help with win32.delf.rtk

[Quoco]

Hello S&D

I have been finding that win32.delf.rtk is appearing every time i run a scan with S&D. S&D saids that it has fixed it but after another scan it appears again. Now I've had a look on the fourms and there are fixes but i don't know if the would relate to my setup.

here is the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 8:24:27 PM, on 21/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Quoc\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\RunOnce: [SpybotDeletingA6540] command /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9825] cmd /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1148] command /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1312] cmd /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7018] command /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9918] cmd /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9222] command /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC39] cmd /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5548] command /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4267] cmd /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA754] command /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8159] cmd /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2301] command /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8711] cmd /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5481] command /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6020] cmd /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9894] command /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD416] cmd /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4701] command /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7191] cmd /c del "C:\WINDOWS\system32\comsa32.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingB887] command /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7466] cmd /c del "C:\WINDOWS\system32\afisicx.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4893] command /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5996] cmd /c del "C:\WINDOWS\system32\tpszxyd.sys"
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{019C31C0-8B4F-49EE-90C3-B357D0DCF282}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{019C31C0-8B4F-49EE-90C3-B357D0DCF282}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{019C31C0-8B4F-49EE-90C3-B357D0DCF282}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: wvUoPfgE - C:\WINDOWS\SYSTEM32\wvUoPfgE.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SteamWatch - Douglas Marttinen - C:\Program Files\SteamWatch\SteamWatch.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

[Shaba]

Hi Quoco

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix

[Quoco]

Thank you for giving me a hand

here is the combofix report


ComboFix 09-03-19.02 - Quoc 2009-03-22 21:22:10.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2440 [GMT 9.5:30]
Running from: c:\documents and settings\Quoc\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\system32\dxonool32.sys
c:\windows\system32\sopidkc.exe
c:\windows\system32\wvUoPfgE.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_SOPIDKC
-------\Service_sopidkc


