Having random tabs open and other viruses found

R

Redcat

New member
I am having problems with random tabs opening while online. I also have had AVSecurity Suite and Virtumonde found with various tools. Any help is greatly appreciated. I use my home computer for work.

Here is my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ann at 21:29:29.71 on Sat 08/14/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1190 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
svchost.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Documents and Settings\Ann\My Documents\Downloads\dds.scr
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [VTTimer] VTTimer.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\ann\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\ann\startm~1\programs\startup\xfire.lnk - f:\xfire\xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ma111c~1.lnk - c:\program files\netgear\ma111 configuration utility\wlancfg4.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - f:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Pool 2 - hxxp://download2.games.yahoo.com/games/clients/y/poti_x.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} - hxxp://asp.mathxl.com/applets/PearsonInstallAsst.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156302535046
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Filter: text/html - {0155cdd5-ccca-4718-a340-84eda8a8ca70} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: karna.dat rcveqq.dll c:\windows\system32\tutogupo.dll docznf.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli c:\windows\system32\tutogupo.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ann\applic~1\mozilla\firefox\profiles\cecf4vx0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\ann\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ann\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\ann\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\ann\local settings\application data\robloxversions\version-b5dc796702a14251\nproblox.dll
FF - plugin: c:\documents and settings\ann\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-14 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-14 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-2-27 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-14 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-8-31 13696]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-8-29 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1355416]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2010-4-5 444928]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-6-17 845184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-31 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-4-1 430152]
S3 idrmkl;idrmkl;\??\c:\docume~1\ann\locals~1\temp\idrmkl.sys --> c:\docume~1\ann\locals~1\temp\idrmkl.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15008]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-5-11 20096]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [2010-7-13 40672]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\drivers\MA111nd5.sys [2006-8-23 666624]
S3 XDva296;XDva296;\??\c:\windows\system32\xdva296.sys --> c:\windows\system32\XDva296.sys [?]

=============== Created Last 30 ================

2010-08-15 04:05:52 0 d-----w- c:\windows\Performance
2010-08-15 04:05:11 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-08-13 20:11:24 0 d-----w- C:\bf0402ce77137c72987ae03d3508db27
2010-08-13 20:03:38 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 20:03:38 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 20:03:38 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 20:03:37 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 20:03:37 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-13 20:03:36 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 20:03:35 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 20:03:26 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-12 05:11:51 0 d-----w- C:\gPotato.com
2010-08-07 18:00:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-07 18:00:45 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 04:33:48 0 d-----w- c:\program files\Vstplugins
2010-08-07 04:33:00 0 d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-08-07 04:32:33 0 d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
2010-08-03 20:51:02 0 d-----w- c:\docume~1\ann\applic~1\Turbine
2010-08-03 20:29:51 0 d-----w- c:\program files\Turbine
2010-07-30 08:38:09 0 d-----w- c:\program files\Sony
2010-07-27 05:06:06 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-07-27 05:06:06 0 d-----w- c:\program files\AMD
2010-07-24 07:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 07:55:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 07:55:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 18:41:47 0 d-----w- c:\docume~1\alluse~1\applic~1\LAG

==================== Find3M ====================

2010-07-26 03:17:48 109656 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-20 06:16:08 91864 ----a-w- c:\windows\fonts\Army Expanded.ttf
2010-07-20 06:16:08 91468 ----a-w- c:\windows\fonts\Army Wide.ttf
2010-07-20 06:16:08 91120 ----a-w- c:\windows\fonts\Army.ttf
2010-07-20 06:16:08 90832 ----a-w- c:\windows\fonts\Army Thin.ttf
2010-07-20 06:16:08 90804 ----a-w- c:\windows\fonts\Army Condensed.ttf
2010-07-20 06:16:08 146320 ----a-w- c:\windows\fonts\Army Hollow Expanded.ttf
2010-07-20 06:16:08 144692 ----a-w- c:\windows\fonts\Army Hollow Wide.ttf
2010-07-20 06:16:08 142992 ----a-w- c:\windows\fonts\Army Hollow Condensed.ttf
2010-07-20 06:16:08 142876 ----a-w- c:\windows\fonts\Army Hollow.ttf
2010-07-20 06:16:08 142236 ----a-w- c:\windows\fonts\Army Hollow Thin.ttf
2010-07-15 16:58:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:58:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:57:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 04:21:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-14 04:34:04 40672 ----a-w- c:\windows\system32\drivers\CESG502.SYS
2010-07-06 17:28:45 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-27 05:02:56 138056 ----a-w- c:\docume~1\ann\applic~1\PnkBstrK.sys
2010-05-27 05:02:34 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2008-10-26 17:28:24 19146 ----a-w- c:\program files\common files\ynynoxuxej.inf
2008-10-26 17:28:24 17795 ----a-w- c:\program files\common files\lupun.pif
2008-10-26 17:28:24 16722 ----a-w- c:\program files\common files\qefi.pif
2008-10-26 17:28:24 13632 ----a-w- c:\program files\common files\cozes.com
2008-10-26 17:06:35 16028 ----a-w- c:\program files\common files\equrep.inf
2008-10-26 17:06:35 12891 ----a-w- c:\program files\common files\sinubefy.vbs
2004-09-10 20:40:38 75264 ----a-w- c:\program files\DECCHECK.exe
2004-09-10 20:40:38 5970 ----a-w- c:\program files\eula.txt
2007-03-23 05:11:03 80 --sh--r- c:\windows\system32\6B38E1B19A.dll

