need help removing virtumonde

[inpachi]

Hi Bio-Hazard thank you for taking the time to help me. I downloaded Combo Fix and placed it on my desktop then paused my avast and even spybot, then ran it and it deleted about 4 or 5 files and gave me the log.

Heres the Log.txt

ComboFix 09-04-22.02 - Emily Kochel 04/21/2009 19:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1048 [GMT -6:00]
Running from: c:\documents and settings\Emily Kochel\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090421-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\bqcniy.dll
c:\windows\system32\fnhkmj.dll
c:\windows\system32\namtvmdj.dll
c:\windows\system32\rvpjfwnx.dll
c:\windows\system32\uxkqkofa.dll
c:\windows\system32\vfrujb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.

2009-04-11 07:05 . 2008-04-14 08:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls
2009-04-11 07:03 . 2008-04-14 08:00 22528 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll
2009-04-11 07:02 . 2008-04-14 08:00 66082 -c--a-w c:\windows\system32\dllcache\c_1141.nls
2009-04-11 06:58 . 2009-04-11 06:58 488 ---ha-r c:\windows\system32\logonui.exe.manifest
2009-04-11 06:58 . 2009-04-11 06:58 749 ---ha-r c:\windows\WindowsShell.Manifest
2009-04-11 06:58 . 2009-04-11 06:58 749 ---ha-r c:\windows\system32\wuaucpl.cpl.manifest
2009-04-11 06:58 . 2009-04-11 06:58 749 ---ha-r c:\windows\system32\sapi.cpl.manifest
2009-04-11 06:58 . 2009-04-11 06:58 749 ---ha-r c:\windows\system32\nwc.cpl.manifest
2009-04-11 06:58 . 2009-04-11 06:58 749 ---ha-r c:\windows\system32\ncpa.cpl.manifest
2009-04-11 06:57 . 2008-04-14 08:00 16384 -c--a-w c:\windows\system32\dllcache\isignup.exe
2009-04-11 06:06 . 2008-04-14 08:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-04-11 06:06 . 2008-04-14 08:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-04-11 06:06 . 2008-04-14 08:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-04-11 06:06 . 2008-04-14 08:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-04-10 12:30 . 2009-04-10 12:30 0 ----a-w c:\windows\Xnibuya.bin
2009-04-10 12:30 . 2009-04-11 04:58 -------- d-----w c:\documents and settings\Emily Kochel\Local Settings\Application Data\{A3B40F2C-058B-4BA0-9C8A-1FD2B6EE406E}(2)
2009-04-10 12:30 . 2009-04-11 04:03 408 ----a-w c:\windows\Vnapahemo.dat
2009-04-10 12:19 . 2009-04-10 12:23 -------- d-----w c:\documents and settings\All Users\Application Data\POPWWPROFILES
2009-04-09 21:33 . 2009-04-09 21:33 -------- d-----w c:\documents and settings\Emily Kochel\Local Settings\Application Data\Bump Technologies, Inc
2009-04-09 21:33 . 2009-04-09 21:33 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Bump Technologies, Inc
2009-04-09 19:31 . 2009-04-09 19:31 3964 ----a-w c:\windows\SETUP.LST
2009-04-09 19:31 . 2009-04-09 19:31 303 ----a-w c:\windows\ST6UNST.000
2009-04-03 12:55 . 2009-04-09 19:51 1620 ----a-w C:\cf.rtf
2009-03-31 23:41 . 2009-03-31 23:41 4096 ----a-w c:\windows\d3dx.dat
2009-03-31 03:09 . 2009-03-31 03:09 0 ----a-w c:\windows\system32\euroVTDi.vtd
2009-03-31 03:08 . 2009-03-31 03:08 0 ----a-w c:\windows\system32\euroVTDq.vtd
2009-03-31 03:08 . 2009-03-31 03:08 33824 ----a-w c:\windows\system32\drivers\oreans32.sys
2009-03-29 02:41 . 2009-03-31 23:08 1890 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-29 02:41 . 2009-03-29 02:49 88 --sh--r c:\documents and settings\All Users\Application Data\03DC04C5D5.sys
2009-03-29 02:19 . 2009-03-29 02:34 56 --sha-r c:\windows\system32\D5C504DC03.sys
2009-03-29 02:18 . 2009-03-29 02:34 952 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-29 00:35 . 2009-03-29 00:36 34 ----a-w c:\documents and settings\Emily Kochel\jagex_runescape_preferences.dat
2009-03-29 00:35 . 2009-03-29 00:35 -------- d-----w c:\windows\.jagex_cache_32
2009-03-27 01:30 . 2009-03-31 23:16 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\foobar2000
2009-03-24 22:27 . 2009-03-24 22:27 -------- d-----w C:\CFLog
2009-03-24 22:27 . 2009-03-16 19:37 2849844 ----a-w c:\windows\system32\GameMon.des
2009-03-24 00:08 . 2008-04-14 08:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-03-24 00:02 . 2008-04-14 08:00 358912 -c--a-w c:\windows\system32\dllcache\wmic.exe
2009-03-24 00:02 . 2008-04-14 08:00 92672 -c--a-w c:\windows\system32\dllcache\policman.dll
2009-03-23 23:55 . 2009-03-23 23:55 4444 ----a-w c:\windows\system32\pid.PNF
2009-03-23 23:54 . 2008-04-14 08:00 7334 -c--a-w c:\windows\system32\dllcache\wmerrenu.cat
2009-03-23 23:54 . 2008-04-14 08:00 16535 ----a-r c:\windows\SET7E.tmp
2009-03-23 23:53 . 2008-04-14 08:00 1088840 ----a-r c:\windows\SET72.tmp
2009-03-23 23:53 . 2008-04-14 08:00 1296669 ----a-r c:\windows\SET6F.tmp
2009-03-23 16:39 . 2009-04-10 23:02 -------- d-----w c:\windows\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 01:39 . 2009-03-14 04:39 -------- d-----w c:\program files\Steam
2009-04-22 01:32 . 2009-01-22 01:59 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Skype
2009-04-22 00:29 . 2009-01-15 08:19 -------- d-----w c:\program files\DarKGunZ
2009-04-20 12:54 . 2008-12-10 23:06 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 06:55 . 2008-09-11 02:56 22748 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-11 06:54 . 2009-04-11 06:54 1071 ----a-w c:\windows\Inf\COM813.tmp
2009-04-11 06:54 . 2009-03-24 00:03 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-10 12:19 . 2009-04-10 12:03 -------- d-----w c:\program files\Ubisoft
2009-04-10 07:49 . 2008-09-11 06:29 16456 ----a-w c:\documents and settings\Emily Kochel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 07:40 . 2009-04-10 07:40 -------- d-----w c:\program files\directx
2009-04-10 03:41 . 2009-04-10 03:41 -------- d-----w c:\program files\MagicISO
2009-04-10 00:30 . 2009-03-14 05:41 -------- d-----w c:\program files\SteamKey
2009-04-09 21:44 . 2009-04-09 21:33 -------- d-----w c:\program files\BumpTop
2009-04-05 11:34 . 2009-04-05 11:34 -------- d-----w c:\program files\Cognaxon
2009-04-02 13:18 . 2008-11-13 23:59 -------- d-----w c:\program files\Java
2009-04-02 12:59 . 2009-02-20 01:26 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-03-28 17:27 . 2009-03-17 23:11 -------- d-----w c:\program files\FatalGunz
2009-03-27 01:30 . 2009-03-27 01:30 -------- d-----w c:\program files\foobar2000
2009-03-24 22:19 . 2009-03-24 22:19 -------- d-----w c:\program files\Subagames
2009-03-24 16:53 . 2009-03-24 00:07 86665 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-22 19:41 . 2009-03-22 11:32 5165 ----a-w C:\DV.txt
2009-03-21 06:59 . 2009-03-21 06:59 -------- d-----r c:\program files\Skype
2009-03-21 06:59 . 2009-01-22 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-21 02:52 . 2009-03-21 02:52 -------- d-----w c:\program files\psx emulation cheater
2009-03-20 23:09 . 2009-01-22 02:01 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\skypePM
2009-03-15 13:43 . 2009-03-15 11:59 -------- d-----w c:\program files\AutoIt3
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-14 21:28 . 2009-03-14 21:28 -------- d-----w c:\program files\DIFX
2009-03-14 21:28 . 2009-03-14 21:27 -------- d-----w c:\program files\AGEIA Technologies
2009-03-14 21:27 . 2009-03-14 21:27 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-14 05:45 . 2008-12-10 23:06 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-13 21:19 . 2009-03-13 21:19 3072 --sha-w C:\Thumbs.db
2009-03-13 17:42 . 2009-03-13 17:42 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Canneverbe_Limited