((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-22 18:55 . 2009-03-22 18:55 <DIR> d-------- c:\documents and settings\Quoc\Application Data\GameInvest
2009-03-22 18:54 . 2009-03-22 18:54 <DIR> d-------- c:\program files\GameInvest
2009-03-18 18:34 . 2009-03-21 01:55 512 --a------ c:\windows\wininit.ini
2009-03-14 17:48 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-03-14 17:48 . 2009-03-14 17:48 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-14 17:48 . 2009-03-14 17:48 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-14 17:16 . 2009-03-14 17:16 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-03-14 17:16 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-14 17:16 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-14 17:16 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-14 17:16 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-14 17:16 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-14 17:16 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-14 17:12 . 2009-03-14 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-14 17:04 . 2008-04-14 04:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-03-14 17:04 . 2008-04-14 04:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-03-14 17:04 . 2009-03-14 17:04 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-14 17:04 . 2009-03-14 17:04 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-14 17:02 . 2009-03-14 17:50 <DIR> d-------- c:\documents and settings\Quoc\Application Data\PC Suite
2009-03-14 17:02 . 2009-03-14 18:25 <DIR> d-------- c:\documents and settings\Quoc\Application Data\Nseries
2009-03-14 17:02 . 2009-03-14 17:43 <DIR> d-------- c:\documents and settings\Quoc\Application Data\Nokia
2009-03-14 17:02 . 2009-03-14 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-03-14 16:58 . 2009-03-14 16:58 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-14 16:58 . 2009-03-14 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2009-03-14 16:57 . 2009-03-14 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-03-14 16:47 . 2009-03-14 16:47 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-03-14 16:36 . 2009-03-14 17:21 <DIR> d-------- c:\windows\Globalization
2009-03-14 16:35 . 2009-03-14 16:46 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-14 16:35 . 2009-03-14 16:59 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-14 16:28 . 2009-03-14 16:28 <DIR> d-------- c:\program files\DIFX
2009-03-14 16:28 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-03-14 16:27 . 2009-03-14 17:42 <DIR> d-------- c:\program files\Nokia
2009-03-14 16:27 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll
2009-03-11 22:54 . 2008-04-14 09:42 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-08 17:24 . 2009-03-08 17:24 <DIR> d-------- c:\documents and settings\Quoc\Application Data\The Creative Assembly
2009-03-08 16:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-08 16:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-08 16:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-08 16:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-08 16:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-08 16:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-08 16:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-07 12:36 . 2009-02-24 08:50 7,249,756,160 --a------ C:\vty-0230.iso
2009-02-28 19:00 . 2009-02-28 19:00 <DIR> d-------- C:\VundoFix Backups
2009-02-28 15:23 . 2009-02-28 15:23 <DIR> d-------- c:\program files\SquareEnix
2009-02-23 00:04 . 2009-02-23 00:04 <DIR> d-------- c:\program files\SteamWatch
2009-02-22 15:09 . 2009-03-21 17:10 <DIR> d-------- c:\program files\Steam
2009-02-22 15:08 . 2009-02-22 15:09 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 11:53 --------- d-----w c:\documents and settings\Quoc\Application Data\uTorrent
2009-03-21 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-19 07:56 --------- d-----w c:\program files\McAfee
2009-03-11 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-10 13:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 13:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-07 03:17 --------- d-----w c:\program files\Ubisoft
2009-02-28 22:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-02-21 12:38 --------- d-----w c:\program files\ATI Technologies
2009-02-21 12:21 --------- d-----w c:\program files\Mass Effect
2009-02-21 12:21 --------- d-----w c:\program files\Common Files\BioWare
2009-02-20 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\CCP
2009-02-20 08:12 --------- d-----w c:\program files\CCP
2009-02-17 10:31 --------- d-----w c:\program files\Microsoft Works
2009-02-17 10:29 --------- d-----w c:\program files\Microsoft.NET
2009-02-17 10:26 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-14 05:08 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-12 12:42 --------- d-----w c:\documents and settings\Quoc\Application Data\Hamachi
2009-02-05 08:00 --------- d-----w c:\program files\Google
2009-01-24 08:54 --------- d-----w c:\documents and settings\Quoc\Application Data\Red Alert 3
2009-01-16 10:42 22,328 ----a-w c:\documents and settings\Quoc\Application Data\PnkBstrK.sys
2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2008-10-01 1339904]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-15 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-28 946176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Quoc\\Desktop\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568]
R2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe [2004-08-04 177152]
R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-08-04 176128]
R2 tdctxte;tdctxte Service;c:\windows\system32\tdctxte.exe [2004-08-04 187906]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 89600]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-10-10 36864]
S3 SteamWatch;SteamWatch;c:\program files\SteamWatch\SteamWatch.exe [2009-02-23 13824]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AFISICX
*NewlyCreated* - SOPIDKC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a4a46bb-9706-11dd-9d0d-806d6172696f}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
.
- - - - ORPHANS REMOVED - - - -

Notify-wvUoPfgE - wvUoPfgE.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
TCP: {019C31C0-8B4F-49EE-90C3-B357D0DCF282} = 192.168.1.254
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 21:28:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\dxonool32.sys 36864 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-725345543-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:50,3a,f7,2d,6c,26,6c,54,02,b7,0c,09,69,b3,02,0b,94,83,fa,c3,da,
ca,4e,ef,70,4c,71,48,56,b9,e6,23,f0,de,1e,59,69,4f,8f,cb,c1,22,c2,3f,83,e6,\
"rkeysecu"=hex:7c,44,86,63,8f,af,94,84,8b,e1,cf,a8,e2,d2,57,3e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\TEMP\tmp0_19558268418.bk.old
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\system32\dxonool32.sys
.
**************************************************************************
.
Completion time: 2009-03-22 21:32:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-22 12:02:24

Pre-Run: 22,492,467,200 bytes free
Post-Run: 24,217,677,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

263 --- E O F --- 2009-03-20 09:41:05

And this is the Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 9:35:44 PM, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\tpszxyd.sys
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Quoc\My Documents\HijackThis.exe
C:\WINDOWS\system32\dxonool32.sys