============= FINISH: 21:31:27.25 ===============
 
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006
 
Thank you peku006

Here is my ComboFix Log:

ComboFix 10-08-18.04 - Ann 08/19/2010 19:44:45.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1560 [GMT -7:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ann\Cookies\uluqalyz.bat
c:\documents and settings\Ann\Cookies\ysifijyzy.db
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\cyze._dl
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Ann\Recent\Thumbs.db
c:\program files\driver
c:\windows\gexinypofa.scr
c:\windows\icepopakah.dll
c:\windows\system32\twain.dll
c:\windows\wiaserviv.log
c:\windows\wiaservv.log

Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-19 02:45 . 2010-08-19 02:45 -------- d-----w- c:\program files\QuickTime
2010-08-15 04:05 . 2010-08-15 04:05 -------- d-----w- c:\windows\Performance
2010-08-15 04:05 . 2010-08-15 04:05 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Microsoft Corporation
2010-08-15 04:05 . 2010-08-15 04:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-08-13 20:13 . 2010-08-13 20:13 336104 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-13 20:11 . 2010-08-13 20:12 -------- d-----w- C:\bf0402ce77137c72987ae03d3508db27
2010-08-13 20:03 . 2010-06-02 11:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 20:03 . 2010-06-02 11:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 20:03 . 2010-06-02 11:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 20:03 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-12 05:11 . 2010-08-12 05:12 -------- d-----w- C:\gPotato.com
2010-08-07 18:01 . 2010-08-08 02:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 18:00 . 2010-08-07 18:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\program files\Vstplugins
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Sony
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Publish Providers
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-08-07 04:32 . 2010-08-07 04:32 -------- d-----w- c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
2010-08-07 04:31 . 2010-08-07 04:31 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Sunbelt Software
2010-08-03 20:51 . 2010-08-03 20:51 -------- d-----w- c:\documents and settings\Ann\Application Data\Turbine
2010-08-03 20:49 . 2010-08-03 20:53 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Turbine
2010-08-03 20:29 . 2010-08-03 20:29 -------- d-----w- c:\program files\Turbine
2010-07-30 08:39 . 2010-07-30 08:39 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Sony
2010-07-30 08:38 . 2010-08-11 09:26 -------- d-----w- c:\program files\Sony
2010-07-27 05:06 . 2010-07-27 05:06 -------- d-----w- c:\program files\AMD
2010-07-27 05:06 . 2007-06-29 21:47 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
2010-07-24 07:55 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 07:55 . 2010-08-07 04:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-24 07:55 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-23 18:41 . 2010-07-23 18:41 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\LAG
2010-07-23 18:41 . 2010-07-23 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LAG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 03:01 . 2010-05-03 02:34 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-20 03:01 . 2007-08-19 23:10 336 ----a-w- c:\windows\system32\tablet.dat
2010-08-18 22:05 . 2009-12-08 05:36 -------- d-----w- c:\program files\Steam
2010-08-18 15:55 . 2006-12-27 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-08-18 04:52 . 2008-01-12 01:57 -------- d-----w- c:\documents and settings\Ann\Application Data\TaxCut
2010-08-18 04:52 . 2008-01-12 03:24 -------- d-----w- c:\documents and settings\Ann\Application Data\pdf995
2010-08-15 01:22 . 2010-08-15 01:21 -------- d-----w- c:\documents and settings\Mom\Application Data\Apple Computer
2010-08-15 01:19 . 2010-08-15 01:19 182800 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-14 00:40 . 2006-08-23 06:39 182800 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 01:36 . 2009-08-04 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 18:01 . 2010-08-07 18:01 503808 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ad925bc-n\msvcp71.dll
2010-08-07 18:01 . 2010-08-07 18:01 499712 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ad925bc-n\jmc.dll
2010-08-07 18:01 . 2010-08-07 18:01 348160 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ad925bc-n\msvcr71.dll
2010-08-07 18:00 . 2010-08-07 18:00 61440 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-597ccffc-n\decora-sse.dll
2010-08-07 18:00 . 2010-08-07 18:00 12800 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-597ccffc-n\decora-d3d.dll
2010-08-07 17:50 . 2007-02-19 20:02 -------- d-----w- c:\program files\Java
2010-08-07 04:35 . 2009-02-07 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-07 04:35 . 2009-02-07 15:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-07 04:33 . 2008-09-27 21:01 -------- d-----w- c:\program files\THQ
2010-08-07 04:31 . 2010-07-15 04:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-08-03 14:25 . 2010-03-10 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-29 03:18 . 2010-05-22 08:28 -------- d-----w- c:\program files\OGPlanet
2010-07-27 05:06 . 2010-07-27 05:06 10134 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-07-27 05:05 . 2006-08-31 07:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-26 03:17 . 2009-12-13 03:46 109656 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-20 20:21 . 2008-05-13 02:25 -------- d-----w- c:\documents and settings\Ann\Application Data\U3
2010-07-20 20:20 . 2008-06-24 21:04 -------- d-----w- c:\documents and settings\Ann\Application Data\Printer Info Cache
2010-07-20 16:28 . 2010-07-20 16:28 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-20 16:28 . 2010-07-20 16:28 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-20 16:28 . 2010-07-20 16:28 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-20 16:28 . 2010-07-20 16:28 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-15 16:58 . 2008-06-14 22:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:58 . 2008-06-14 22:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:57 . 2008-06-14 22:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 04:21 . 2010-07-15 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-15 04:21 . 2010-07-15 04:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-15 04:01 . 2010-07-15 04:01 -------- d-----w- c:\program files\Lavasoft
2010-07-14 19:14 . 2006-12-28 00:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-14 04:34 . 2010-07-14 04:34 -------- d-----w- c:\program files\CASIO
2010-07-14 04:34 . 2010-07-14 04:34 40672 ----a-w- c:\windows\system32\drivers\CESG502.SYS
2010-07-13 19:05 . 2010-06-30 07:17 -------- d-----w- c:\documents and settings\Ann\Application Data\Ludia
2010-07-13 19:05 . 2010-07-13 19:05 -------- d-----w- c:\program files\LEGO Company
2010-07-12 03:42 . 2010-07-09 08:38 -------- d-----w- c:\documents and settings\Ann\Application Data\NeopleLauncherDFO
