Yesterday I got some kind of virus while browsing theRx.com a posrtsbetting website I frequent a lot without problems. Just browsing around like normal I got a pop up from AVG which never happens aboujt a virus. Since last night I haven't been able to get rid of it. So far I've tried CCcleaner, AVG, MalwareBytes, Spybot, Hijack this, and ComboFix and nothing worked . Which was discouraging as ComboFix has always worked in the past for any problem even when the others didn't work.

IOperating system is Windows XP

The symptoms:

-iexplorer.exe is always open in the the task manager under the username "system" and is usually active. This has to be the main problem. If I try to end the task it reappears in a few seconds. It's there even when IE isn't running. Normally when using IE it is under username "owner" which still happens when I actually open IE. But the one under system is still there all the time now even after restart.

-the volume on my computer is totally off. Doesn't matter what program there is no sound at all.

-keep getting the pop up box even when offline about "Internet explorer is not the default etc etc"

-when trying to run some programs last night, like Holdemmanager and Full Tilt last night I kept getting fake virus alerts which I ignored. Then shut everything down to be safe

Here are the DDS log files:
1)DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 18:02:36.25 on Thu 06/17/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1490 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\s wg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - hxxp://www.clickedyclick.com/Download_Helper/fsloader_v3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profile s\v6zdyfpf.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-3-6 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]
S2 gupdate1ca84136c016ede;Google Update Service (gupdate1ca84136c016ede);c:\program files\google\update\GoogleUpdate.exe [2009-12-23 133104]

=============== Created Last 30 ================

2010-06-17 16:59:46 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 16:59:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-17 16:42:56 0 d-----w- c:\program files\Trend Micro
2010-06-17 00:21:36 0 d-----w- c:\program files\Favorites
2010-06-16 23:39:25 98816 ----a-w- c:\windows\sed.exe
2010-06-16 23:39:25 77312 ----a-w- c:\windows\MBR.exe
2010-06-16 23:39:25 256512 ----a-w- c:\windows\PEV.exe
2010-06-16 23:39:25 161792 ----a-w- c:\windows\SWREG.exe
2010-06-10 23:57:31 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

==================== Find3M ====================

2010-06-02 12:54:48 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-02 05:56:34 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51:20 285696 ----a-w- c:\windows\system32\atmfd.dll

============= FINISH: 18:03:59.21 ===============





2nd page log file



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/14/2005 3:22:17 AM
System Uptime: 6/17/2010 5:58:42 PM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 72 GiB total, 4.508 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172 E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82865G Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172 E68DD&0&10
Service: ialm

==== System Restore Points ===================

RP1728: 3/19/2010 12:14:04 PM - System Checkpoint
RP1729: 3/20/2010 1:40:55 PM - System Checkpoint
RP1730: 3/21/2010 4:19:57 PM - System Checkpoint
RP1731: 3/21/2010 8:35:45 PM - Installed WinZip 14.0
RP1732: 3/23/2010 12:09:45 AM - System Checkpoint
RP1733: 3/24/2010 12:35:13 AM - System Checkpoint
RP1734: 3/25/2010 1:18:19 PM - System Checkpoint
RP1735: 3/26/2010 9:19:50 PM - System Checkpoint
RP1736: 3/28/2010 9:32:32 AM - System Checkpoint
RP1737: 3/29/2010 2:51:23 PM - System Checkpoint
RP1738: 3/30/2010 6:47:59 PM - System Checkpoint
RP1739: 3/31/2010 10:44:21 PM - System Checkpoint
RP1740: 4/1/2010 12:50:36 AM - Software Distribution Service 3.0
RP1741: 4/1/2010 3:00:21 AM - Software Distribution Service 3.0
RP1742: 4/2/2010 8:14:22 AM - Avg Update
RP1743: 4/2/2010 8:15:34 AM - Avg Update
RP1744: 4/3/2010 8:18:31 AM - System Checkpoint
RP1745: 4/4/2010 9:57:42 AM - System Checkpoint
RP1746: 4/5/2010 12:22:12 PM - System Checkpoint
RP1747: 4/7/2010 1:05:46 AM - System Checkpoint
RP1748: 4/8/2010 7:54:09 AM - System Checkpoint
RP1749: 4/8/2010 8:37:52 AM - Avg Update
RP1750: 4/9/2010 2:03:31 PM - System Checkpoint
RP1751: 4/10/2010 6:50:39 PM - System Checkpoint
RP1752: 4/12/2010 1:18:27 AM - System Checkpoint
RP1753: 4/13/2010 12:05:13 PM - System Checkpoint
RP1754: 4/14/2010 12:06:50 PM - System Checkpoint
RP1755: 4/15/2010 3:00:21 AM - Software Distribution Service 3.0
RP1756: 4/16/2010 10:53:42 AM - System Checkpoint
RP1757: 4/17/2010 5:47:43 PM - System Checkpoint
RP1758: 4/18/2010 6:40:40 PM - System Checkpoint
RP1759: 4/20/2010 1:11:57 AM - System Checkpoint
RP1760: 4/21/2010 10:26:23 AM - System Checkpoint
RP1761: 4/22/2010 8:13:40 AM - Avg Update
RP1762: 4/22/2010 8:14:57 AM - Avg Update
RP1763: 4/23/2010 2:18:20 PM - System Checkpoint
RP1764: 4/24/2010 8:19:09 PM - System Checkpoint
RP1765: 4/26/2010 2:11:20 AM - System Checkpoint
RP1766: 4/27/2010 12:18:49 PM - System Checkpoint
RP1767: 4/28/2010 9:39:46 PM - System Checkpoint
RP1768: 4/29/2010 11:44:01 PM - System Checkpoint
RP1769: 4/30/2010 11:48:28 PM - System Checkpoint
RP1770: 5/2/2010 1:45:16 PM - System Checkpoint
RP1771: 5/3/2010 5:44:28 PM - System Checkpoint
RP1772: 5/5/2010 12:40:22 AM - System Checkpoint
RP1773: 5/5/2010 9:15:55 AM - Avg Update
RP1774: 5/6/2010 10:44:39 AM - System Checkpoint
RP1775: 5/7/2010 12:52:39 PM - System Checkpoint
RP1776: 5/8/2010 10:16:08 PM - System Checkpoint
RP1777: 5/10/2010 1:39:25 AM - System Checkpoint
RP1778: 5/11/2010 7:45:59 AM - System Checkpoint
RP1779: 5/12/2010 12:11:48 PM - Software Distribution Service 3.0
RP1780: 5/13/2010 2:42:38 PM - System Checkpoint
RP1781: 5/15/2010 1:54:44 AM - System Checkpoint
RP1782: 5/16/2010 10:54:59 AM - System Checkpoint
RP1783: 5/17/2010 12:49:14 AM - Removed TableNinjaFT
RP1784: 5/18/2010 12:46:15 PM - System Checkpoint
RP1785: 5/19/2010 4:50:06 PM - System Checkpoint
RP1786: 5/20/2010 8:37:00 PM - System Checkpoint
RP1787: 5/28/2010 8:16:54 AM - System Checkpoint
RP1788: 5/29/2010 3:00:24 AM - Software Distribution Service 3.0
RP1789: 5/30/2010 10:20:19 AM - System Checkpoint
RP1790: 5/31/2010 12:27:37 PM - System Checkpoint
RP1791: 6/1/2010 4:57:00 PM - System Checkpoint
RP1792: 6/2/2010 8:55:03 AM - Avg Update
RP1793: 6/3/2010 2:16:19 PM - System Checkpoint
RP1794: 6/4/2010 5:04:17 PM - System Checkpoint
RP1795: 6/5/2010 12:32:02 PM - Removed QuickTime
RP1796: 6/6/2010 6:34:40 PM - Software Distribution Service 3.0
RP1797: 6/7/2010 7:39:50 PM - System Checkpoint
RP1798: 6/8/2010 7:47:07 PM - System Checkpoint
RP1799: 6/9/2010 9:25:21 PM - System Checkpoint
RP1800: 6/11/2010 1:28:34 AM - Software Distribution Service 3.0
RP1801: 6/12/2010 12:22:14 PM - System Checkpoint
RP1802: 6/13/2010 4:39:23 PM - System Checkpoint
RP1803: 6/14/2010 9:42:11 PM - System Checkpoint
RP1804: 6/16/2010 1:41:42 AM - System Checkpoint
RP1805: 6/17/2010 10:36:30 AM - System Checkpoint
RP1806: 6/17/2010 12:42:55 PM - Installed HiJackThis

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.1.0
Adobe® Photoshop® Album Starter Edition 3.0
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
AVG Free 9.0
Bonjour
Cake Poker
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Canon PhotoRecord
Canon PIXMA iP1500
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell ResourceCD
Desktop Doctor
Easy-WebPrint
FinePixViewer Ver.3.2
Full Tilt Poker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD for FinePix
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 14
LimeWire 5.1.4
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliType Pro 2.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MicroStaff WINASPI
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Essentials
PC Pitstop Optimize2 2.0
PokerStars
PokerStove version 1.21
PostgreSQL 8.3
ScanSoft OmniPage SE 4.0
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sony Picture Utility
Sony USB Driver
SoundMAX
Spybot - Search & Destroy
TimeLeft
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip 14.0
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

6/17/2010 2:57:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
6/17/2010 2:57:27 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/17/2010 2:57:27 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/14/2010 9:17:17 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

==== End Of File ===========================

Here is the Hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:38 PM, on 6/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\System Volume Information\Microsoft\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\System Volume Information\Microsoft\smss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca84136c016ede) (gupdate1ca84136c016ede) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 7107 bytes


I should also note that I put the Hijack log thru this site http://www.hijackthis.de/
These two things popped up that i took note of in the log file.

C:\System Volume Information\Microsoft\services.exe

C:\System Volume Information\Microsoft\smss.exe

with the synopsis of :
This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required. This process is not running from the System32 folder as it is supposed to be.

This would make some sense to me since my volume isn't working. I just have no idea how to access of fix that problm, any advice?

Malwarebytes log file on the way. Running it again now to get updated log

Here is the current log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4207

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

6/17/2010 6:27:35 PM
mbam-log-2010-06-17 (18-27-35).txt

Scan type: Quick scan
Objects scanned: 148121
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Here is the log from when I ran it last night and it showed infections which I fixed as Malwarebytes suggested.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4207

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

6/17/2010 2:54:09 AM
mbam-log-2010-06-17 (02-54-09).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Objects scanned: 271639
Time elapsed: 1 hour(s), 55 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInter net\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Local Settings\Application Data\av.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\B4.tmp (Trojan.Alureon) -> Delete on reboot.

That is everything. Any help would be great.

this looks ugly infection
we try and remove
be prepared for all and make backups of important files

first run hijackthis
click do system scan only

then tick the boxes of these lines:
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} (FSLoaderCtrl Class) - http://www.clickedyclick.com/Downloa...sloader_v3.cab

click fix

uninstall this:
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 14
Viewpoint Manager (Remove Only)
Viewpoint Media Player

now we use combofix
http://www.bleepingcomputer.com/comb...o-use-combofix
read manual and download combofix to desktop
not run yet

create notepad file
save as CFScript.txt on desktop
drag file on combofix



post log

i am not online in weekend
if we not kill today someone else helps or we kill next week

nibnedal, thanks for the response. I'm gonna be a little bit busy today with my kids. I definitely want to back up a bunch of stuff. I've got to learn the proper way to backup all the Holdem Manager info and database stuff I have first. That might take a little time. If I don't get a chance today, I'll proceed with your steps tommorrow.

Computer is actually working pretty good now. Can function pretty normally. There is still no volume at all and that iexplore.exe is still always running under username "system".

So running all those programs seemed to get rid of some of the problems but not everything. I'm gonna proceed cautiously and get everything backed up to my portable hard drive later today hopefully.

