BleepingComputer.com: My combofix log

I'm not sure if this is where I'm supposed to post this but here is my combofix log. I hope there is a solution.
Thanks in advance and glad I found this place.

Rick

..................................
ComboFix 09-07-03.03 - admin 07/04/2009 3:53.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1684 [GMT -4:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Help
2009-07-04 05:51 . 2009-07-04 05:51 -------- d-----w- c:\program files\Western Digital
2009-07-03 13:22 . 2009-07-03 13:45 -------- d-----w- c:\documents and settings\admin\Local Settings\Application Data\Microsoft
2009-07-03 11:15 . 2009-07-03 11:15 -------- d-----w- c:\windows\DJNQUY159DGKPSW0
2009-07-02 18:01 . 2002-11-21 06:07 765952 ----a-r- c:\windows\system\crlds3d.dll
2009-07-02 18:01 . 2002-08-27 07:23 720896 ----a-r- c:\windows\system32\Audio3D.dll
2009-07-02 18:01 . 2003-02-27 06:03 701676 ----a-r- c:\windows\system32\drivers\ALCXWDM.SYS
2009-07-02 18:01 . 2003-02-27 05:29 47104 ----a-r- c:\windows\SOUNDMAN.EXE
2009-07-02 16:49 . 2009-07-02 16:49 -------- d-----w- c:\windows\system32\LogFiles
2009-07-02 15:58 . 2009-07-03 13:27 -------- d-----w- c:\program files\Common Files\Webroot Shared
2009-07-02 15:58 . 2009-07-02 15:58 -------- d-----w- c:\program files\Webroot
2009-07-02 15:57 . 2005-04-20 14:34 487936 ----a-w- c:\windows\system32\wwSecure.exe
2009-07-02 15:57 . 2005-04-18 17:49 57344 ----a-w- c:\windows\Unwash6.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 05:51 . 2005-02-18 18:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 16:46 . 2005-03-03 23:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-03 13:27 . 2009-07-03 13:27 -------- d-----w- c:\documents and settings\admin\Application Data\Webroot
2009-07-03 13:22 . 2009-07-03 13:22 128 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\fusioncache.dat
2009-07-03 08:23 . 2005-02-19 09:07 373632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-03 03:36 . 2005-02-18 19:01 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2009-07-03 03:36 . 2005-02-18 19:01 384 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-20021102}.dat
2009-07-03 03:32 . 2006-08-19 06:36 -------- d-----w- c:\program files\Camfrog
2009-07-03 03:14 . 2005-02-18 19:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Creative
2009-07-03 03:14 . 2005-02-18 18:59 -------- d-----w- c:\program files\Creative
2009-07-03 00:38 . 2005-03-03 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
.
c:\windows\system32\drivers\tcpip.sys ... is infected !!
[-] 2009-07-03 08:23 373,632 c:\windows\system32\dllcache\tcpip.sys
[-] 2009-07-03 08:23 373,632 c:\windows\system32\drivers\tcpip.sys
[7] 2006-04-20 12:18 360,576 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360,448 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 02:28 359,808 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2005-05-25 19:07 359,936 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 19:04 359,808 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 12:00 359,040 c:\windows\$NtUninstallKB893066$\tcpip.sys