2010-07-09 08:23 . 2010-07-09 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-07-06 17:29 . 2010-07-15 04:01 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-07-15 04:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-06 17:28 . 2010-07-15 06:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-27 06:36 . 2010-06-27 06:36 -------- d-----w- c:\documents and settings\Ann\Application Data\Beat Hazard
2010-06-14 07:32 . 2010-06-14 07:32 315392 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\14\304eace-4ddbd49a-n\jogl.dll
2010-06-14 07:32 . 2010-06-14 07:32 20480 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\44\668a36c-69892650-n\gluegen-rt.dll
2010-06-14 07:32 . 2010-06-14 07:32 20480 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\14\304eace-4ddbd49a-n\jogl_awt.dll
2010-06-14 07:32 . 2010-06-14 07:32 114688 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\14\304eace-4ddbd49a-n\jogl_cg.dll
2010-06-13 21:50 . 2010-06-13 21:50 50354 ----a-w- c:\documents and settings\Ann\Application Data\Facebook\uninstall.exe
2010-06-10 19:35 . 2010-06-10 19:35 152064 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\JavaLib\_NativeHelper.temp924356793.dll
2010-06-10 19:31 . 2010-06-10 19:31 87040 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\NativeHelper.dll
2010-06-10 19:31 . 2010-06-10 19:31 6144 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\CrashDataUploader.exe
2010-06-10 19:31 . 2010-06-10 19:31 4178264 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\D3DX9_41.dll
2010-06-10 19:31 . 2010-06-10 19:31 374784 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\fmodex.dll
2010-06-10 19:31 . 2010-06-10 19:31 22360 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\X3DAudio1_6.dll
2010-06-10 19:31 . 2010-06-10 19:31 110592 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\OpenAL32.dll
2010-06-10 19:31 . 2010-06-10 19:31 261120 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\BattlePunks.exe
2010-06-10 19:31 . 2010-06-10 19:31 7648256 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\BattlePunks.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Ann\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-02 15:09 . 2007-02-27 17:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 16:16 . 2010-05-31 16:16 3774 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_F9CA2052147BEB87F4CFC0.exe
2010-05-31 16:16 . 2010-05-31 16:16 3774 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_CD4B0F1180842A4810A87B.exe
2010-05-31 16:16 . 2010-05-31 16:16 3774 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_6FEFF9B68218417F98F549.exe
2010-05-27 05:02 . 2010-05-27 05:02 138056 ----a-w- c:\documents and settings\Ann\Application Data\PnkBstrK.sys
2010-05-27 05:02 . 2010-05-27 05:02 138056 ----a-w- c:\documents and settings\Ann\Application Data\PnkBstrK.sys
2010-05-27 05:02 . 2010-05-27 05:02 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2008-10-26 17:28 . 2008-10-26 17:28 19146 ----a-w- c:\program files\Common Files\ynynoxuxej.inf
2008-10-26 17:28 . 2008-10-26 17:28 17795 ----a-w- c:\program files\Common Files\lupun.pif
2008-10-26 17:28 . 2008-10-26 17:28 16722 ----a-w- c:\program files\Common Files\qefi.pif
2008-10-26 17:28 . 2008-10-26 17:28 13632 ----a-w- c:\program files\Common Files\cozes.com
2008-10-26 17:06 . 2008-10-26 17:06 16028 ----a-w- c:\program files\Common Files\equrep.inf
2008-10-26 17:06 . 2008-10-26 17:06 12891 ----a-w- c:\program files\Common Files\sinubefy.vbs
2004-09-10 20:40 . 2004-09-10 20:40 75264 ----a-w- c:\program files\DECCHECK.exe
2004-09-10 20:40 . 2004-09-10 20:40 5970 ----a-w- c:\program files\eula.txt
2007-03-23 05:11 . 2007-03-21 23:53 80 --sh--r- c:\windows\system32\6B38E1B19A.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2006-04-07 135168]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2006-8-23 1158144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Game_Oasis.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Game_Oasis.lnk
backup=c:\windows\pss\Game_Oasis.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Stationery_Maker.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Stationery_Maker.lnk
backup=c:\windows\pss\Stationery_Maker.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Vacation_Countdown.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Vacation_Countdown.lnk
backup=c:\windows\pss\Vacation_Countdown.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Whats_New.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Whats_New.lnk
backup=c:\windows\pss\Whats_New.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 14:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2003-04-03 20:35 50176 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-04-09 17:44 504832 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-14 23:41 133104 ----atw- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 05:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-06-20 19:06 339968 ----a-w- c:\windows\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 12:47 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 22:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:31 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-10 21:00 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 04:29 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 17:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-22 06:49 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 06:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 17:43 407032 ----a-w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\OutBound_Pul.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\judicator03\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout\\falloutw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"56980:TCP"= 56980:TCP:Pando Media Booster
"56980:UDP"= 56980:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/14/2010 9:21 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/14/2008 3:19 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/14/2008 3:19 PM 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/31/2007 11:40 PM 13696]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 5:00 AM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:58 AM 308136]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [4/5/2010 7:19 AM 444928]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/17/2009 11:21 AM 845184]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2010 10:58 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/1/2010 7:29 AM 430152]
S3 idrmkl;idrmkl;\??\c:\docume~1\Ann\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\Ann\LOCALS~1\Temp\idrmkl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 10:28 AM 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 9:28 PM 15008]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [5/11/2010 12:20 PM 20096]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [7/13/2010 9:34 PM 40672]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\drivers\MA111nd5.sys [8/23/2006 12:46 AM 666624]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 04:27]