Looking foward to using your suggestion.

nibnedal,

I did everything in the order you suggested. Everything went fine except the same problems remain. Here is the log file from combo fix.


ComboFix 10-06-17.03 - Owner 06/18/2010 20:14:12.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1549 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\system volume information\Microsoft\services.exe"
"c:\system volume information\Microsoft\smss.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\Microsoft\services.exe . . . . failed to delete
c:\system volume information\Microsoft\smss.exe . . . . failed to delete
.
---- Previous Run -------
.
c:\system volume information\Microsoft\services.exe
c:\system volume information\Microsoft\smss.exe
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-17 16:59 . 2010-06-17 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-17 16:59 . 2010-06-17 17:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 16:42 . 2010-06-17 16:42 -------- d-----w- c:\program files\Trend Micro
2010-06-17 03:18 . 2010-06-17 03:18 19392 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 00:21 . 2010-06-17 00:21 -------- d-----w- c:\program files\Favorites
2010-06-16 22:33 . 2010-06-16 22:33 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\AdobeUM
2010-06-16 22:31 . 2010-06-16 22:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-06-16 22:12 . 2010-06-16 22:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-06-16 22:11 . 2010-06-16 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-16 22:11 . 2010-06-16 22:11 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-06-11 13:44 . 2010-06-11 13:44 -------- d-sh--w- c:\documents and settings\owner_2\IETldCache
2010-06-10 23:57 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 09:07 . 2010-05-28 09:07 -------- d-----w- c:\documents and settings\postgres\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-18 23:53 . 2009-11-27 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-18 23:47 . 2005-03-31 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-18 22:47 . 2008-03-03 06:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-17 16:42 . 2010-06-17 16:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-17 04:18 . 2010-01-28 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 22:46 . 2005-03-15 06:28 -------- d-----w- c:\program files\Trillian
2010-06-05 16:32 . 2010-02-17 18:27 -------- d-----w- c:\program files\QuickTime
2010-06-02 12:55 . 2010-06-02 12:55 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 12:55 . 2010-06-02 12:55 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 12:54 . 2009-07-19 06:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 12:54 . 2007-03-07 01:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 17:27 . 2005-03-14 17:07 -------- d-----w- c:\program files\PokerStars
2010-05-31 23:45 . 2007-10-24 05:23 -------- d-----w- c:\program files\Cake Poker
2010-05-17 04:49 . 2010-02-01 02:08 -------- d-----w- c:\program files\TableNinjaFT
2010-05-17 04:46 . 2005-03-20 03:12 -------- d-----w- c:\program files\Lavasoft
2010-05-17 04:46 . 2009-07-24 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-04 17:20 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-01-27 10:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-12 14:09 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-28 06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-28 06:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-12 13:55 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-26 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-26 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 12:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TimeLeft.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TimeLeft.lnk
backup=c:\windows\pss\TimeLeft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-08-10 15:37 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-02 12:54 2065248 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-22 14:52 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
2002-03-22 04:41 94208 ----a-w- c:\program files\Microsoft Hardware\Keyboard\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
2008-01-31 18:54 145648 ----a-w- c:\program files\PCPitstop\Optimize2\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 20:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 04:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-26 23:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-12-08 18:55 3096576 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1863:TCP"= 1863:TCP:bearshare1
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3649:TCP"= 3649:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services
"8132:TCP"= 8132:TCP:Services

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/19/2009 2:33 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/19/2009 2:33 AM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:47 AM 308064]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S2 gupdate1ca84136c016ede;Google Update Service (gupdate1ca84136c016ede);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 5:03 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 21:03]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-18 20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,76,85 ,4a,3a,91,ec,44,9c,ae,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,76,85 ,4a,3a,91,ec,44,9c,ae,a9,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography \RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\system volume information\Microsoft\services.exe
c:\system volume information\Microsoft\smss.exe
.
************************************************** ************************
.
Completion time: 2010-06-18 20:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-19 00:31
ComboFix2.txt 2010-06-17 16:03
ComboFix3.txt 2010-06-17 02:31
ComboFix4.txt 2010-06-17 00:01
ComboFix5.txt 2010-06-18 23:49

Pre-Run: 4,922,589,184 bytes free
Post-Run: 4,912,926,720 bytes free

- - End Of File - - C58B0CD88F8D837BEB1A6B9E58DF7F64

download The Avenger and save it to your desktop.
http://swandog46.geekstogo.com/avenger2/avenger2.html

right click the compressed folder and select "extract all". Click next twice and avenger.exe should be extracted to your desktop. Double click to run the avenger and make sure both "scan for rootkits" and "automatically disable rootkits" are unchecked. Copy and paste this script exactly as it is into the avenger and click execute.


After clicking execute it will run the script and either restart or prompt you to restart your computer. It may need to restart twice. Upon restart it will produce a log. Copy and post that log and then follow these steps.



Download install and update SUPERAntiSpyware

www.superantispyware.com


Don't scan yet.

Also download and install CCleaner.

www.ccleaner.com

Install without the yahoo toolbar.

(copy and paste these instructions into notepad and save as a .txt file to your desktop so you can access the instructions while in safe mode)

Now boot into safe mode by tapping F8 until you get a menu. Select safe mode and hit enter. Once in safe mode, perform this cleaning with CCleaner on each user account, including the safe mode admin account. (if you don't see the CCleaner icon on your desktop when logged into the admin account, or any other account, browse to
C:\Program Files\CCleaner\
and double click CCleaner.exe to run the program.)


CCleaner>Windows tab>Make sure all of these are checked, uncheck the other boxes.
It's important to avoid checking the "old prefetch data" box. Also avoid the registry cleaner, it's not a good idea to casually remove registry keys.
Only check the following boxes


All of the Internet Explorer boxes

Windows Explorer
recent documents


System
Empty Recyle bin
Temp files
Clipboard


Analyze>Run cleaner. Do this once more to make sure it deletes everything.
Analyze>Run cleaner.