2009-03-13 16:11 . 2009-03-13 16:11 -------- d-----w c:\program files\CDBurnerXP
2009-03-13 12:38 . 2009-03-13 12:38 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-13 12:08 . 2009-03-13 12:08 -------- d-----w c:\program files\THQ
2009-03-12 21:32 . 2008-12-27 07:00 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Hamachi
2009-03-12 15:35 . 2009-03-12 15:35 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-03-12 10:00 . 2008-11-25 12:30 -------- d-----w c:\program files\Common Files\Apple
2009-03-11 04:41 . 2009-03-11 04:41 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Damdai
2009-03-09 12:19 . 2008-11-13 23:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 05:22 . 2009-03-09 05:22 -------- d-----w c:\program files\Xvid
2009-03-09 05:17 . 2008-11-25 12:32 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Apple Computer
2009-03-09 05:11 . 2009-03-09 05:11 -------- d-----w c:\program files\iTunes
2009-03-09 05:11 . 2009-03-09 05:11 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-09 05:11 . 2009-03-09 05:11 -------- d-----w c:\program files\iPod
2009-03-09 05:11 . 2009-03-09 05:09 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-09 05:10 . 2009-03-09 05:09 -------- d-----w c:\program files\QuickTime
2009-03-08 07:15 . 2009-03-08 07:15 -------- d-----w c:\program files\GamersFirst
2009-03-08 01:40 . 2009-03-08 01:40 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Sierra
2009-03-01 00:26 . 2009-03-01 00:25 -------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2009-03-01 00:08 . 2009-01-22 02:58 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\GetRightToGo
2009-02-25 21:42 . 2009-02-25 21:42 -------- d-----w c:\program files\Hamachi
2009-02-25 21:42 . 2008-12-27 06:59 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-25 21:22 . 2009-02-25 21:22 -------- d-----w c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-02-25 02:42 . 2009-01-15 03:52 116736 ----a-w c:\windows\system32\drivers\mcdbus.sys
2009-02-23 04:08 . 2009-02-22 18:13 -------- d-----w c:\program files\AskBarDis
2009-02-23 03:59 . 2009-02-23 03:58 2977 ----a-w c:\windows\mozver.dat
2009-02-22 18:13 . 2009-02-22 18:13 -------- d-----w c:\program files\Foxit Software
2009-02-22 18:13 . 2009-02-22 18:13 -------- d-----w c:\documents and settings\Emily Kochel\Application Data\Foxit
2009-02-16 08:30 . 2009-01-29 04:22 65536 ----a-w c:\windows\system32\GDPersns.dat
2009-02-05 18:54 . 2009-02-21 17:00 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-01-25 06:39 . 2009-01-25 06:39 99840 ----a-w c:\windows\system32\udacem.dll
2009-01-25 06:39 . 2009-01-25 06:39 99840 ----a-w c:\windows\system32\mxaegxep.dll
2009-01-24 18:35 . 2009-01-24 18:35 99840 ----a-w c:\windows\system32\sewekv.dll
2009-01-24 18:35 . 2009-01-24 18:35 99840 ----a-w c:\windows\system32\wfvepsjk.dll
2009-01-24 11:36 . 2009-01-12 17:41 13572 ----a-w C:\INSTALL_Emily Kochel_01000005.ERR
2009-01-24 11:20 . 2009-01-12 17:44 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-01-24 11:20 . 2009-01-12 17:44 17212 ----atw c:\windows\system32\SIntf32.dll
2009-01-24 11:20 . 2009-01-12 17:44 12067 ----atw c:\windows\system32\SIntf16.dll
2009-01-24 06:35 . 2009-01-24 06:35 99840 ----a-w c:\windows\system32\gdhnmq.dll
2009-01-24 06:35 . 2009-01-24 06:35 99840 ----a-w c:\windows\system32\dluhblab.dll
2009-01-23 18:40 . 2009-01-23 18:40 99840 ----a-w c:\windows\system32\etvfqy.dll
2009-01-23 18:40 . 2009-01-23 18:40 99840 ----a-w c:\windows\system32\fryidajb.dll
2009-01-16 05:25 . 2009-01-15 13:23 22328 ----a-w c:\documents and settings\Emily Kochel\Application Data\PnkBstrK.sys
2008-05-01 02:28 . 2009-01-15 02:21 1654869 ----a-w c:\documents and settings\All Users\Application Data\DynuEncrypt.dll
.