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 05:58]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 05:58]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\cecf4vx0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Ann\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Ann\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\RobloxVersions\version-b5dc796702a14251\nproblox.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
MSConfigStartUp-AIM - f:\program files\AIM\aim.exe
MSConfigStartUp-BullGuard - c:\program files\BullGuard Ltd\BullGuard\bullguard.exe
MSConfigStartUp-CPM4f260cb1 - c:\windows\system32\gifejivi.dll
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-GetModule25 - c:\program files\GetModule\GetModule25.exe
MSConfigStartUp-GetPack23 - c:\program files\GetPack\GetPack23.exe
MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
MSConfigStartUp-iqievumt - c:\documents and settings\NetworkService\Local Settings\Application Data\dbqwenctt\mtftkoptssd.exe
MSConfigStartUp-Microsoft Windows Adapter 5.1 - c:\documents and settings\Ann\Application Data\ulzlm.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-PhotoShow Deluxe Media Manager - c:\progra~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
MSConfigStartUp-pumidawowu - c:\windows\system32\dutorenu.dll
MSConfigStartUp-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Twain - c:\documents and settings\Ann\Application Data\Twain\Twain.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-AstrumNival Allods - f:\games\Allods Online\uninst.exe
AddRemove-COH - f:\city of heroes\uninstall.exe
AddRemove-Easy Video Downloader_is1 - c:\program files\Easy Video Downloader\unins000.exe
AddRemove-gatesofandaron_is1 - c:\program files\Gameforge4D\GatesofAndaron\unins000.exe
AddRemove-InstallPath - f:\splash fighters\epuninst.exe
AddRemove-Kingdom Heroes - f:\kingdom heroes\Uninst.exe
AddRemove-LUNA_US_090414 - f:\luna online\uninst.exe
AddRemove-Shin Megami Tensei: Imagine Online - f:\games\Uninst.exe
AddRemove-The D Show - c:\disney\DShow\DeIsL1.isu
AddRemove-WolfTeam - f:\wolf team\Uninst.exe
AddRemove-Xfire - f:\xfire\uninst.exe
AddRemove-YouTube Grabber_is1 - c:\program files\Easiestutils\YouTube Grabber\unins000.exe
AddRemove-{B47B025C-11F5-498A-8C90-0B487C78B58C}_is1 - f:\rappelz\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 20:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2940)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\Tablet.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\mdm.exe
.
**************************************************************************
.
Completion time: 2010-08-19 20:16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-20 03:16

