Here is combofix's log. By the way, i forgot to turn off the windows firewall on this combofix. So, i do not know if it has affected the results that are to be expected.
ComboFix 09-04-19.05 - Christian 04/19/2009 9:24.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.663 [GMT -7:00]
Running from: c:\documents and settings\Christian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Christian\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\ovfsthdjbiqmhlvvhopwxwrkwwpdsmhvknqlrv.sys
.
((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-17 13:42 . 2009-04-17 13:42 118 ----a-w c:\windows\system32\MRT.INI
2009-04-17 04:23 . 2009-04-17 04:23 -------- d-----w C:\_OTMoveIt
2009-04-16 23:34 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-16 23:25 . 2009-04-16 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-16 23:23 . 2009-04-19 16:32 186097 ----a-w c:\windows\system32\nvapps.xml
2009-04-16 23:23 . 2008-05-16 21:01 446464 ----a-w c:\windows\system32\nvudisp.exe
2009-04-16 23:23 . 2008-05-16 21:01 18070 ----a-w c:\windows\system32\nvdisp.nvu
2009-04-16 23:23 . 2008-05-16 18:48 446464 ----a-w c:\windows\system32\NVUNINST.EXE
2009-04-16 23:23 . 2009-04-16 23:23 -------- d-----w C:\NVIDIA
2009-04-16 23:15 . 2009-04-16 23:20 -------- d-----w c:\documents and settings\Christian\Application Data\SystemRequirementsLab
2009-04-16 23:00 . 2009-04-16 23:00 -------- d-----w C:\rsit
2009-04-15 21:36 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 21:36 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 21:36 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 21:36 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 21:36 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 21:36 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 21:36 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 21:35 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 21:35 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 21:35 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-12 05:40 . 2009-04-12 05:40 -------- d-----w c:\documents and settings\Christian\Application Data\Moyea
2009-04-09 23:15 . 2009-04-14 03:34 138376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 23:15 . 2009-04-14 03:34 202448 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-09 23:15 . 2009-04-09 23:15 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-09 23:15 . 2009-04-09 23:15 -------- d-----w c:\windows\system32\LogFiles
2009-04-09 23:10 . 2009-04-09 23:11 -------- d-----w c:\documents and settings\Christian\Application Data\Xfire
2009-04-09 22:54 . 2009-04-09 22:54 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 06:49 . 2003-09-16 17:45 77312 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 01:47 . 2008-09-25 00:29 -------- d-----w c:\program files\Warcraft III
2009-04-17 04:17 . 2008-09-26 05:19 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-17 04:11 . 2009-01-18 05:51 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-17 04:10 . 2009-01-18 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-16 23:52 . 2009-04-16 23:52 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-16 23:52 . 2009-04-16 23:52 -------- d-----w c:\program files\DVDVideoSoft
2009-04-16 23:18 . 2009-04-16 23:15 -------- d-----w c:\program files\SystemRequirementsLab
2009-04-16 00:42 . 2009-01-10 04:35 3631 ----a-w C:\rapport.txt
2009-04-14 03:42 . 2008-09-25 00:50 -------- d-----w c:\program files\Call of Duty Game of the Year Edition
2009-04-13 01:47 . 2008-09-25 01:25 -------- d-----w c:\program files\Steam
2009-04-12 06:11 . 2009-01-10 05:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-12 06:09 . 2008-09-24 23:13 -------- d-----w c:\program files\BITTORNADO STUFF
2009-04-09 23:10 . 2009-04-09 23:10 -------- d-s---w c:\program files\Xfire
2009-04-09 22:54 . 2009-04-09 22:54 -------- d-----w c:\program files\iTunes
2009-04-09 22:54 . 2009-04-09 22:54 -------- d-----w c:\program files\iPod
2009-04-09 22:54 . 2008-09-24 03:25 -------- d-----w c:\program files\Common Files\Apple
2009-04-06 22:32 . 2009-01-10 05:16 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2009-01-10 05:16 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-31 01:43 . 2008-10-12 21:10 563 ----a-w C:\hpfr5550.xml
2009-03-31 01:43 . 2008-10-12 21:10 19181 ----a-w C:\hph7350.log
2009-03-21 08:41 . 2009-03-17 02:02 -------- d-----w c:\program files\Guild Wars
2009-03-20 05:29 . 2009-03-20 05:29 -------- d-----w c:\program files\Music Rescue
2009-03-20 03:18 . 2008-09-25 00:33 77856 ----a-w c:\windows\War3Unin.dat