Now The Applications tab.

Check every box if it lists Firefox or Opera

Every box in the Applications category

Every box in the Internet Category

Analyze>Run cleaner
Analyze>Run cleaner



Do this on every user account, and the safe mode admin account.


After doing this on each user account in safe mode, run a full scan with SUPERAntiSpyware while still in safe mode.
(if you play on any iPoker sites and SUPERAntiSpyware detects any of their files as adware, you can safely ignore them. They are false positives)

Remove anything it detects, and restart your computer into normal boot mode and post the SAS log

SAS>preferences>logs/statistics


And a new HJT log.

also go ahead and update MBAM and run a full scan.

Lirva

I followed your steps and it still doesn't appear to be fixed. Here are the logs.

Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "c:\system volume information\Microsoft\services.exe" deleted successfully.
File "c:\system volume information\Microsoft\smss.exe" deleted successfully.

Error: file "c:\windows\system32\win.com" not found!
Deletion of file "c:\windows\system32\win.com" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



SAS

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2010 at 11:17 PM

Application Version : 4.39.1002

Core Rules Database Version : 5093
Trace Rules Database Version: 2905

Scan type : Complete Scan
Total Scan Time : 01:29:25

Memory items scanned : 228
Memory threats detected : 0
Registry items scanned : 6520
Registry threats detected : 0
File items scanned : 27859
File threats detected : 154

Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NNNEDZBM\SECURE-US.IMRWORLDWIDE.COM

Adware.Tracking Cookie
cdn4.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\Macromedia\Flash Player\#SharedObjects\H4WF922A ]
.specificmedia.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.adultadworld.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.collective-media.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.collective-media.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.collective-media.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.cuteteenvideo.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.eas.apm.emediate.eu [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.eonsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.****zilla.org [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.onetwoporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.onlybestsex.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.pornvideoview.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner100.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner100.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner234.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner234.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner468.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner468.utro.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.stats.paypal.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tizer.mediarotator.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tizer.mediarotator.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tizer.mediarotator.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tns-counter.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.v7.stats.load.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.v7.stats.load.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.100.rbcmedia.ru [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.accountonline.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.accountonline.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.adult-clips.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.bisonporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.onetwoporn.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.pornessentials.biz [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.porneta.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.pornvideoview.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.sexyamateurshots.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.teen-home-movies.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.xiti.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\HelpAssistant\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
C:\Documents and Settings\HelpAssistant\Cookies\owner@ads.cnn[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@dmtracker[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@e1.cdn.qnsr[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@ads.cnn[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@www.qsstats[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@www.qsstats[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@ru4[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@stats.paypal[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@www.burstbeac on[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@caloriecount. about[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@a1.interclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@elitefitness[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@interclick[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@imrworldwide[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@ad.wsod[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@revsci[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@chitika[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@ad.wsod[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@www.burstnet[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@at.atwola[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@invitemedia[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@invitemedia[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@revsci[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@ads.charlesto nbay[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@burstbeacon[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@sales.liveper son[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@sales.liveper son[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@content.yield manager[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\owner@content.yield manager[1].txt
.divx.112.2o7.net [ C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\CW3K22FY ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\NNNEDZBM ]
.specificmedia.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.cuteteenvideo.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.eas.apm.emediate.eu [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.eonsex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.****zilla.org [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.onetwoporn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.onlybestsex.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.pornvideoview.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner100.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner100.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner234.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner234.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner468.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.rotabanner468.utro.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.stats.paypal.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tizer.mediarotator.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tizer.mediarotator.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tizer.mediarotator.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.tns-counter.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.v7.stats.load.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.v7.stats.load.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.100.rbcmedia.ru [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.accountonline.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.accountonline.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.adult-clips.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.bisonporn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.freeporntubes.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.onetwoporn.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.pornessentials.biz [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.porneta.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.pornvideoview.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.sexyamateurshots.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.www.teen-home-movies.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.xiti.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.revsci.net [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\coo kies.sqlite ]
.divx.112.2o7.net [ C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
convoad.technoratimedia.com [ C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Macromedia\Flash Player\#SharedObjects\J7LY4LUS ]
media1.break.com [ C:\WINDOWS\system32\config\systemprofile\Applicati on Data\Macromedia\Flash Player\#SharedObjects\J7LY4LUS ]

Adware.CouponBar
C:\WINDOWS\CPNPRT2.CID
C:\WINDOWS\SYSTEM32\CPNPRT2.CID

HijackTHis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:00 PM, on 6/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\System Volume Information\Microsoft\services.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\System Volume Information\Microsoft\smss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca84136c016ede) (gupdate1ca84136c016ede) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 6537 bytes

ok i have bad news
you have mebroot helpassistant infection
very very serious
credit card and bank data stealer
infection is in mbr
need to cancel all credit cards used on computer

download this:
http://noahdfear.net/downloads/HelpA...ebroot_fix.exe

run and if find infection it will run mbr -f command
restart computer and wait 5 minutes
then go start --run and type or copy/paste:
helpasst -mbrt

post log


we use combofix
http://www.bleepingcomputer.com/comb...o-use-combofix
read manual, download, not run yet
create notepad file
save as CFScript.txt on desktop
drag file on combofix



post log

nubnedal, I ran both here are the logs. No changes to report in problem.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U2V2LGKU\HelpAsst_mebroot_fix[1].exe
Mon 06/21/2010 at 10:25:43.34

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
termsrv32.dll successfully removed

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpo licy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3649:TCP"=-
"3389:TCP"=-
"3246:TCP"=-
"8132:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3649:TCP"=-
"3389:TCP"=-
"3246:TCP"=-
"8132:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-343818398-1425521274-682003330-1000
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

user & kernel MBR OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Mon 06/21/2010 at 10:43:23.25