Pre-Run: 16,372,531,200 bytes free
Post-Run: 18,205,769,728 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /usepmtimer

- - End Of File - - 7F307CCD948B51A9AA12B750D6E29EF9
 
Hi Redcat

Run CFScript

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP
c:\windows\system32\lsdelete.exe
c:\program files\Common Files\ynynoxuxej.inf
c:\program files\Common Files\lupun.pif
c:\program files\Common Files\qefi.pif
c:\program files\Common Files\cozes.com
c:\program files\Common Files\equrep.inf
c:\program files\Common Files\sinubefy.vbs

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Malwarebytes' Anti-Malware
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006
 
Hello peku006 and thank you.

Here is the ComboFix log:

ComboFix 10-08-18.04 - Ann 08/20/2010 8:04.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1493 [GMT -7:00]
Running from: c:\documents and settings\Ann\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ann\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\Common Files\cozes.com"
"c:\program files\Common Files\equrep.inf"
"c:\program files\Common Files\lupun.pif"
"c:\program files\Common Files\qefi.pif"
"c:\program files\Common Files\sinubefy.vbs"
"c:\program files\Common Files\ynynoxuxej.inf"
"c:\windows\11AE680750D24F5982B32C3E695E94C2.TMP"
"c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP"
"c:\windows\system32\lsdelete.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\cozes.com
c:\program files\Common Files\equrep.inf
c:\program files\Common Files\lupun.pif
c:\program files\Common Files\qefi.pif
c:\program files\Common Files\sinubefy.vbs
c:\program files\Common Files\ynynoxuxej.inf
c:\windows\system32\lsdelete.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 05:42 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-19 02:45 . 2010-08-19 02:45 -------- d-----w- c:\program files\QuickTime
2010-08-15 04:05 . 2010-08-15 04:05 -------- d-----w- c:\windows\Performance
2010-08-15 04:05 . 2010-08-15 04:05 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Microsoft Corporation
2010-08-15 04:05 . 2010-08-15 04:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-08-15 01:23 . 2010-08-15 01:23 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\AVG Security Toolbar
2010-08-15 01:23 . 2010-08-15 01:23 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Mozilla
2010-08-15 01:22 . 2010-08-15 01:22 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Apple
2010-08-15 01:21 . 2010-08-15 01:22 -------- d-----w- c:\documents and settings\Mom\Application Data\Apple Computer
2010-08-15 01:20 . 2010-08-15 01:22 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\Apple Computer
2010-08-15 01:19 . 2010-08-15 01:19 182800 ----a-w- c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-13 20:11 . 2010-08-13 20:12 -------- d-----w- C:\bf0402ce77137c72987ae03d3508db27
2010-08-13 20:03 . 2010-06-02 11:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-08-13 20:03 . 2010-06-02 11:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-08-13 20:03 . 2010-06-02 11:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-08-13 20:03 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-08-13 20:03 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-08-12 05:11 . 2010-08-12 05:12 -------- d-----w- C:\gPotato.com
2010-08-07 18:01 . 2010-08-07 18:01 503808 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ad925bc-n\msvcp71.dll
2010-08-07 18:01 . 2010-08-07 18:01 499712 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ad925bc-n\jmc.dll
2010-08-07 18:01 . 2010-08-07 18:01 348160 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5ad925bc-n\msvcr71.dll
2010-08-07 18:01 . 2010-08-08 02:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-07 18:00 . 2010-08-07 18:00 61440 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-597ccffc-n\decora-sse.dll
2010-08-07 18:00 . 2010-08-07 18:00 12800 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-597ccffc-n\decora-d3d.dll
2010-08-07 18:00 . 2010-08-07 18:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\program files\Vstplugins
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Sony
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Publish Providers
2010-08-07 04:33 . 2010-08-07 04:33 -------- d-----w- c:\windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
2010-07-24 07:55 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-23 18:41 . 2010-07-23 18:41 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\LAG
2010-07-23 18:41 . 2010-07-23 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LAG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 15:16 . 2010-05-03 02:34 -------- d-----w- c:\program files\Common Files\Akamai
2010-08-20 14:47 . 2007-08-19 23:10 336 ----a-w- c:\windows\system32\tablet.dat
2010-08-20 10:02 . 2009-08-04 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-18 22:05 . 2009-12-08 05:36 -------- d-----w- c:\program files\Steam
2010-08-18 15:55 . 2006-12-27 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-08-18 04:52 . 2008-01-12 01:57 -------- d-----w- c:\documents and settings\Ann\Application Data\TaxCut
2010-08-18 04:52 . 2008-01-12 03:24 -------- d-----w- c:\documents and settings\Ann\Application Data\pdf995
2010-08-14 00:40 . 2006-08-23 06:39 182800 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-11 09:26 . 2010-07-30 08:38 -------- d-----w- c:\program files\Sony
2010-08-07 17:50 . 2007-02-19 20:02 -------- d-----w- c:\program files\Java
2010-08-07 04:35 . 2009-02-07 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-07 04:35 . 2009-02-07 15:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-07 04:33 . 2008-09-27 21:01 -------- d-----w- c:\program files\THQ