2009-03-19 23:32 . 2008-09-24 03:27 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-12 04:41 . 2009-03-12 04:41 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 04:40 . 2009-03-12 04:40 -------- d-----w c:\program files\Bonjour
2009-03-12 04:39 . 2003-09-16 21:01 -------- d-----w c:\program files\QuickTime
2009-03-06 14:22 . 2003-09-16 17:29 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-01 23:00 . 2009-03-01 23:00 -------- d-----w c:\documents and settings\Linda\Application Data\Template
2009-02-20 08:10 . 2006-06-23 18:33 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-04 07:56 81920 ------w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2003-09-16 17:29 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-07-26 04:31 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2003-09-16 17:29 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-09-16 17:29 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2003-09-16 17:29 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2003-09-16 17:29 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2002-08-29 01:04 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2003-09-16 17:29 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2002-08-29 01:04 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2003-09-16 17:29 56832 ----a-w c:\windows\system32\secur32.dll
2003-09-16 20:04 . 2008-10-24 17:53 136 ----a-w c:\documents and settings\Linda\Local Settings\Application Data\fusioncache.dat
2003-09-16 20:04 . 2008-09-27 01:41 136 ----a-w c:\documents and settings\That girl\Local Settings\Application Data\fusioncache.dat
2003-09-16 20:04 . 2008-09-22 01:24 136 ----a-w c:\documents and settings\Christian\Local Settings\Application Data\fusioncache.dat
2003-09-16 20:04 . 2003-09-16 20:04 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2003-09-16 17:45 . 2008-10-24 17:53 12328 ----a-w c:\documents and settings\Linda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-09-16 17:45 . 2008-09-27 01:41 12328 ----a-w c:\documents and settings\That girl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2003-09-16 17:45 . 2008-09-22 01:24 12328 ----a-w c:\documents and settings\Christian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-04-19_06.18.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 16:28 . 2009-04-19 16:28 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AIM"="c:\program files\AIM\aim.exe" [2005-08-03 67160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 1409024]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-06 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\cthelper.exe [2003-07-03 28672]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-23 88363]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMidi"="MIDIDEF.EXE" - c:\windows\mididef.exe [2003-07-03 49152]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton Internet Security.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton Internet Security.lnk
backup=c:\windows\pss\Norton Internet Security.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Steam\\steamapps\\bubblleboi\\team fortress classic\\hl.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 mrtRate;mrtRate; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S0 SonyLSM;LED State Service;c:\windows\System32\Drivers\SonyLSM.sys [2003-07-24 4736]
.
Contents of the 'Scheduled Tasks' folder
2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-04-19 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]
2009-04-19 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]
2009-04-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-09-22 16:04]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: xfire_lsp_10650.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Christian\Application Data\Mozilla\Firefox\Profiles\qpo1c292.default\
FF - prefs.js: browser.startup.homepage - hxxp://wheycheap.com/
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-19 09:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\xfire_lsp_10650.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\windows\eHome\ehrec.exe
c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe
c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-19 9:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-19 16:35
ComboFix2.txt 2009-04-19 06:19
ComboFix3.txt 2009-01-16 23:54
Pre-Run: 37,055,533,056 bytes free
Post-Run: 37,038,161,920 bytes free
216 --- E O F --- 2009-04-17 13:42
Edited by bubblleboi, 19 April 2009 - 12:48 PM.