ComboFix 10-05-03.01 - Ginger 05/03/2010  15:22:24.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.703.329 [GMT -4:00]
Running from: c:\documents and settings\Ginger\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ginger\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

c:\windows\system32\drivers\wdmaud.sys was missing 
Restored copy from - c:\windows\system32\dllcache\wdmaud.sys

.
(((((((((((((((((((((((((   Files Created from 2010-04-03 to 2010-05-03  )))))))))))))))))))))))))))))))
.

2010-05-03 19:41 . 2008-04-13 19:17	83072	----a-w-	c:\windows\system32\drivers\wdmaud.sys
2010-05-03 19:41 . 2008-04-13 19:17	83072	----a-w-	c:\windows\system32\dllcache\wdmaud.sys
2010-05-01 02:38 . 2010-05-01 02:38	117760	----a-w-	c:\documents and settings\Administrator.LBBBOOKS\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-01 02:38 . 2010-05-01 02:38	--------	d-----w-	c:\documents and settings\Administrator.LBBBOOKS\Application Data\SUPERAntiSpyware.com
2010-04-30 12:59 . 2010-04-30 12:59	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\WINDOWS
2010-04-30 12:59 . 2010-04-30 12:59	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\UserData
2010-04-30 12:58 . 2010-04-30 12:58	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\PrivacIE
2010-04-30 12:42 . 2010-04-30 12:42	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\IETldCache
2010-04-30 12:42 . 2010-04-30 12:42	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\IECompatCache
2010-04-30 12:35 . 2010-04-30 12:35	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\Client Security
2010-04-30 12:35 . 2010-04-30 12:35	--------	d-----w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\Citrix
2010-04-30 12:35 . 2008-11-25 04:24	22	----a-w-	c:\documents and settings\HelpAssistant.LBBBOOKS.000\campaign monitor.zip
2010-04-30 12:23 . 2010-04-30 12:23	--------	d-----w-	C:\_OTM
2010-04-30 04:58 . 2010-05-03 00:04	1682	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-04-29 01:15 . 2010-04-29 01:15	--------	d-----w-	c:\program files\Easy Duplicate Finder
2010-04-29 00:37 . 2010-04-29 00:37	--------	d-----w-	c:\program files\VS Revo Group
2010-04-27 00:09 . 2010-04-27 00:09	--------	d-----w-	C:\HelpAsst_backup
2010-04-26 23:42 . 2010-04-26 23:42	--------	d-----w-	C:\_OTL
2010-04-26 12:23 . 2010-04-26 12:23	--------	d-----w-	c:\documents and settings\Ginger\Local Settings\Application Data\FixItCenter
2010-04-26 11:59 . 2010-04-26 11:59	--------	d-----w-	c:\windows\MATS
2010-04-26 11:59 . 2010-04-26 11:59	--------	d-----w-	c:\program files\Microsoft Fix it Center
2010-04-26 02:34 . 2010-04-26 02:34	--------	d-----w-	c:\program files\ERUNT
2010-04-25 19:43 . 2010-02-02 14:13	59664	--s-a-w-	c:\windows\system32\drivers\TfSysMon.sys
2010-04-25 19:43 . 2010-02-02 14:13	51984	--s---w-	c:\windows\system32\drivers\TfFsMon.sys
2010-04-25 19:43 . 2010-02-02 14:13	33552	--s---w-	c:\windows\system32\drivers\TfNetMon.sys
2010-04-25 19:43 . 2010-01-22 13:56	149456	----a-w-	c:\windows\SGDetectionTool.dll
2010-04-25 19:43 . 2010-01-22 13:56	165840	----a-w-	c:\windows\PCTBDRes.dll
2010-04-25 19:43 . 2010-01-22 13:56	1652688	----a-w-	c:\windows\PCTBDCore.dll
2010-04-25 19:43 . 2010-01-22 13:55	767952	----a-w-	c:\windows\BDTSupport.dll
2010-04-25 19:43 . 2009-10-28 05:36	1152444	----a-w-	c:\windows\UDB.zip
2010-04-25 19:43 . 2008-11-26 16:08	131	----a-w-	c:\windows\IDB.zip
2010-04-25 19:40 . 2010-02-05 13:17	233136	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2010-04-25 19:40 . 2010-03-10 15:36	217032	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2010-04-25 19:40 . 2009-11-23 17:54	88040	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-25 19:40 . 2010-02-05 13:25	70408	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2010-04-25 19:40 . 2010-04-25 23:27	--------	d-----w-	c:\program files\Spyware Doctor
2010-04-25 16:40 . 2008-04-14 09:41	81920	------w-	c:\windows\system32\ieencode.dll
2010-04-24 09:05 . 2010-03-26 14:33	43008	----a-w-	c:\documents and settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-24 09:05 . 2010-03-26 14:33	339456	----a-w-	c:\documents and settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-24 09:05 . 2010-03-26 14:32	346112	----a-w-	c:\documents and settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-24 09:05 . 2010-03-26 14:33	1496064	----a-w-	c:\documents and settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-24 05:44 . 2010-04-24 05:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 05:44 . 2010-05-01 03:00	--------	d-----w-	c:\documents and settings\Ginger\Application Data\SUPERAntiSpyware.com