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


Combo Fix log

ComboFix 10-06-20.06 - Owner 06/21/2010 10:49:26.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1560 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 14:25 . 2010-06-21 14:25 -------- d-----w- C:\HelpAsst_backup
2010-06-21 01:32 . 2010-06-21 01:32 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-21 01:32 . 2010-06-21 01:32 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-06-21 01:32 . 2010-06-21 01:32 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-21 01:32 . 2010-06-21 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-21 01:32 . 2010-06-21 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-21 01:32 . 2010-06-21 01:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-17 16:59 . 2010-06-17 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-17 16:59 . 2010-06-17 17:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 16:42 . 2010-06-17 16:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-17 16:42 . 2010-06-17 16:42 -------- d-----w- c:\program files\Trend Micro
2010-06-17 03:18 . 2010-06-17 03:18 19392 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 00:21 . 2010-06-17 00:21 -------- d-----w- c:\program files\Favorites
2010-06-16 22:33 . 2010-06-16 22:33 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\AdobeUM
2010-06-16 22:31 . 2010-06-16 22:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-06-16 22:12 . 2010-06-16 22:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-06-16 22:11 . 2010-06-16 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-16 22:11 . 2010-06-16 22:11 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-06-11 13:44 . 2010-06-11 13:44 -------- d-sh--w- c:\documents and settings\owner_2\IETldCache
2010-06-10 23:57 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 12:55 . 2010-06-02 12:55 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 12:55 . 2010-06-02 12:55 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-28 09:07 . 2010-05-28 09:07 -------- d-----w- c:\documents and settings\postgres\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-21 14:39 . 2009-11-27 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-21 05:23 . 2008-03-03 06:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-21 01:24 . 2010-03-22 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-18 23:47 . 2005-03-31 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-17 04:18 . 2010-01-28 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 22:46 . 2005-03-15 06:28 -------- d-----w- c:\program files\Trillian
2010-06-05 16:32 . 2010-02-17 18:27 -------- d-----w- c:\program files\QuickTime
2010-06-02 12:54 . 2009-07-19 06:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 12:54 . 2007-03-07 01:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 17:27 . 2005-03-14 17:07 -------- d-----w- c:\program files\PokerStars
2010-05-31 23:45 . 2007-10-24 05:23 -------- d-----w- c:\program files\Cake Poker
2010-05-17 04:49 . 2010-02-01 02:08 -------- d-----w- c:\program files\TableNinjaFT
2010-05-17 04:46 . 2005-03-20 03:12 -------- d-----w- c:\program files\Lavasoft
2010-05-17 04:46 . 2009-07-24 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-04 17:20 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-01-27 10:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-12 14:09 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-28 06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-28 06:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-12 13:55 285696 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.
---- Directory of c:\windows\temp ----

2010-06-21 14:21 . 2010-06-21 14:21 90 ----a-w- c:\windows\temp\GoogleToolbarInstaller1.log
2010-06-21 03:27 . 2010-06-21 14:49 8 ----a-w- c:\windows\temp\100.dat
2010-06-21 03:27 . 2010-06-21 14:39 409 ----a-w- c:\windows\temp\WGANotify.settings
2010-06-21 03:25 . 2010-06-21 14:38 255 ----a-w- c:\windows\temp\WGAErrLog.txt


