chipnmissy

here is the combofix log report

ComboFix 09-04-20.02 - Owner 04/19/2009 20:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.212 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.EXE.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
.
/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"showicon2k"="c:\program files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 135168]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-04-24 77824]
"SpotmauSecretary"="c:\program files\Spotmau\Desktop_Secretary\Spotmau_S.exe" [2009-03-11 566784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-04-19 1851128]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-05-02 323584]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2003-06-03 496640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2003-4-23 1742384]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-6 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

R3 cpuz129;cpuz129;c:\program files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2008-12-10 64392]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2008-06-06 33088]
R3 ThreatFire;ThreatFire; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-06-06 51520]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-06-06 38208]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-19 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-19 24336]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-11 159600]
S2 supersafer;supersafer;c:\windows\system32\drivers\supersafer.sys [2009-03-11 354176]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-19 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-04-23 07:56]

2009-04-14 c:\windows\Tasks\Disk Defragmenter.job
- c:\documents and settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk [2003-04-24 03:48]

2004-09-06 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 2170 series5E771253C1676EBED677BF361FDFC537825E15B8075430597.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-04-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-04-24 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.19\AMVConverter\grab.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1spbq164.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 20:55
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3508902286-1040935473-1732238221-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\guard32.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-04-20 20:56
ComboFix-quarantined-files.txt 2009-04-20 00:56

Pre-Run: 148,180,070,400 bytes free
Post-Run: 148,167,155,712 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

128