2010-04-24 04:09 . 2010-04-30 13:01	15944	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2010-04-24 04:09 . 2010-04-12 21:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-24 04:08 . 2010-04-24 04:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-24 04:06 . 2010-04-24 04:06	--------	d-----w-	c:\program files\Hitman Pro 3.5
2010-04-23 01:27 . 2010-04-23 01:27	--------	d-----w-	c:\documents and settings\Administrator.LBBBOOKS\Application Data\Malwarebytes
2010-04-21 03:25 . 2010-04-21 03:25	50354	----a-w-	c:\documents and settings\Ginger\Application Data\Facebook\uninstall.exe
2010-04-21 03:25 . 2010-04-21 03:25	--------	d-----w-	c:\documents and settings\Ginger\Application Data\Facebook
2010-04-19 12:54 . 2010-04-19 12:54	242696	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-19 12:51 . 2010-04-19 12:51	1689952	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-18 20:31 . 2010-04-18 20:31	--------	d-----w-	C:\$AVG
2010-04-18 16:21 . 2010-04-18 16:21	5918776	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 03:07 . 2010-04-18 03:07	--------	d-----w-	c:\documents and settings\Ginger\Application Data\Malwarebytes
2010-04-18 03:06 . 2010-03-30 04:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 03:06 . 2010-04-18 03:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-18 03:06 . 2010-03-30 04:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-18 03:06 . 2010-04-18 16:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-04 14:24 . 2010-04-04 14:24	4255072	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-04 08:51 . 2010-04-04 08:51	--------	d-----w-	c:\documents and settings\Ginger\Application Data\AVG9
2010-04-04 03:40 . 2010-04-04 03:40	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-04-04 03:40 . 2010-04-04 03:40	29512	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-04-04 03:40 . 2010-05-03 09:51	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-04-04 03:40 . 2010-04-04 03:40	25096	----a-w-	c:\windows\system32\drivers\AVGIDSxx.sys
2010-04-04 03:40 . 2010-04-04 03:40	52872	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-04-04 03:40 . 2010-04-19 12:53	242896	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-04-04 03:40 . 2010-04-04 03:40	216200	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-04-04 03:40 . 2010-04-04 03:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 19:16 . 2008-04-14 02:01	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-05-03 00:09 . 2008-06-26 04:54	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2010-05-02 04:00 . 2006-08-24 23:03	5427	----a-w-	c:\windows\system32\EGATHDRV.SYS
2010-04-25 19:43 . 2008-09-28 19:06	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-04-24 08:13 . 2008-10-24 01:22	--------	d-----w-	c:\program files\AVG
2010-04-24 04:09 . 2008-05-11 17:27	--------	d-----w-	c:\program files\Java
2010-04-20 05:16 . 2008-02-06 03:14	--------	d-----w-	c:\documents and settings\Ginger\Application Data\U3
2010-04-20 02:50 . 2009-08-02 08:51	6432	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-04-19 03:08 . 2008-06-26 04:51	20	---h--w-	c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-04-11 14:28 . 2008-04-14 04:02	--------	d-----w-	c:\program files\Common Files\Adobe
2010-04-10 21:05 . 2010-04-10 21:05	65328	----a-w-	c:\windows\AppPatch\matsshim.dll
2010-04-07 01:40 . 2009-08-04 12:39	211720	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-04-07 01:40 . 2009-08-04 12:39	1352968	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-04-04 23:50 . 2010-04-04 23:50	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2010-04-04 23:49 . 2010-04-04 23:49	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2010-04-04 23:49 . 2010-04-04 23:49	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2010-04-04 23:49 . 2010-04-04 23:49	0	---ha-w-	c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-04 02:03 . 2009-05-17 14:23	0	-c--a-w-	c:\documents and settings\Ginger\Local Settings\Application Data\prvlcl.dat