((((((((((((((((((((((((((((( SnapShot_2010-06-17_16.01.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-12 14:03 . 2010-05-04 17:20 44544 c:\windows\system32\pngfilt.dll
- 2004-08-12 14:03 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
+ 2007-08-13 22:54 . 2010-05-04 17:20 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 22:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-12 13:58 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 27648 c:\windows\system32\jsproxy.dll
- 2004-08-12 13:58 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 44544 c:\windows\system32\iernonce.dll
- 2004-08-12 13:57 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-12 13:57 . 2010-05-04 12:39 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 22:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 22:36 . 2010-05-04 17:20 63488 c:\windows\system32\icardie.dll
- 2004-08-12 14:03 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-12 14:03 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-03-09 23:17 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-09 23:17 . 2010-05-04 17:20 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-12 13:58 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-09 23:17 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-03-09 23:17 . 2010-05-04 12:39 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-12 13:58 . 2010-05-04 17:20 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-12 13:58 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2010-01-27 10:41 . 2010-05-04 17:20 78336 c:\windows\system32\dllcache\ieencode.dll
- 2010-01-27 10:41 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-12 13:57 . 2010-05-04 12:39 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-12 13:57 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-09 23:17 . 2010-05-04 17:20 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-03-09 23:17 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
- 2004-08-12 13:56 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-12 13:56 . 2010-05-04 17:20 17408 c:\windows\system32\dllcache\corpol.dll
+ 2010-06-19 00:20 . 2010-06-21 14:50 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 16:00 . 2010-06-21 14:50 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-03 16:00 . 2010-06-17 16:01 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-06-16 22:12 . 2010-06-17 16:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2010-06-16 22:12 . 2010-06-21 14:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
- 2010-06-16 22:10 . 2010-06-17 16:01 49152 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2010-06-16 22:10 . 2010-06-21 14:50 49152 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2010-06-18 07:01 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB982381-IE7\pngfilt.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 52224 c:\windows\ie7updates\KB982381-IE7\msfeedsbs.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 27648 c:\windows\ie7updates\KB982381-IE7\jsproxy.dll
+ 2010-06-18 07:01 . 2009-12-31 15:33 13824 c:\windows\ie7updates\KB982381-IE7\ieudinit.exe
+ 2010-06-18 07:01 . 2010-01-05 10:00 44544 c:\windows\ie7updates\KB982381-IE7\iernonce.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 78336 c:\windows\ie7updates\KB982381-IE7\ieencode.dll
+ 2010-06-18 07:01 . 2009-12-31 15:33 70656 c:\windows\ie7updates\KB982381-IE7\ie4uinit.exe
+ 2010-06-18 07:01 . 2010-01-05 10:00 63488 c:\windows\ie7updates\KB982381-IE7\icardie.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 17408 c:\windows\ie7updates\KB982381-IE7\corpol.dll
- 2004-08-12 14:09 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
+ 2004-08-12 14:09 . 2010-05-04 17:20 233472 c:\windows\system32\webcheck.dll
+ 2004-08-12 14:08 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll
+ 2004-08-12 14:08 . 2010-05-04 17:20 105984 c:\windows\system32\url.dll
- 2004-08-12 14:08 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
+ 2004-08-12 14:02 . 2010-05-04 17:20 102912 c:\windows\system32\occache.dll
- 2004-08-12 14:02 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
+ 2004-08-12 14:01 . 2010-05-04 17:20 671232 c:\windows\system32\mstime.dll
- 2004-08-12 14:01 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
+ 2004-08-12 14:01 . 2010-05-04 17:20 193024 c:\windows\system32\msrating.dll
- 2004-08-12 14:01 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
- 2004-08-12 14:00 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-12 14:00 . 2010-05-04 17:20 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 22:54 . 2010-05-04 17:20 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:54 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 22:34 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2010-05-04 17:20 268288 c:\windows\system32\iertutil.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 192512 c:\windows\system32\iepeers.dll
- 2004-08-12 13:58 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 16:27 . 2010-05-04 17:20 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 16:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
+ 2004-08-12 13:57 . 2010-04-16 11:43 161792 c:\windows\system32\ieakui.dll
- 2004-08-12 13:57 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 230400 c:\windows\system32\ieaksie.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 153088 c:\windows\system32\ieakeng.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 133120 c:\windows\system32\extmgr.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-12 14:09 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-12 14:09 . 2010-05-04 17:20 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-12 14:09 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-12 14:09 . 2010-05-04 17:20 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-12 14:08 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll
- 2004-08-12 14:08 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-12 14:08 . 2010-05-04 17:20 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-12 14:02 . 2010-05-04 17:20 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-12 14:02 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-12 14:01 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-12 14:01 . 2010-05-04 17:20 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-12 14:01 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-12 14:01 . 2010-05-04 17:20 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-12 14:00 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-12 14:00 . 2010-05-04 17:20 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-09 23:17 . 2010-05-04 17:20 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-03-09 23:17 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2005-03-14 07:17 . 2010-04-16 11:43 634656 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-09 23:17 . 2010-05-04 17:20 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-03-09 23:17 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-12 13:58 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-12 13:58 . 2010-05-04 17:20 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-03-09 23:17 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-09 23:17 . 2010-05-04 17:20 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-12 13:57 . 2010-04-16 11:43 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-12 13:57 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-12 13:57 . 2010-05-04 17:20 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-12 13:57 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-12 13:55 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-12 13:55 . 2010-05-04 17:20 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-12 13:55 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
+ 2004-08-12 13:55 . 2010-05-04 17:20 124928 c:\windows\system32\advpack.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 832512 c:\windows\ie7updates\KB982381-IE7\wininet.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 233472 c:\windows\ie7updates\KB982381-IE7\webcheck.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 105984 c:\windows\ie7updates\KB982381-IE7\url.dll
+ 2010-06-18 07:02 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB982381-IE7\spuninst\updspapi.dll
+ 2010-06-18 07:02 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB982381-IE7\spuninst\spuninst.exe
+ 2010-06-18 07:01 . 2010-01-05 10:00 102912 c:\windows\ie7updates\KB982381-IE7\occache.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 671232 c:\windows\ie7updates\KB982381-IE7\mstime.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 193024 c:\windows\ie7updates\KB982381-IE7\msrating.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 477696 c:\windows\ie7updates\KB982381-IE7\mshtmled.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 459264 c:\windows\ie7updates\KB982381-IE7\msfeeds.dll
+ 2010-06-18 07:01 . 2009-12-18 13:05 634648 c:\windows\ie7updates\KB982381-IE7\iexplore.exe
+ 2010-06-18 07:01 . 2010-01-05 10:00 268288 c:\windows\ie7updates\KB982381-IE7\iertutil.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 192512 c:\windows\ie7updates\KB982381-IE7\iepeers.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 385024 c:\windows\ie7updates\KB982381-IE7\iedkcs32.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 380928 c:\windows\ie7updates\KB982381-IE7\ieapfltr.dll
+ 2010-06-18 07:01 . 2009-12-18 13:04 161792 c:\windows\ie7updates\KB982381-IE7\ieakui.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 230400 c:\windows\ie7updates\KB982381-IE7\ieaksie.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 153088 c:\windows\ie7updates\KB982381-IE7\ieakeng.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 133120 c:\windows\ie7updates\KB982381-IE7\extmgr.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 214528 c:\windows\ie7updates\KB982381-IE7\dxtrans.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 347136 c:\windows\ie7updates\KB982381-IE7\dxtmsft.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 124928 c:\windows\ie7updates\KB982381-IE7\advpack.dll
+ 2004-08-12 14:08 . 2010-05-04 17:20 1168384 c:\windows\system32\urlmon.dll
- 2004-08-12 14:08 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-12 14:00 . 2010-05-04 17:20 3600384 c:\windows\system32\mshtml.dll
+ 2007-08-13 22:54 . 2010-05-04 17:20 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 22:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-12 14:08 . 2010-05-04 17:20 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-12 14:08 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-12 14:00 . 2010-05-04 17:20 3600384 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-09 23:17 . 2010-05-04 17:20 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-03-09 23:17 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-06-17 16:42 . 2010-06-17 16:42 1094656 c:\windows\Installer\319242.msi
+ 2010-06-18 07:01 . 2010-01-05 10:00 1168384 c:\windows\ie7updates\KB982381-IE7\urlmon.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 3599360 c:\windows\ie7updates\KB982381-IE7\mshtml.dll
+ 2010-06-18 07:01 . 2010-01-05 10:00 6067200 c:\windows\ie7updates\KB982381-IE7\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-26 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-26 68856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 12:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TimeLeft.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TimeLeft.lnk
backup=c:\windows\pss\TimeLeft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-08-10 15:37 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-02 12:54 2065248 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-22 14:52 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
2002-03-22 04:41 94208 ----a-w- c:\program files\Microsoft Hardware\Keyboard\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
2008-01-31 18:54 145648 ----a-w- c:\program files\PCPitstop\Optimize2\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 20:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 04:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-26 23:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-12-08 18:55 3096576 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1863:TCP"= 1863:TCP:bearshare1