2010-08-07 04:32 . 2010-07-24 07:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-07 04:31 . 2010-07-15 04:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-08-03 20:51 . 2010-08-03 20:51 -------- d-----w- c:\documents and settings\Ann\Application Data\Turbine
2010-08-03 20:29 . 2010-08-03 20:29 -------- d-----w- c:\program files\Turbine
2010-08-03 14:25 . 2010-03-10 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-29 03:18 . 2010-05-22 08:28 -------- d-----w- c:\program files\OGPlanet
2010-07-27 05:06 . 2010-07-27 05:06 10134 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2010-07-27 05:06 . 2010-07-27 05:06 -------- d-----w- c:\program files\AMD
2010-07-27 05:05 . 2006-08-31 07:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-26 03:17 . 2009-12-13 03:46 109656 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-20 20:21 . 2008-05-13 02:25 -------- d-----w- c:\documents and settings\Ann\Application Data\U3
2010-07-20 20:20 . 2008-06-24 21:04 -------- d-----w- c:\documents and settings\Ann\Application Data\Printer Info Cache
2010-07-15 16:58 . 2008-06-14 22:19 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 16:58 . 2008-06-14 22:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 16:57 . 2008-06-14 22:19 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 04:21 . 2010-07-15 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-15 04:21 . 2010-07-15 04:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-15 04:01 . 2010-07-15 04:01 -------- d-----w- c:\program files\Lavasoft
2010-07-14 19:14 . 2006-12-28 00:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-14 04:34 . 2010-07-14 04:34 -------- d-----w- c:\program files\CASIO
2010-07-14 04:34 . 2010-07-14 04:34 40672 ----a-w- c:\windows\system32\drivers\CESG502.SYS
2010-07-13 19:05 . 2010-06-30 07:17 -------- d-----w- c:\documents and settings\Ann\Application Data\Ludia
2010-07-13 19:05 . 2010-07-13 19:05 -------- d-----w- c:\program files\LEGO Company
2010-07-12 03:42 . 2010-07-09 08:38 -------- d-----w- c:\documents and settings\Ann\Application Data\NeopleLauncherDFO
2010-07-09 08:23 . 2010-07-09 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-07-06 17:29 . 2010-07-15 04:01 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
2010-07-06 17:28 . 2010-07-15 04:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 06:36 . 2010-06-27 06:36 -------- d-----w- c:\documents and settings\Ann\Application Data\Beat Hazard
2010-06-24 12:10 . 2006-06-23 18:33 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-09-01 06:15 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2006-09-13 05:09 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:32 . 2010-06-14 07:32 315392 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\14\304eace-4ddbd49a-n\jogl.dll
2010-06-14 07:32 . 2010-06-14 07:32 20480 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\44\668a36c-69892650-n\gluegen-rt.dll
2010-06-14 07:32 . 2010-06-14 07:32 20480 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\14\304eace-4ddbd49a-n\jogl_awt.dll
2010-06-14 07:32 . 2010-06-14 07:32 114688 ----a-w- c:\documents and settings\Ann\Application Data\Sun\Java\Deployment\cache\6.0\14\304eace-4ddbd49a-n\jogl_cg.dll
2010-06-13 21:50 . 2010-06-13 21:50 50354 ----a-w- c:\documents and settings\Ann\Application Data\Facebook\uninstall.exe
2010-06-10 19:35 . 2010-06-10 19:35 152064 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\JavaLib\_NativeHelper.temp924356793.dll
2010-06-10 19:31 . 2010-06-10 19:31 87040 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\NativeHelper.dll
2010-06-10 19:31 . 2010-06-10 19:31 6144 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\CrashDataUploader.exe
2010-06-10 19:31 . 2010-06-10 19:31 4178264 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\D3DX9_41.dll
2010-06-10 19:31 . 2010-06-10 19:31 374784 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\fmodex.dll
2010-06-10 19:31 . 2010-06-10 19:31 22360 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\X3DAudio1_6.dll
2010-06-10 19:31 . 2010-06-10 19:31 110592 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\OpenAL32.dll
2010-06-10 19:31 . 2010-06-10 19:31 261120 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\BattlePunks.exe
2010-06-10 19:31 . 2010-06-10 19:31 7648256 ----a-w- c:\documents and settings\Ann\Application Data\BattlePunks\BattlePunks\BattlePunks.dll
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Ann\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-02 15:09 . 2007-02-27 17:38 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-31 16:16 . 2010-05-31 16:16 3774 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_F9CA2052147BEB87F4CFC0.exe
2010-05-31 16:16 . 2010-05-31 16:16 3774 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_CD4B0F1180842A4810A87B.exe
2010-05-31 16:16 . 2010-05-31 16:16 3774 ----a-r- c:\documents and settings\Ann\Application Data\Microsoft\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_6FEFF9B68218417F98F549.exe
2010-05-27 05:02 . 2010-05-27 05:02 138056 ----a-w- c:\documents and settings\Ann\Application Data\PnkBstrK.sys
2010-05-27 05:02 . 2010-05-27 05:02 138056 ----a-w- c:\documents and settings\Ann\Application Data\PnkBstrK.sys
2010-05-27 05:02 . 2010-05-27 05:02 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2004-09-10 20:40 . 2004-09-10 20:40 75264 ----a-w- c:\program files\DECCHECK.exe
2004-09-10 20:40 . 2004-09-10 20:40 5970 ----a-w- c:\program files\eula.txt
2007-03-23 05:11 . 2007-03-21 23:53 80 --sh--r- c:\windows\system32\6B38E1B19A.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2006-04-07 135168]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