2010-04-01 00:06 . 2008-05-11 17:27	--------	d-----w-	c:\program files\Common Files\Java
2010-04-01 00:04 . 2010-04-01 00:04	503808	----a-w-	c:\documents and settings\Ginger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5196682a-n\msvcp71.dll
2010-04-01 00:04 . 2010-04-01 00:04	499712	----a-w-	c:\documents and settings\Ginger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5196682a-n\jmc.dll
2010-04-01 00:04 . 2010-04-01 00:04	348160	----a-w-	c:\documents and settings\Ginger\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5196682a-n\msvcr71.dll
2010-04-01 00:04 . 2010-04-01 00:04	61440	----a-w-	c:\documents and settings\Ginger\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2032b575-n\decora-sse.dll
2010-04-01 00:04 . 2010-04-01 00:04	12800	----a-w-	c:\documents and settings\Ginger\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2032b575-n\decora-d3d.dll
2010-03-31 04:15 . 2009-06-09 04:24	1	----a-w-	c:\documents and settings\Ginger\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-18 07:05 . 2010-03-18 07:05	--------	d-----w-	c:\program files\SpaceMonger
2010-03-18 07:05 . 2010-03-18 07:05	--------	d-----w-	c:\documents and settings\Ginger\Application Data\SpaceMonger
2010-03-18 05:59 . 2010-03-18 05:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\PCDr
2010-03-18 04:08 . 2010-03-18 04:08	--------	d-----w-	c:\documents and settings\Administrator.LBBBOOKS\Application Data\SpaceMonger
2010-03-17 10:36 . 2010-03-17 10:36	--------	d-----w-	c:\documents and settings\LocalService\Application Data\PeerNetworking
2010-03-14 23:10 . 2009-08-10 15:05	869664	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB19\Patch\qbpatch.exe
2010-03-14 22:32 . 2008-02-06 03:09	66072	------w-	c:\documents and settings\Ginger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 20:29 . 2008-05-01 05:06	--------	d-----w-	c:\program files\Yahoo!
2010-03-14 20:27 . 2008-05-01 05:07	--------	d-----w-	c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-14 20:26 . 2008-05-02 04:18	--------	d-----w-	c:\documents and settings\Ginger\Application Data\Yahoo!
2010-03-14 20:23 . 2008-03-04 13:15	--------	d-----w-	c:\program files\HP
2010-03-10 06:15 . 1980-01-01 08:00	420352	------w-	c:\windows\system32\vbscript.dll
2010-03-06 05:30 . 2010-03-06 05:30	847040	----a-w-	c:\documents and settings\Ginger\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30	5582848	----a-w-	c:\documents and settings\Ginger\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-25 06:24 . 1980-01-01 08:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 1980-01-01 08:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47	3604480	----a-w-	c:\windows\system32\GPhotos.scr
2010-02-18 11:05 . 2010-02-13 03:07	144160	------w-	c:\documents and settings\Ginger\Application Data\Move Networks\uninstall.exe
2010-02-18 11:05 . 2009-12-07 01:22	5603776	------w-	c:\documents and settings\Ginger\Application Data\Move Networks\plugins\npqmp071705000014.dll
2010-02-17 13:10 . 1980-01-01 08:00	2189952	------w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 06:59	2066816	------w-	c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 1980-01-01 08:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1980-01-01 08:00	226880	----a-w-	c:\windows\system32\drivers\tcpip6.sys
2010-02-07 16:22 . 2009-08-12 04:26	296240	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-02-07 16:22 . 2009-08-12 04:26	496944	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-02-07 16:22 . 2009-08-12 04:26	570672	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-02-07 16:22 . 2009-08-12 04:26	263472	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-02-07 16:22 . 2009-08-12 04:26	1152304	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-02-07 16:22 . 2009-08-12 04:26	763184	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-02-07 16:22 . 2009-08-12 04:26	423216	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-02-07 16:22 . 2009-08-12 04:26	787760	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-02-07 16:22 . 2009-08-12 04:26	398640	------w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-07-10 07:00 . 2008-02-06 03:23	248	--sh--r-	c:\windows\system32\069DADDB21.sys
.