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/19/2009 2:33 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/19/2009 2:33 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:47 AM 308064]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S2 gupdate1ca84136c016ede;Google Update Service (gupdate1ca84136c016ede);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 5:03 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 21:03]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-21 10:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,76,85 ,4a,3a,91,ec,44,9c,ae,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,76,85 ,4a,3a,91,ec,44,9c,ae,a9,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography \RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-21 10:58:51
ComboFix-quarantined-files.txt 2010-06-21 14:58
ComboFix2.txt 2010-06-19 00:31
ComboFix3.txt 2010-06-17 16:03
ComboFix4.txt 2010-06-17 02:31
ComboFix5.txt 2010-06-21 14:46

Pre-Run: 4,923,424,768 bytes free
Post-Run: 4,931,035,136 bytes free

- - End Of File - - C58DB6E90D581FDFD9336CFCA3A67444

ok need to look at log - tomorrow

run this:
http://noahdfear.net/downloads/HAMeb_check.exe
and post log

also run otl and post logs
http://oldtimer.geekstogo.com/OTL.exe

Ran those last two you suggested. Logs are below. Regarding the financial grabbing aspect of this. I haven't visited my online banking or credit card sites since the infection. I've been pretty careful about that. I have visited them in the recent past before the infection though.

Just curious how the lack of volume attack correlates the the info grabbing. It would seem if the goal was to steal info they would want the infection to be stealthy and not draw attention. These other symptoms call attention to the virus which would seem to diminish the chances or stealing info.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EZXTVBQJ\HAMeb_check[1].exe
Mon 06/21/2010 at 12:33:23.93

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

OTL log

OTL logfile created on: 6/21/2010 12:34:02 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.53 Gb Total Space | 4.60 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.01 Gb Total Space | 45.11 Gb Free Space | 30.27% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADP-A3434BE1184
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 12:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/21 10:38:33 | 000,032,075 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\smss.exe
PRC - [2010/06/21 10:38:31 | 000,025,814 | ---- | M] (Black Internet) -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010/06/02 08:54:48 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 08:54:47 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 08:54:05 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 08:54:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/14 08:47:36 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/07/26 19:27:04 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/21 12:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/12 10:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/14 08:47:36 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/02 08:54:48 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 08:54:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/14 08:46:57 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/03/24 11:12:44 | 000,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003/11/20 18:14:28 | 000,646,825 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2003/11/20 18:13:40 | 001,232,741 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2003/11/20 18:12:56 | 000,059,717 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2003/11/20 18:12:42 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5 b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/06 18:46:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 12:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/05 12:32:09 | 000,000,000 | ---D | M]

[2009/07/19 03:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/19 03:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/27 06:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\ext ensions
[2010/01/18 12:09:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/18 19:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/18 20:22:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/14 03:20:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/25 05:06:14 | 000,000,000 | R--D | M] - E:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 12:33:53 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/21 10:58:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/21 10:25:45 | 000,000,000 | ---D | C] -- C:\HelpAsst_backup
[2010/06/20 21:46:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/06/20 21:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/06/20 21:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/20 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/20 21:28:18 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/06/20 21:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\avenger
[2010/06/17 12:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/17 12:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/17 12:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/16 23:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/16 23:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/16 20:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Favorites
[2010/06/16 19:39:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 19:39:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 19:39:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 19:39:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/10 19:57:31 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/21 12:33:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/06/21 12:31:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 10:58:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/21 10:56:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/21 10:45:33 | 003,717,597 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/06/21 10:39:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/21 10:38:46 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 10:38:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/21 10:37:10 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/06/21 10:37:10 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/06/21 08:10:08 | 061,273,118 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/20 23:42:35 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Holdem Manager.lnk
[2010/06/20 23:33:27 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/06/20 23:25:10 | 004,240,744 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/06/20 21:32:08 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/20 21:25:30 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2010/06/18 20:22:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/18 17:16:36 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 17:16:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/18 03:02:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/17 12:59:53 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/06/16 22:39:29 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/11 10:07:48 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Daily Venting Blog.doc
[2010/06/11 03:16:48 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 01:39:41 | 000,500,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 01:39:41 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 01:39:41 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 20:59:13 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Trillian.lnk
[2010/06/06 18:46:07 | 000,000,692 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 18:46:07 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/02 08:54:48 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 08:54:47 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/20 21:32:08 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/20 21:25:30 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avenger.zip
[2010/06/18 03:02:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/17 12:59:53 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/06/17 12:42:56 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2010/06/16 19:39:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 19:39:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 19:39:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 19:39:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 19:39:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/16 19:34:27 | 003,717,597 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/08/03 12:06:15 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/04/21 14:29:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2008/01/02 06:55:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/06 11:59:05 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/09/06 21:46:10 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005/07/10 01:48:22 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2005/07/10 01:48:22 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2005/04/25 14:10:15 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2005/04/04 02:23:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure20.INI
[2005/03/15 02:29:11 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/15 00:36:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/03/15 00:35:04 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2005/03/14 21:05:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/14 03:35:33 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
< End of report >

logs are clean but not sure if mbr is good
use recovery console now

http://support.microsoft.com/kb/314058

combofix install recovery console so use option 1
when you in recovery console type fixmbr
if go ok type exit to restart computer

back in windows create notepad file
save as CFScript.txt on desktop
drag file on combofix



post log

after run HAMeb_check.exe again and post log

nib,

I followed your instructions. ComboFix took a long time, I guess it was backing things up. Had trouble with the last instruction. Does this mean Start>RUN>type HAMeb_check.exe? I did this and get error box saying windows cannot find it.