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Nokia Ovi Suite.lnk = C:\Program Files\Nokia\Ovi\Suite\RunLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{019C31C0-8B4F-49EE-90C3-B357D0DCF282}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{019C31C0-8B4F-49EE-90C3-B357D0DCF282}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{019C31C0-8B4F-49EE-90C3-B357D0DCF282}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SteamWatch - Douglas Marttinen - C:\Program Files\SteamWatch\SteamWatch.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[Quoco]

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.62
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
AviSynth 2.5
BA Installer
Brothers in Arms: Hell's Highway
BUFFALO HD-CELU2 Connection Tool
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Catalyst Control Center - Branding
Command & Conquer™ Red Alert™ 3
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
Empire: Total War
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPU-6 Engine
EVE-ONLINE (remove only)
Fallout 3
FrostWire 4.17.2
Google Toolbar for Internet Explorer
Google Updater
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hysteria Hospital Emergency Ward
Internode Monthly Usage Meter 7.1s
Java(TM) 6 Update 11
K-Lite Codec Pack 4.1.7 (Full)
marvell 61xx
Mass Effect
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia Download!
Nokia Flashing Cable Driver
Nokia Map Loader
Nokia Music
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3011
Nokia Photos
Nokia Software Updater
NVIDIA PhysX v8.04.25
PC Connectivity Solution
PunkBuster Services
QuickPar 0.9
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sins of a Solar Empire
Sins of a Solar Empire
Sound Blaster Audigy
Spybot - Search & Destroy
Steam
SteamWatch
The Last Remnant Trial Version
The Last Remnant Trial Version
Tom Clancy's EndWar
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Warhammer 40,000: Dawn of War II
Warhammer Online - Age of Reckoning
WinAce Archiver
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
FrostWire 4.17.2

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

[Quoco]

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.62
Acrobat.com
Acrobat.com
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Atheros Communications Inc.(R) AR8121/AR8113 Gigabit/Fast Ethernet Driver
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Problem Report Wizard
AviSynth 2.5
BA Installer
Brothers in Arms: Hell's Highway
BUFFALO HD-CELU2 Connection Tool
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM)
Catalyst Control Center - Branding
Command & Conquer™ Red Alert™ 3
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Creative Software AutoUpdate
Critical Update for Windows Media Player 11 (KB959772)
Empire: Total War
EPSON Copy Utility 3
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPU-6 Engine
EVE-ONLINE (remove only)
Fallout 3
Google Toolbar for Internet Explorer
Google Updater
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hysteria Hospital Emergency Ward
Internode Monthly Usage Meter 7.1s
Java(TM) 6 Update 11
K-Lite Codec Pack 4.1.7 (Full)
marvell 61xx
Mass Effect
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Nokia Download!
Nokia Flashing Cable Driver
Nokia Map Loader
Nokia Music
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3011
Nokia Photos
Nokia Software Updater
NVIDIA PhysX v8.04.25
PC Connectivity Solution
PunkBuster Services
QuickPar 0.9
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sins of a Solar Empire
Sins of a Solar Empire
Sound Blaster Audigy
Spybot - Search & Destroy
Steam
SteamWatch
The Last Remnant Trial Version
The Last Remnant Trial Version
Tom Clancy's EndWar
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Warhammer 40,000: Dawn of War II
Warhammer Online - Age of Reckoning
WinAce Archiver
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip

[Shaba]

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
C:\WINDOWS\system32\tpszxyd.sys
C:\WINDOWS\system32\afisicx.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\tdctxte.exe

Rootkit::
c:\windows\system32\dxonool32.sys

Folder::
c:\Program Files\uTorrent
c:\documents and settings\Quoc\Application Data\uTorrent

Driver::
afisicx
sopidkc
tdctxte

Registry::
HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[Quoco]

