Random popups

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Documents and Settings\\Daniel\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Documents and Settings\\Daniel\\Desktop\\LC\\pickup.listchecker.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Daniel\\My Documents\\Downloads\\YuLeech-RunesofMagic2_0_1_1821-en.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\azndumpling1086@aol.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Vogster Entertainment\\CrimeCraft\\ClientLauncher.exe"=
"c:\\Program Files\\Vogster Entertainment\\CrimeCraft\\Binaries\\CrimeCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/1/2008 2:45 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/1/2008 2:45 PM 108552]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/15/2008 1:23 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/15/2008 1:23 PM 298776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [1/30/2009 7:14 PM 125304]
S2 gupdate1c9c6635fea52a;Google Update Service (gupdate1c9c6635fea52a);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2009 4:34 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/11/2009 5:22 PM 24652]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3E9D340B-D614-4854-AE06-4218201F6AAE} - c:\program files\Internet Explorer\LiveInfoPro\toolbar_v0.9.5_w-jsinside-affid-1002.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
FF - ProfilePath - c:\docume~1\Daniel\APPLIC~1\Mozilla\Firefox\Profiles\3wr807un.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\3wr807un.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\3wr807un.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\3wr807un.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 15:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-507921405-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,17,10,a6,1a,91,59,de,05,47,ad,f5,09,7c,bc,e9,85,39,77,8f,44,8f,a0,
2b,9a,90,1b,83,b5,2d,46,f7,c8,38,a7,be,bb,a0,d1,8a,71,03,12,c6,b7,1d,c0,43,\
"??"=hex:9a,c3,59,50,72,6a,1a,2f,b3,4d,bb,af,4d,6f,c4,86

[HKEY_USERS\S-1-5-21-1060284298-507921405-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f3,b4,a5,20,23,1b,8a,66,38,a5,dc,a4,c1,ef,b4,c9,39,71,2c,e5,81,
83,27,db,5f,2e,62,6c,6a,48,04,c9,6b,72,ba,69,ea,2e,3a,0f,5e,49,fd,4f,ef,5e,\
"rkeysecu"=hex:ea,13,f9,d7,77,1f,03,70,cc,fd,10,91,ca,1b,a5,43
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3692)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-18 15:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 22:37
ComboFix2.txt 2009-05-23 17:02
ComboFix3.txt 2009-05-23 02:43
ComboFix4.txt 2009-05-23 01:55
ComboFix5.txt 2009-07-18 22:21

Pre-Run: 129,858,920,448 bytes free
Post-Run: 130,347,094,016 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
397 --- E O F --- 2009-07-18 10:04

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\wisdstr.exe
c:\windows\system32\drivers\stinidriwwosesev.sys

Folder::
c:\docume~1\ALLUSE~1\APPLIC~1\13354374
c:\program files\Viewpoint
c:\program files\PLAYXPERT
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
c:\documents and settings\Daniel\Application Data\BitTorrent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-

