky for Applications
2009-03-04 17:43 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-04 17:43 --------- d-----w c:\program files\uTorrent
2009-03-04 17:39 --------- d-----w c:\program files\Microsoft Games
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 22:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-16 16:24 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-20 23:56 827,904 ----a-w c:\windows\system32\wininet.dll
2008-12-20 23:56 827,904 ------w c:\windows\system32\dllcache\wininet.dll
2008-12-19 09:41 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:41 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:24 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="c:\program files\Security\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-09 289576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tv_enua"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-12-20 c:\windows\system32\advpack.dll]

c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck msln\0autocheck autochk *\0lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleanerPro.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-12-15 26112]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\7524q8jk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 01:41:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-16 1:43:01
ComboFix-quarantined-files.txt 2009-03-16 05:42:37

Pre-Run: 64,866,705,408 bytes free
Post-Run: 64,856,219,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

251 --- E O F --- 2009-03-13 07:09:43


--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:50 AM, on 3/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Security\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Security\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, RemoveCabinet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Shortcut to RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Security\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 7065 bytes



Thank you,
Dreghozt.



Do NOT run 'FIXES' before helpers have analyzed the HJT log (http://forums.spybot.info/showthread.php?t=16806 )

Hi

As noted, you shouldn't run ComboFix without supervision.


IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\Program Files\uTorrent
c:\documents and settings\User\Application Data\uTorrent

Empty Recycle Bin.

After that:


Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer


Start hjt, do a system scan, check (if found):
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Close browsers and fix checked.


Uninstall old Adobe Reader versions and get the latest one here (http://www.filehippo.com/download_adobe_reader/) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader!


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\program files\uTorrent
c:\documents and settings\User\Application Data\uTorrent

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif). If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.