ComboFix 09-03-19.02 - Quoc 2009-03-22 23:27:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2617 [GMT 9.5:30]
Running from: c:\documents and settings\Quoc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Quoc\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\afisicx.exe
c:\windows\system32\sopidkc.exe
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Quoc\Application Data\uTorrent
c:\documents and settings\Quoc\Application Data\uTorrent\[BSS]_Golgo_13_-_01_[XviD][4D83D451].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[BSS]_Golgo_13_-_02_[XviD][D933B70E].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[BSS]_Golgo_13_-_03_[XviD][2E9E4441].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[BSS]_Golgo_13_-_04_[h264][CDCB8591].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Conclave-Mendoi]_Mobile_Suit_Gundam_00_S2_-_05_[1280x720_H.264_AAC][54091965].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Conclave-Mendoi]_Mobile_Suit_Gundam_00_S2_-_06_[1280x720_H.264_AAC][9B3601B9].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Bleach_189_[B1B74F62].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_080_[B0AA876A].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_081_[F791A47F].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_082_[2DED360F].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_083_[4CA898F3].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_084_[007E6FEF].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_085_[5962F2C8].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_086-087_[B46272E9].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_088_[1248AFEF].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_089_[46484705].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_090_[6863ACF1].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[DB]_Naruto_Shippuuden_091_[DD96793B].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[gSS]_Gundam_00_S2_-_18_[F94484F7].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[gSS]_Gundam_00_S2_-_19_[ACEF1051].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HentaiPanic]Secret_Sex_Stories [HS].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 100 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 92 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 93 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 94 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 95 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 96 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 97 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 98 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[HorribleSubs] Naruto Shippuuden 99 - 480p.mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[KH] Megapack.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[KH]_The_Invisible_Stud_1-2.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_02_[1280x720_H.264_AAC][2DF5242F].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_03_[1280x720_H.264_AAC][9005937B].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_04_[704x400_XviD_MP3][17C793F1].avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_07_[1280x720_H.264_AAC][3DCA8668].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_08_[1280x720_H.264_AAC][6A813123].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_09_[1280x720_H.264_AAC][54CA32F4].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_10_[1280x720_H.264_AAC][DBE16BFA].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_11_[1280x720_H.264_AAC][E5A40B01].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_12_[1280x720_H.264_AAC][453BDB1B].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_13_[1280x720_H.264_AAC][785696E7].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_14_[1280x720_H.264_AAC][8FB0E9BE].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_15_[1280x720_H.264_AAC][E4B5ED8D].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_16_[1280x720_H.264_AAC][B223BCDD].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_17_[1280x720_H.264_AAC][0AAA53B3].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_20_[1280x720_H.264_AAC][952D5D42].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_21_[1280x720_H.264_AAC][92E3619C].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_22_[1280x720_H.264_AAC][062A4B4D].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\[Shinsen-Subs]_Kidou_Senshi_Gundam_00_Season_2_-_23_[1280x720_H.264_AAC][945F021F].mkv.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Babylon.A.D.[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Bangkok.Dangerous[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Beowulf[2007][Director's.Cut]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Big Tits In Sports - One Strong Little Girl - Audrey Betoni.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Call.Of.Duty.World.At.War-RELOADED.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Chaos.Theory[2007]DvDrip.AC3-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Day.Watch[2006][Unrated.Edition]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Death.Race[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\dht.dat
c:\documents and settings\Quoc\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Quoc\Application Data\uTorrent\Disney.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Dragonball Z.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Fly.Me.To.The.Moon[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Green.Street.Hooligans[2005]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Hell.Ride[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Hellboy.2-The.Golden.Army[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E06.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E11.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E12.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E13.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Heroes.S03E17.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\House.S05E04.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\House.S05E05.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\House.S05E06.Joy.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Ken Park [2002] [DVDRIP] [ENG].torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Kung.Fu.Panda-Secrets.Of.The.Furious.Five[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Leatherheads[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Max.Payne[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Men.in.Black-Pack.DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Nero 7.10.1.0.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Outlander[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Peaceful.Warrior[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Ping.Pong.Playa[2007]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Remember The Titans (OST).torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Resident.Evil-Degeneration[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\resume.dat
c:\documents and settings\Quoc\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Quoc\Application Data\uTorrent\rss.dat
c:\documents and settings\Quoc\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Quoc\Application Data\uTorrent\settings.dat
c:\documents and settings\Quoc\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Quoc\Application Data\uTorrent\Sex.Drive[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Speed.Racer[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Star.Wars-The.Clone.Wars[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Tengen_Toppa_Gurren_Lagann_1-27-HD.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\The Great Debaters[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\The Invisible Stud Vol. 1-2 UNCENSORED.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\The.Chronicles.Of.Narnia-Prince.Caspian[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\The.Fall[2006]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\the.pickup.artist.101.dsr.xvid-sys.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\the.pickup.artist.103.repack.dsr.xvid-sys.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\the.pickup.artist.105.dsr.xvid-sys.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\the.pickup.artist.106.dsr.xvid-sys.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\the.pickup.artist.s01e02.dsr.xvid-omicron.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\the.pickup.artist.s01e04.dsr.xvid-omicron.avi.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Thick.As.Thieves[2009]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Quoc\Application Data\uTorrent\Wall-E[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\XIII-The.Conspiracy[2008]DvDrip-aXXo.torrent
c:\documents and settings\Quoc\Application Data\uTorrent\Y.P.F.[Young.People.Fucking][2007]DvDrip.AC3-aXXo.torrent
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\windows\Install.txt
c:\windows\system32\afisicx.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\dxonool32.sys
c:\windows\system32\sopidkc.exe
c:\windows\system32\tdctxte.exe
c:\windows\system32\tpszxyd.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_SOPIDKC
-------\Legacy_TDCTXTE
-------\Service_afisicx
-------\Service_tdctxte