((((((((((((((((((((((((((((( SnapShot@2009-07-03_11.25.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-19 09:07 . 2009-07-03 14:35 52968 c:\windows\system32\perfc009.dat
- 2005-02-19 09:07 . 2007-03-12 03:22 52968 c:\windows\system32\perfc009.dat
+ 2009-07-03 13:34 . 2005-10-12 23:12 22752 c:\windows\$hf_mig$\KB931784\update\spcustom.dll
+ 2009-07-03 13:34 . 2005-10-12 23:12 14048 c:\windows\$hf_mig$\KB931784\spmsg.dll
- 2005-02-19 09:07 . 2007-03-12 03:22 380680 c:\windows\system32\perfh009.dat
+ 2005-02-19 09:07 . 2009-07-03 14:35 380680 c:\windows\system32\perfh009.dat
+ 2009-07-03 13:34 . 2005-10-12 23:12 371424 c:\windows\$hf_mig$\KB931784\update\updspapi.dll
+ 2009-07-03 13:34 . 2005-10-12 23:12 716000 c:\windows\$hf_mig$\KB931784\update\update.exe
+ 2009-07-03 13:34 . 2005-10-12 23:12 213216 c:\windows\$hf_mig$\KB931784\spuninst.exe
- 2005-02-19 09:07 . 2006-12-19 14:17 2180352 c:\windows\system32\ntoskrnl.exe
+ 2005-02-19 09:07 . 2007-02-28 09:10 2180352 c:\windows\system32\ntoskrnl.exe
- 2004-08-03 22:59 . 2006-12-19 12:55 2057600 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-03 22:59 . 2007-02-28 08:38 2057600 c:\windows\system32\ntkrnlpa.exe
- 2006-12-19 14:17 . 2006-12-19 14:17 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2006-12-19 14:17 . 2007-02-28 09:10 2180352 c:\windows\system32\dllcache\ntoskrnl.exe
- 2006-12-19 12:55 . 2006-12-19 12:55 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2007-02-28 08:38 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2006-12-19 12:55 2057600 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 12:55 . 2007-02-28 08:38 2057600 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 14:15 . 2006-12-19 14:15 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2007-02-28 09:08 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2005-03-02 00:59 . 2007-02-28 09:10 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-03-02 00:59 . 2006-12-19 14:17 2180352 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2005-03-02 00:34 . 2006-12-19 12:55 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2007-02-28 08:38 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2007-02-28 08:38 2057600 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2006-12-19 12:55 2057600 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:57 . 2007-02-28 09:08 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:57 . 2006-12-19 14:15 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 09:55 . 2007-02-28 09:55 2182144 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2007-02-28 09:15 . 2007-02-28 09:15 2017280 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:15 . 2007-02-28 09:15 2059392 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:53 . 2007-02-28 09:53 2137600 c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2005-04-20 894464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-13 155648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-02-27 47104]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-3 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 06:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashFXP\\flashfxp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\m23.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2/19/2005 5:07 AM 77312]
R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [11/9/2004 6:32 PM 21968]
R1 TeksKernel;TeksKernel;c:\windows\system32\drivers\TeksKernel.sys [7/8/2004 6:14 PM 9060]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\PfModNT.sys [2/18/2005 2:59 PM 15840]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
R2 ProductivITService;ProductivIT Service;c:\program files\AlienAutopsy\TEKS_Service.exe [7/8/2004 6:22 PM 77824]
R2 WFTFSHQV;WFTFSHQV;c:\windows\system32\wftfshqv.tkr [2/19/2005 5:07 AM 14976]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2/19/2005 5:07 AM 44032]
S3 Crcdockaas;Crcdockaas; [x]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)


.
------- Supplementary Scan -------
.
TCP: {093B3470-53FC-4A0B-B87F-60DC039E220F} = 216.21.230.129
TCP: {0AC62FFA-0B78-4E3B-9931-4AD4044718F4} = 216.21.230.129
TCP: {B364640B-FAD0-49A1-AD5C-05F35DD341F3} = 216.21.230.129
TCP: {F4F5FADA-38BB-437C-B83C-F6ACF7BDD275} = 216.21.230.129
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} - hxxp://poker.milbestlight.com/poker/PokerCreations.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 03:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WFTFSHQV]
"ImagePath"="\??\c:\windows\system32\wftfshqv.tkr"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\msi.dll
.
Completion time: 2009-07-04 3:56
ComboFix-quarantined-files.txt 2009-07-04 07:56
ComboFix2.txt 2009-07-03 14:26
ComboFix3.txt 2009-07-03 11:34
ComboFix4.txt 2009-07-03 11:31
ComboFix5.txt 2009-07-04 07:53

Pre-Run: 389,452,021,760 bytes free
Post-Run: 389,438,263,296 bytes free

175

Hello rgoodpa1,

Please note that ComboFix logs should not be posted outside the HijackThis forums and then only when requested. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff