Here is my combo-fix log:
ComboFix 09-07-14.08 - Billy 07/18/2009 19:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.326 [GMT -7:00]
Running from: c:\documents and settings\Billy\Desktop\Combo-Fix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\UACxorlgjqxiegwvvbbm.sys
c:\windows\system32\UAChuowxjsnucgbamgnt.dat
c:\windows\system32\UACidhxpqfpqkaaqfmex.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjekrysmcimqsfktwx.log
c:\windows\system32\UACjvxuugjdtweesclvi.dll
c:\windows\system32\UACkbyttopnlpwqwxjqs.log
c:\windows\system32\UACqdtfqlulqijuacqhe.log
c:\windows\system32\UACtcvghldpwfkrkihch.dll
c:\windows\system32\UACunsvnpwakpmhbqltg.dll
c:\windows\system32\UACxjnkenxxfaakerqum.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-18 21:21 . 2009-07-18 21:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-18 21:21 . 2009-07-18 21:21 -------- d-----w- c:\documents and settings\Billy\Application Data\SUPERAntiSpyware.com
2009-07-18 21:20 . 2009-07-18 21:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-18 20:30 . 2009-07-18 20:30 -------- d-----w- c:\documents and settings\Billy\Application Data\Malwarebytes
2009-07-17 00:55 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-17 00:55 . 2009-07-17 00:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-17 00:55 . 2009-07-18 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 00:55 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-29 05:09 . 2009-06-29 05:09 -------- d-----w- c:\documents and settings\Billy\Application Data\Uniblue
2009-06-27 03:58 . 2009-06-27 03:58 -------- d-----w- c:\program files\CCleaner
2009-06-27 03:51 . 2009-06-27 03:51 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\torrents.to
2009-06-24 07:41 . 2009-06-29 05:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SecTaskMan
2009-06-24 07:41 . 2009-06-29 05:05 -------- d-----w- c:\program files\Security Task Manager
2009-06-22 21:56 . 2009-06-22 21:56 -------- d-----w- C:\spoolerlogs
2009-06-21 08:42 . 2009-03-31 18:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-06-21 08:42 . 2009-03-31 18:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-06-21 08:42 . 2009-03-31 18:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-06-21 08:42 . 2009-03-31 18:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-06-21 08:40 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-21 08:39 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-21 08:39 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-21 08:39 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 21:45 . 2008-04-24 22:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
2009-06-27 04:27 . 2008-08-10 05:17 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-06-27 04:26 . 2008-08-10 05:17 -------- d-----w- c:\program files\Spyware Doctor
2009-06-27 03:53 . 2008-06-02 02:04 -------- d-----w- c:\program files\Conduit
2009-06-27 03:53 . 2008-06-02 02:04 -------- d-----w- c:\program files\torrents.to
2009-06-21 08:40 . 2008-08-10 23:18 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-17 19:06 . 2007-10-01 18:25 20216 ----a-w- c:\documents and settings\Billy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 21:44 . 2009-06-11 21:44 1878984 ----a-w- c:\documents and settings\Billy\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-03 19:09 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 17:12 . 2009-06-02 17:12 390664 ----a-w- c:\documents and settings\Billy\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-27 04:59 . 2009-05-27 04:52 -------- d-----w- c:\program files\PCFriendly
2009-05-27 04:59 . 2009-05-27 04:58 -------- d-----w- c:\program files\InterActual
2009-05-27 04:58 . 2009-05-27 04:57 9634304 ----a-w- C:\iaplayer_2.71.14.0211-esd.exe
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-13 07:44 . 2008-12-06 16:45 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-15 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-1 45056]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/21/2009 1:39 AM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [6/21/2009 1:42 AM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [6/21/2009 1:42 AM 39200]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [9/23/2008 10:45 AM 160792]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/21/2009 1:40 AM 159600]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [10/1/2007 9:48 AM 16384]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [10/1/2007 9:55 AM 57216]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/21/2009 1:39 AM 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/9/2008 10:17 PM 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [6/21/2009 1:42 AM 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
- - - - ORPHANS REMOVED - - - -
BHO-{b7f907ee-0a1b-43b8-a611-b429a184ad6b} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Aim6 - (no file)
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\docume~1\Billy\APPLIC~1\Mozilla\Firefox\Profiles\waucp2wg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-18 19:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1252)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(1308)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-07-19 19:16
ComboFix-quarantined-files.txt 2009-07-19 02:16
Pre-Run: 26,917,011,456 bytes free
Post-Run: 26,976,337,920 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
167 --- E O F --- 2009-07-18 19:13