((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

2009-03-22 18:55 . 2009-03-22 18:55 <DIR> d-------- c:\documents and settings\Quoc\Application Data\GameInvest
2009-03-22 18:54 . 2009-03-22 18:54 <DIR> d-------- c:\program files\GameInvest
2009-03-18 18:34 . 2009-03-21 01:55 512 --a------ c:\windows\wininit.ini
2009-03-14 17:48 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll
2009-03-14 17:48 . 2009-03-14 17:48 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-14 17:48 . 2009-03-14 17:48 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-14 17:16 . 2009-03-14 17:16 <DIR> d-------- c:\program files\PC Connectivity Solution
2009-03-14 17:16 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-14 17:16 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-14 17:16 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-14 17:16 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-14 17:16 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-14 17:16 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-14 17:12 . 2009-03-14 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nokia
2009-03-14 17:04 . 2008-04-14 04:15 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2009-03-14 17:04 . 2008-04-14 04:15 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-03-14 17:04 . 2009-03-14 17:04 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-14 17:04 . 2009-03-14 17:04 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-03-14 17:02 . 2009-03-14 17:50 <DIR> d-------- c:\documents and settings\Quoc\Application Data\PC Suite
2009-03-14 17:02 . 2009-03-14 18:25 <DIR> d-------- c:\documents and settings\Quoc\Application Data\Nseries
2009-03-14 17:02 . 2009-03-14 17:43 <DIR> d-------- c:\documents and settings\Quoc\Application Data\Nokia
2009-03-14 17:02 . 2009-03-14 17:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Suite
2009-03-14 16:58 . 2009-03-14 16:58 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-14 16:58 . 2009-03-14 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Installations
2009-03-14 16:57 . 2009-03-14 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-03-14 16:47 . 2009-03-14 16:47 <DIR> d-------- c:\program files\Common Files\muvee Technologies
2009-03-14 16:36 . 2009-03-14 17:21 <DIR> d-------- c:\windows\Globalization
2009-03-14 16:35 . 2009-03-14 16:46 <DIR> d-------- c:\windows\Downloaded Installations
2009-03-14 16:35 . 2009-03-14 16:59 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-14 16:28 . 2009-03-14 16:28 <DIR> d-------- c:\program files\DIFX
2009-03-14 16:28 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2009-03-14 16:27 . 2009-03-14 17:42 <DIR> d-------- c:\program files\Nokia
2009-03-14 16:27 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll
2009-03-11 22:54 . 2008-04-14 09:42 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-08 17:24 . 2009-03-08 17:24 <DIR> d-------- c:\documents and settings\Quoc\Application Data\The Creative Assembly
2009-03-08 16:41 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-03-08 16:41 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-03-08 16:41 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-03-08 16:41 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-03-08 16:41 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-03-08 16:41 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-03-08 16:41 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-03-07 12:36 . 2009-02-24 08:50 7,249,756,160 --a------ C:\vty-0230.iso
2009-02-28 19:00 . 2009-02-28 19:00 <DIR> d-------- C:\VundoFix Backups
2009-02-28 15:23 . 2009-02-28 15:23 <DIR> d-------- c:\program files\SquareEnix
2009-02-23 00:04 . 2009-02-23 00:04 <DIR> d-------- c:\program files\SteamWatch
2009-02-22 15:09 . 2009-03-21 17:10 <DIR> d-------- c:\program files\Steam
2009-02-22 15:08 . 2009-02-22 15:09 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-19 07:56 --------- d-----w c:\program files\McAfee