c:\documents and settings\Ann\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111 Configuration Utility\wlancfg4.exe [2006-8-23 1158144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=c:\windows\pss\TabUserW.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Game_Oasis.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Game_Oasis.lnk
backup=c:\windows\pss\Game_Oasis.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Neverwinter Nights Registration.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Neverwinter Nights Registration.lnk
backup=c:\windows\pss\Neverwinter Nights Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Stationery_Maker.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Stationery_Maker.lnk
backup=c:\windows\pss\Stationery_Maker.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Vacation_Countdown.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Vacation_Countdown.lnk
backup=c:\windows\pss\Vacation_Countdown.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Ann^Start Menu^Programs^Startup^Whats_New.lnk]
path=c:\documents and settings\Ann\Start Menu\Programs\Startup\Whats_New.lnk
backup=c:\windows\pss\Whats_New.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-01-08 14:36 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
2003-04-03 20:35 50176 ----a-w- c:\windows\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2007-04-09 17:44 504832 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-14 23:41 133104 ----atw- c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 05:34 49152 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-06-20 19:06 339968 ----a-w- c:\windows\system32\hphmon04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 12:47 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 22:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 18:31 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-03-10 21:00 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-29 04:29 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 17:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-22 06:49 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-14 06:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2006-07-21 17:43 407032 ----a-w- c:\progra~1\Yahoo!\YOP\yop.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\REACTOR.exe"=
"c:\\Program Files\\ijji\\ijji REACTOR\\OutBound_Pul.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\judicator03\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout\\falloutw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\Titan Quest.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"56980:TCP"= 56980:TCP:Pando Media Booster
"56980:UDP"= 56980:UDP:Pando Media Booster
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"2810:TCP"= 2810:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/14/2010 9:21 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/14/2008 3:19 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/14/2008 3:19 PM 243024]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/31/2007 11:40 PM 13696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/29/2002 5:00 AM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:58 AM 308136]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [4/5/2010 7:19 AM 444928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [6/17/2009 11:21 AM 845184]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/31/2010 10:58 PM 135664]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/1/2010 7:29 AM 430152]
S3 idrmkl;idrmkl;\??\c:\docume~1\Ann\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\Ann\LOCALS~1\Temp\idrmkl.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 10:28 AM 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 9:28 PM 15008]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [5/11/2010 12:20 PM 20096]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [7/13/2010 9:34 PM 40672]
S3 WlanUIB;NETGEAR 802.11b USB Driver;c:\windows\system32\drivers\MA111nd5.sys [8/23/2006 12:46 AM 666624]
S3 XDva296;XDva296;\??\c:\windows\system32\XDva296.sys --> c:\windows\system32\XDva296.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 04:27]