Some progress to report. The iexplore.exe that has always been running under username "system" in the task manager is finally gone. However the volume on my computer still is not working.

Here is the combofix log.

Here is the combo fix log minus the backup file stuff. There was a ton and it was too large to post it.


ComboFix 10-06-21.03 - Owner 06/22/2010 13:03:36.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1583 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\HelpAsst_backup
c:\helpasst_backup\C\DOCUME~1\HELPAS~1\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst
c:\helpasst_backup\C\DOCUME~1\HELPAS~1\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst
c:\helpasst_backup\C\DOCUME~1\HELPAS~1\Application Data\Adobe\Acrobat\7.0\Colla
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-21 01:32 . 2010-06-21 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-06-21 01:32 . 2010-06-21 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-21 01:32 . 2010-06-21 01:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-17 16:59 . 2010-06-17 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-17 16:59 . 2010-06-17 17:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-17 16:42 . 2010-06-17 16:42 -------- d-----w- c:\program files\Trend Micro
2010-06-17 03:18 . 2010-06-17 03:18 19392 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-17 00:21 . 2010-06-17 00:21 -------- d-----w- c:\program files\Favorites
2010-06-16 22:33 . 2010-06-16 22:33 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\AdobeUM
2010-06-16 22:31 . 2010-06-16 22:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-06-16 22:12 . 2010-06-16 22:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-06-16 22:11 . 2010-06-16 22:11 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-06-16 22:11 . 2010-06-16 22:11 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2010-06-11 13:44 . 2010-06-11 13:44 -------- d-sh--w- c:\documents and settings\owner_2\IETldCache
2010-06-10 23:57 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-28 09:07 . 2010-05-28 09:07 -------- d-----w- c:\documents and settings\postgres\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-22 16:53 . 2009-11-27 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-22 01:08 . 2008-03-03 06:18 -------- d-----w- c:\program files\Full Tilt Poker
2010-06-21 01:32 . 2010-06-21 01:32 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-21 01:32 . 2010-06-21 01:32 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-06-21 01:32 . 2010-06-21 01:32 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-21 01:24 . 2010-03-22 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-18 23:47 . 2005-03-31 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-17 16:42 . 2010-06-17 16:42 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-17 04:18 . 2010-01-28 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 22:46 . 2005-03-15 06:28 -------- d-----w- c:\program files\Trillian
2010-06-05 16:32 . 2010-02-17 18:27 -------- d-----w- c:\program files\QuickTime
2010-06-02 12:55 . 2010-06-02 12:55 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 12:55 . 2010-06-02 12:55 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 12:54 . 2009-07-19 06:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 12:54 . 2007-03-07 01:10 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 17:27 . 2005-03-14 17:07 -------- d-----w- c:\program files\PokerStars
2010-05-31 23:45 . 2007-10-24 05:23 -------- d-----w- c:\program files\Cake Poker
2010-05-17 04:49 . 2010-02-01 02:08 -------- d-----w- c:\program files\TableNinjaFT
2010-05-17 04:46 . 2005-03-20 03:12 -------- d-----w- c:\program files\Lavasoft
2010-05-17 04:46 . 2009-07-24 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-04 17:20 . 2004-08-12 14:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2010-01-27 10:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-12 13:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-12 14:09 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-01-28 06:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-01-28 06:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:51 . 2004-08-12 13:55 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-26 68856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-07-26 68856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 12:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TimeLeft.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TimeLeft.lnk
backup=c:\windows\pss\TimeLeft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 04:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
2004-08-10 15:37 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-06-02 12:54 2065248 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-08-22 14:52 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType]
2002-03-22 04:41 94208 ----a-w- c:\program files\Microsoft Hardware\Keyboard\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 21:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-03-21 17:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize2 Reminder]
2008-01-31 18:54 145648 ----a-w- c:\program files\PCPitstop\Optimize2\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 20:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2003-09-30 04:14 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-26 23:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2005-12-08 18:55 3096576 ----a-w- c:\program files\Yahoo!\Messenger\YPager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"1863:TCP"= 1863:TCP:bearshare1

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/19/2009 2:33 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/19/2009 2:33 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/14/2010 8:47 AM 308064]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536]
S2 gupdate1ca84136c016ede;Google Update Service (gupdate1ca84136c016ede);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 5:03 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 21:03]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v6zdyfpf.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 13:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography \RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5, cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d ,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2010-06-22 13:48:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-22 17:47
ComboFix2.txt 2010-06-21 14:58
ComboFix3.txt 2010-06-19 00:31
ComboFix4.txt 2010-06-17 16:03
ComboFix5.txt 2010-06-22 17:00

Pre-Run: 4,570,865,664 bytes free
Post-Run: 4,765,409,280 bytes free

- - End Of File - - 5C1FDA9995B3E987100689AC945B0127

Just ran Hijackthis again as while and put the log thru the analyser tool thingy. The two things that had always a red "x" regarding the volume for the first time aren't there anymore. So that seems like a good thing.

Still no volume though. Any advice on what to do about that, amybe redownload some drivers or something? I really don't know much about that stuff.

i think we kill infection

to make sure we check:

also run eset online scanner and post log
http://www.eset.com/online-scanner

start new thread for soundcard problem
other people can help you

Here are those two logs.

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PF8U3SDU\HAMeb_check[1].exe
Wed 06/23/2010 at 6:30:09.32

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~


Here are the eset results.

C:\Documents and Settings\Owner\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 36B29B5\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 36B29B5\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v2 36B29B5\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ra sacd.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\System Volume Information\_restore{D8397EA7-750D-493B-AEFA-972B7B785835}\RP1813\A0114443.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8397EA7-750D-493B-AEFA-972B7B785835}\RP1813\A0114444.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{D8397EA7-750D-493B-AEFA-972B7B785835}\RP1813\A0114445.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined

computer clean
probably need install holdem manager again - eset deleted files that are no virus

do start-run and type or copy/paste:
combofix /uninstall

case closed