PWS.LDpinchIE keeps popping up on Spybot after "fix" and Syst Restore still disabled

[Syke186]

Well the title says it all. I was bombarded yesterday, and had a myriad of trojans, worms, malware, and spyware/adware on my pc. I was able to get into safe mode after having to use ***** first to clean up initial infection. now in safe mode I was able to run spybot again and clean some more up. but there still remains two entries that keep popping up regardless of the "fix"

they are:

Microsoft.Windows.disableSystemRestore: [SBI $6296EC95] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR

PWS.LDPinchIE: [SBI $32D83D62] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-299502267-1532298954-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\idstrf

Here is the DDS log:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Syke at 12:02:32.89 on Wed 07/07/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2744 [GMT -7:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Syke\Application Data\U3\026582189C80138C\LaunchPad.exe
L:\Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: c:\windows\system32\dbbqmqcwlw.dll: {c3ba40a2-75f1-52bd-f413-04b15a2c8953} - c:\windows\system32\dbbqmqcwlw.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Octoshape Streaming Services] "c:\documents and settings\syke\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [sdr8gdrgdrgke49orkgsjkjfjhsd] c:\docume~1\syke\locals~1\temp\services.exe
uRunOnce: [SpybotDeletingB4635] command.com /c del "c:\documents and settings\syke\local settings\temp\services.exe_old"
uRunOnce: [SpybotDeletingD7560] cmd.exe /c del "c:\documents and settings\syke\local settings\temp\services.exe_old"
uRunOnce: [SpybotDeletingB8378] command.com /c del "c:\documents and settings\syke\local settings\temp\cmd.exe_old"
uRunOnce: [SpybotDeletingD8360] cmd.exe /c del "c:\documents and settings\syke\local settings\temp\cmd.exe_old"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [SpybotSnD] "c:\docume~1\syke\locals~1\temp\spybotsd\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA5432] command.com /c del "c:\documents and settings\syke\local settings\temp\services.exe_old"
mRunOnce: [SpybotDeletingC8482] cmd.exe /c del "c:\documents and settings\syke\local settings\temp\services.exe_old"
mRunOnce: [SpybotDeletingA3682] command.com /c del "c:\documents and settings\syke\local settings\temp\cmd.exe_old"
mRunOnce: [SpybotDeletingC8330] cmd.exe /c del "c:\documents and settings\syke\local settings\temp\cmd.exe_old"
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {56CEEF00-71D0-4C65-A7D7-C2C7A5E006EC} = 208.67.220.220,208.67.222.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\dbbqmqcwlw.dll: {c3ba40a2-75f1-52bd-f413-04b15a2c8953} - c:\windows\system32\dbbqmqcwlw.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\syke\applic~1\mozilla\firefox\profiles\79f43t5c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ | http://www.google.com/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\syke\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\syke\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\syke\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2010-7-6 20480]
S0 htaoyypw;htaoyypw; [x]
S2 EraserSvc10910;Symantec Eraser Service;"c:\program files\norton 360\engine\3.5.0.15\ccsvchst.exe" /h cccommon --> c:\program files\norton 360\engine\3.5.0.15\ccSvcHst.exe [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-6 179856]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2010-7-6 46976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-6 15504]

=============== Created Last 30 ================

2010-07-07 17:50:10 210 ----a-w- c:\windows\wininit.ini
2010-07-07 17:11:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-07 05:21:15 452 --sha-r- c:\documents and settings\syke\ntuser.pol
2010-07-07 00:46:24 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-07 00:46:22 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-07 00:46:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 23:27:27 2723 ----a-w- c:\windows\evoyirogo.dll
2010-07-06 22:34:30 2723 ----a-w- c:\windows\agezafit.dll
2010-07-06 22:32:29 46976 ----a-w- c:\windows\system32\drivers\srenum.sys
2010-07-06 22:32:29 4128 ----a-w- c:\windows\system32\msrun.exe
2010-07-06 22:32:20 823808 ----a-w- c:\windows\system32\drivers\scbkl.sys
2010-07-06 22:32:12 173568 ----a-w- c:\windows\Ytyqoa.exe
2010-07-06 22:32:02 50688 ----a-w- c:\windows\system32\ernel32.dll
2010-07-06 22:32:01 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2010-07-06 22:31:59 50688 ----a-w- c:\docume~1\syke\applic~1\0c729403.exe
2010-07-06 22:31:56 30000 ----a-w- c:\windows\system32\dbbqmqcwlw.dll
2010-07-05 20:19:22 0 d-----w- c:\program files\Vizzed
2010-07-04 01:12:29 0 d-----w- c:\program files\NCH Swift Sound

==================== Find3M ====================

2010-06-07 07:59:39 57016 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-18 23:24:09 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-18 23:24:00 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-18 20:07:29 34284 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-18 07:04:28 33443 ----a-w- c:\windows\fire-un.exe
2010-05-18 07:00:28 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2010-05-18 07:00:28 233472 ----a-w- c:\windows\system32\wrap_oal.dll
2010-05-14 22:21:18 139152 ----a-w- c:\docume~1\syke\applic~1\PnkBstrK.sys
2010-05-14 22:20:53 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-05-14 22:20:52 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-04-08 20:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 12:03:14.57 ===============



Any Help would be appreciated. Thank you