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 05:58]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 05:58]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} - hxxp://www.cdpass.com/cdkey/CDPass.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
FF - ProfilePath - c:\documents and settings\Ann\Application Data\Mozilla\Firefox\Profiles\cecf4vx0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Ann\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Ann\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\RobloxVersions\version-b5dc796702a14251\nproblox.dll
FF - plugin: c:\documents and settings\Ann\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 08:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2010-08-20 08:18:06
ComboFix-quarantined-files.txt 2010-08-20 15:18
ComboFix2.txt 2010-08-20 03:16

Pre-Run: 17,365,647,360 bytes free
Post-Run: 17,362,644,992 bytes free

- - End Of File - - D86409814E3814F95F0F19A093562589



Here is the MalwareBytes Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/20/2010 9:23:27 AM
mbam-log-2010-08-20 (09-23-27).txt

Scan type: Full scan (A:\|C:\|D:\|F:\|)
Objects scanned: 343091
Time elapsed: 1 hour(s), 0 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hi Redcat

I'd like you to check a file for Viruses.
c:\windows\system32\6B38E1B19A.dll
Click to expand...
  • Copy/Paste file into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Copy and Paste results in your next reply.

Thanks peku006
 
Hello Peku,

I tried to find the file and I can't find it. I used my search and I manually went through and when I get to c:\windows\system32 there is no file by the name 6B38E1B19A.dll

Thank you
 
Hi Redcat

Ok...

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
    The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
  2. Once the files have been downloaded, click on the SETTINGS...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE...button, if you made any changes.
  3. Now under the Scan section on the left:
    • Select My Computer
    The program will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.

Thanks peku006
 
Here is the report from the Kapersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 23, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, August 23, 2010 14:43:11
Records in database: 4138022
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
G:\

Scan statistics:
Objects scanned: 130967
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:42:43


File name / Threat / Threats count
C:\Documents and Settings\Ann\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-34248964.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\pciide.sys.vir Infected: Virus.Win32.TDSS.b 1

Selected area has been scanned.


Thank you for your continued help.
 
Hi Redcat

please delete this file.

C:\Documents and Settings\Ann\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0dc2-34248964.zip

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Thanks peku006
 
Here is the Security Check report:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java Web Start
Java(TM) 6 Update 21
Adobe Flash Player 10.0.32.18
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

:thanks:
 
Hi Redcat

Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update the Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the:Free McAfee® Security Scan Plus.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may recieve a prompt...
  2. If prompted to install "Adobe DLM" This software is not a requirement to obtain the latest Adobe Reader software...so the choice is yours.
    The Adobe (DLM) Download Manager... allows you to "pick up where you left off", if your download process is interrupted. A good idea if you are using dial-up.
    If you choose to install Adobe DLM, it will start the download automatically. Adobe DLM software removal instructions available here...if wanted.
  3. If not using Adobe DLM...click on the highlighted "click here to download" text, to begin the Reader download.
    Save the file to your desktop.
    • Uninstall OLD Adobe Reader
    • Please uninstall Adobe Reader before installing the latest version... Go to Start > Control Panel
    • Double click on Add/Remove Programs... Locate:
      Adobe Reader...version to remove
    • Click on Change/Remove to uninstall it. Once uninstalled... Close and exit Control Panel.
  4. Click on the Adobe Acrobat Reader (AdbeRdrxx_en_US.exe) icon, on your desktop... to install the new (free) version.
    The Adobe Reader download file name will be different, depending on the language or OS chosen. xx in the name = version numbers.
  5. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  6. When the installation is complete... Close and re-open your Internet browser.

How's the computer running now? Any problems?

Thanks peku006
 
Hello Peku,

I have updated my Acrobat Reader. I will be sure to update my programs on a regular basis.

Everything seems to be running fine. No random tabs anymore.

Thank you so much for your help. You have been a life saver!:thanks:
 
Hi Redcat

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete DDS and SecurityCheck from your desktop.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep ......Malwarebytes' Anti-Malware Scanning Guide.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

FireTrust SiteHound
You can find information and download it from here

MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy safe surfing! :bigthumb:

peku006
 
Hello Peku,

I have read your post and have followed your suggestions.

My computer is running great now, no problems.

Thank you again!

Redcat
 
You must log in or register to reply here.
Back
Top