((((((((((((((((((((((((((((((((((((((((((   SR_Search   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

[7] 6768ACF64B18196494413695F0C3A00F	83072	c:\windows\system32\dllcache\wdmaud.sys
[7] 6768ACF64B18196494413695F0C3A00F	83072	\RP4\A0000129.sys
[7] 6768ACF64B18196494413695F0C3A00F	83072	\RP4\A0000191.sys

c:\windows\system32\drivers\wdmaud.sys [x] 
[7] 6768ACF64B18196494413695F0C3A00F	83072	\RP4\A0000126.sys
[7] 6768ACF64B18196494413695F0C3A00F	83072	\RP4\A0000153.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-21 48752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 106496]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-03-01 196710]
"cssauthe"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2006-03-01 1992240]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\Ginger\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe [2008-2-6 1078]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-04 03:40	12464	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7474:TCP"= 7474:TCP:Services
"7475:TCP"= 7475:TCP:Services
"4288:TCP"= 4288:TCP:Services
"7076:TCP"= 7076:TCP:Services
"7085:TCP"= 7085:TCP:Services
"7084:TCP"= 7084:TCP:Services
"9693:TCP"= 9693:TCP:Services
"9694:TCP"= 9694:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"9474:TCP"= 9474:TCP:Services
"9475:TCP"= 9475:TCP:Services
"9756:TCP"= 9756:TCP:Services
"9757:TCP"= 9757:TCP:Services
"9802:TCP"= 9802:TCP:Services
"9803:TCP"= 9803:TCP:Services
"2913:TCP"= 2913:TCP:Services
"4326:TCP"= 4326:TCP:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [4/3/2010 11:40 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/3/2010 11:40 PM 52872]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/25/2010 3:40 PM 217032]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [4/25/2010 3:43 PM 59664]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 11:40 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 11:40 PM 242896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [4/25/2010 3:40 PM 233136]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/3/2010 11:40 PM 916760]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 11:40 PM 308064]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [4/25/2010 3:43 PM 112592]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [12/21/2005 8:45 PM 3968]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/3/2010 11:40 PM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [4/3/2010 11:40 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [4/3/2010 11:40 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [4/3/2010 11:40 PM 26120]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [4/24/2010 12:09 AM 15944]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [4/10/2010 5:05 PM 266544]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [4/25/2010 3:40 PM 70408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/25/2010 3:40 PM 366840]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Ginger\Application Data\Mozilla\Firefox\Profiles\63qxlycj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Ginger\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Ginger\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x832677A0]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7d40f28
\Driver\ACPI -> ACPI.sys @ 0xf7bb3cb8
\Driver\atapi -> atapi.sys @ 0xf7b6b852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> 0x8290f8f0
 PacketIndicateHandler -> NDIS.sys @ 0xf7a48a21
 SendHandler -> NDIS.sys @ 0xf7a2687b
user & kernel MBR OK 

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3394718649-747758906-3735171228-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3394718649-747758906-3735171228-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-3394718649-747758906-3735171228-1006)
@Allowed: (Read) (S-1-5-21-3394718649-747758906-3735171228-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(816)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-05-03  15:45:50
ComboFix-quarantined-files.txt  2010-05-03 19:45
ComboFix2.txt  2010-04-30 00:38
ComboFix3.txt  2010-04-28 13:38

Pre-Run: 29,700,734,976 bytes free
Post-Run: 29,628,915,712 bytes free

- - End Of File - - 12D0BAEB4E8E1720B655CEE7E6D5F6AD