------- Sigcheck -------

[-] 2008-07-12 19:20 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 20:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\steam\steam.exe" [2009-03-14 1410296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Emily Kochel\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-1-14 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=TeknoGods.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli wmilpx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Emily Kochel\\Local Settings\\Apps\\2.0\\TAW2T7QW.7C0\\7YTPP6C2.61H\\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\\2DF FreePlay Client.exe"=
"c:\\Documents and Settings\\Emily Kochel\\Application Data\\Damdai\\2DF\\FreePlay\\freeplay_emu.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\FatalGunz\\Gunz.exe"=
"c:\\Program Files\\Steam\\steamapps\\inpachi3\\team fortress 2\\hl2.exe"=
"c:\\Documents and Settings\\Emily Kochel\\Desktop\\Games\\Nexuiz\\nexuiz.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DarKGunZ\\Gunz.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15998:TCP"= 15998:TCP:BitComet 15998 TCP
"15998:UDP"= 15998:UDP:BitComet 15998 UDP
"56650:TCP"= 56650:TCP:Pando Media Booster
"56650:UDP"= 56650:UDP:Pando Media Booster
"58124:TCP"= 58124:TCP:Pando Media Booster
"58124:UDP"= 58124:UDP:Pando Media Booster

R0 FGXSCSI;FGXSCSI; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844]
R3 tap0801;Smarthide TAP driver;c:\windows\system32\DRIVERS\tap0801.sys [2007-10-12 55808]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2008-12-18 1051136]

.
Contents of the 'Scheduled Tasks' folder

2009-01-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1D2C1D11-18DE-4F06-881E-82C7626B19C2} - (no file)
BHO-{20E64BC3-8BF6-4030-969F-151C376940B6} - (no file)
BHO-{4ABDF817-E756-4273-9A06-B0FAA770E814} - (no file)
BHO-{5ADE2347-E59A-482B-BF10-1B735660B09B} - (no file)
BHO-{7DC6A2FB-CC69-4FB4-B746-A13C8E905920} - (no file)
BHO-{A3A8B2E0-2A37-4B8A-9580-B87A6D04D300} - (no file)
BHO-{B04C5B4A-CC0B-4C7B-A8D7-EDEE64AA2D03} - (no file)
BHO-{C79AC260-1186-46EF-AE40-4E44F888C370} - (no file)
BHO-{D1766267-B389-484A-A130-C090BC8DA845} - (no file)
BHO-{d1cf9cb4-c82b-4290-afab-a4cdf508ef76} - c:\windows\system32\fnhkmj.dll
Toolbar-SITEguard - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKLM-Run-3825aca3 - c:\windows\system32\aygyfalt.dll
ShellExecuteHooks-{cd1594bc-efd5-4409-9b77-deb476f39e67} - c:\windows\system32\fnhkmj.dll
Notify-efcCvwut - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Download All with FlashGet - c:\documents and settings\Emily Kochel\Desktop\jc_all.htm
IE: &Download with FlashGet - c:\documents and settings\Emily Kochel\Desktop\jc_link.htm
FF - ProfilePath - c:\documents and settings\Emily Kochel\Application Data\Mozilla\Firefox\Profiles\botsp4nm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Emily Kochel\Application Data\Mozilla\Firefox\Profiles\botsp4nm.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 19:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-1417001333-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E321E378-A71A-2390-7D19-B36FA072FED3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpmkabplbflabhdjdamhhokgacckcmnpk"=hex:61,61,00,00
"bbpmkabplbflabhdjdlmimihoieihjfoooje"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\0343f293e571205a9627b68d8065afd5\update\update.exe
.
**************************************************************************
.
Completion time: 2009-04-22 19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-22 01:41

Pre-Run: 47,083,737,088 bytes free
Post-Run: 47,001,600,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /usepmtimer

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
333 --- E O F --- 2009-03-24 22:31

And heres the HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:00 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\e76b316b6389286fbb342d033e63f1ba\update\update.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Documents and Settings\Emily Kochel\Desktop\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Documents and Settings\Emily Kochel\Desktop\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Emily Kochel\Desktop\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Documents and Settings\Emily Kochel\Desktop\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: TeknoGods.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7145 bytes