2009-03-16 16:12 514,560 ----a-w c:\windows\system32\logonui.exe
2009-03-16 11:04 433,664 ----a-w c:\windows\system32\wiaacmgr.exe
2009-03-16 11:01 45,576 ----a-w c:\windows\system32\verclsid.exe
2009-03-11 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-10 13:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-10 13:00 --------- d-----w c:\program files\Common Files\Adobe
2009-03-07 03:17 --------- d-----w c:\program files\Ubisoft
2009-02-28 22:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-21 12:53 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-02-21 12:38 --------- d-----w c:\program files\ATI Technologies
2009-02-21 12:21 --------- d-----w c:\program files\Mass Effect
2009-02-21 12:21 --------- d-----w c:\program files\Common Files\BioWare
2009-02-20 08:20 --------- d-----w c:\documents and settings\All Users\Application Data\CCP
2009-02-20 08:12 --------- d-----w c:\program files\CCP
2009-02-17 10:31 --------- d-----w c:\program files\Microsoft Works
2009-02-17 10:29 --------- d-----w c:\program files\Microsoft.NET
2009-02-17 10:26 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-14 05:08 138,464 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-14 05:08 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-12 12:42 --------- d-----w c:\documents and settings\Quoc\Application Data\Hamachi
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-05 08:00 --------- d-----w c:\program files\Google
2009-01-24 08:54 --------- d-----w c:\documents and settings\Quoc\Application Data\Red Alert 3
2009-01-16 10:42 682,280 ----a-w c:\windows\system32\pbsvc.exe
2009-01-16 10:42 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-16 10:42 22,328 ----a-w c:\documents and settings\Quoc\Application Data\PnkBstrK.sys
2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-22_21.31.34.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-22 08:57:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-22 13:23:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-22 08:57:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-22 13:23:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-22 08:57:05 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-22 13:23:38 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-22 14:02:01 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2008-10-01 1339904]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-15 5724184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]
"P17Helper"="P17.dll" [2005-05-03 c:\windows\system32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nokia Ovi Suite.lnk - c:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-11-28 946176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\Quoc\\Desktop\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\empire total war\\Empire.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-06-10 150568]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 89600]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-10-10 36864]
S3 SteamWatch;SteamWatch;c:\program files\SteamWatch\SteamWatch.exe [2009-02-23 13824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a4a46bb-9706-11dd-9d0d-806d6172696f}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
TCP: {019C31C0-8B4F-49EE-90C3-B357D0DCF282} = 192.168.1.254
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 23:33:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-725345543-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:50,3a,f7,2d,6c,26,6c,54,02,b7,0c,09,69,b3,02,0b,94,83,fa,c3,da,
ca,4e,ef,70,4c,71,48,56,b9,e6,23,f0,de,1e,59,69,4f,8f,cb,c1,22,c2,3f,83,e6,\
"rkeysecu"=hex:7c,44,86,63,8f,af,94,84,8b,e1,cf,a8,e2,d2,57,3e
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-03-22 23:39:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-22 14:09:32
ComboFix2.txt 2009-03-22 12:02:33

Pre-Run: 24,741,715,968 bytes free
Post-Run: 24,871,460,864 bytes free

391 --- E O F --- 2009-03-20 09:41:05

[Shaba]

Please post also a fresh HijackThis log