Driver::
Viewpoint Manager Service

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-07-14.08 - Daniel 07/18/2009 16:31.11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1242 [GMT -7:00]
Running from: c:\documents and settings\Daniel\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\stinidriwwosesev.sys"
"c:\windows\system32\wisdstr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\13354374
c:\docume~1\ALLUSE~1\APPLIC~1\Viewpoint
c:\documents and settings\Daniel\Application Data\BitTorrent
c:\documents and settings\Daniel\Application Data\BitTorrent\Adobe Photoshop Elements v6.0 (Full Version with Keygen).torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\Age Of Empires 3 Incl Expansion and keys.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\Airport Tycoon 3.ISO.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Daniel\Application Data\BitTorrent\dht.dat
c:\documents and settings\Daniel\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Daniel\Application Data\BitTorrent\Great.Big.Boobies.3.[English].XXX.DVDRip.XVID-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\merman.exe
c:\documents and settings\Daniel\Application Data\BitTorrent\Mount & Blade 1.003 + Crack.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\Mount and Blade-Uniloader.7z.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\office 2007.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\resume.dat
c:\documents and settings\Daniel\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Daniel\Application Data\BitTorrent\rss.dat
c:\documents and settings\Daniel\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Daniel\Application Data\BitTorrent\settings.dat
c:\documents and settings\Daniel\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Daniel\Application Data\BitTorrent\Sims 2 Double Deluxe Crack.rar.1.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\Sims 2 Double Deluxe Crack.rar.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\Sims.2.all.pack.2008.09.00-.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\sweet_steph_big_iop.wmv.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\UKNymphos_Girlfriend_Phoenix.wmv.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\War Plan Pacific. PC. With Keygen_Crack.rar.torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\World In Conflict (Crack).torrent
c:\documents and settings\Daniel\Application Data\BitTorrent\World_In_Conflict-FLT.torrent
c:\program files\PLAYXPERT
c:\program files\PLAYXPERT\PLAYXPERT In-Game Platform Setup Log.txt
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\system32\drivers\stinidriwwosesev.sys
c:\windows\system32\wisdstr.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-18 22:24 . 2009-07-18 22:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-07-18 06:13 . 2009-07-18 06:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-18 06:13 . 2009-07-18 06:13 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-18 06:07 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-18 06:07 . 2009-07-18 06:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 06:07 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-16 06:50 . 2009-07-16 06:50 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-12 22:11 . 2009-07-12 22:12 -------- d-----w- c:\program files\AIM6
2009-07-12 00:20 . 2009-07-12 00:20 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AOL Downloads
2009-07-07 00:35 . 2009-07-18 21:41 137544 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-07 00:35 . 2009-07-18 21:41 189480 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-07 00:35 . 2009-07-16 06:50 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-07 00:35 . 2009-07-07 00:35 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\PunkBuster
2009-06-27 15:21 . 2009-06-27 15:21 -------- d-----w- c:\program files\Vogster Entertainment
2009-06-27 00:43 . 2009-06-27 00:43 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\AVG Security Toolbar
2009-06-26 17:50 . 2009-06-26 17:50 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-06-26 17:50 . 2009-06-26 17:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-19 14:56 . 2009-06-19 14:56 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Electronic Arts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 22:44 . 2007-12-21 19:12 -------- d-----w- c:\program files\Steam
2009-07-18 09:33 . 2008-01-13 05:10 -------- d-----w- c:\program files\Warcraft III
2009-07-16 06:50 . 2009-07-16 06:50 139152 ----a-w- c:\documents and settings\Daniel\Application Data\PnkBstrK.sys
2009-07-16 01:19 . 2009-03-13 04:57 7 ----a-w- c:\windows\sbacknt.bin
2009-07-12 22:11 . 2007-12-21 21:46 -------- d-----w- c:\program files\Common Files\AOL
2009-07-11 01:50 . 2008-01-13 23:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-04 19:05 . 2008-06-01 21:45 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-26 17:49 . 2008-06-01 21:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 17:49 . 2007-12-18 07:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-21 15:46 . 2007-12-18 07:31 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-19 04:25 . 2008-09-19 21:13 -------- d-----w- c:\program files\Electronic Arts
2009-06-19 04:09 . 2007-12-18 07:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-10 13:03 . 2009-05-01 05:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-05-01 05:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2009-02-18 21:44 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-01-15 15:19 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-01-15 15:19 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-01-15 15:19 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-01-15 15:19 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-01-15 15:19 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2007-12-18 07:08 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 13:03 . 2007-12-18 07:07 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2007-12-18 07:07 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-08 03:44 . 2008-11-29 02:11 -------- d-----w- c:\program files\Microsoft Games
2009-06-08 03:42 . 2009-04-14 20:28 -------- d-----w- c:\program files\MSN Games
2009-06-08 03:40 . 2009-06-08 03:37 -------- d-----w- c:\program files\Common Files\Elecard
2009-06-08 03:39 . 2009-06-08 03:39 -------- d-----w- c:\program files\AC3Filter
2009-06-08 03:37 . 2009-06-08 03:37 -------- d-----w- c:\program files\ELECARD
2009-06-08 03:37 . 2009-06-08 03:37 -------- d-----w- c:\program files\Common Files\Moonlight
2009-06-08 03:33 . 2009-06-08 03:33 -------- d-----w- c:\program files\AVIcodec
2009-06-08 03:27 . 2008-12-10 00:30 -------- d-----w- c:\program files\DivX
2009-06-08 03:26 . 2009-04-26 11:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 21:44 . 2008-06-01 21:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-05-15 21:41 . 2007-12-18 07:00 88568 ----a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 15:30 . 2007-12-18 06:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-08 01:06 . 2008-06-01 21:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-02-07 02:14 . 2009-02-07 02:14 3143 ----a-w- c:\program files\images.jpeg
2009-06-12 15:10 . 2008-12-06 11:00 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[7] 2004-09-01 09:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-09-01 09:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-09-01 09:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2004-09-01 09:00 215552 A77219A971029DC2FB683E8513713803 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-09-01 09:00 215552 A77219A971029DC2FB683E8513713803 c:\windows\system32\termsrv.dll

[-] 2009-07-18 22:07 28672 67A100B27457904602B322612A5DD2EF c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 17:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"rpcapd"=3 (0x3)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Documents and Settings\\Daniel\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Documents and Settings\\Daniel\\Desktop\\LC\\pickup.listchecker.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Documents and Settings\\Daniel\\My Documents\\Downloads\\YuLeech-RunesofMagic2_0_1_1821-en.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\azndumpling1086@aol.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Vogster Entertainment\\CrimeCraft\\ClientLauncher.exe"=
"c:\\Program Files\\Vogster Entertainment\\CrimeCraft\\Binaries\\CrimeCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\buttche3k007\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/1/2008 2:45 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/1/2008 2:45 PM 108552]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/11/2007 1:45 AM 124832]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/15/2008 1:23 PM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/15/2008 1:23 PM 298776]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [1/30/2009 7:14 PM 125304]
S2 gupdate1c9c6635fea52a;Google Update Service (gupdate1c9c6635fea52a);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2009 4:34 AM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
FF - ProfilePath - c:\docume~1\Daniel\APPLIC~1\Mozilla\Firefox\Profiles\3wr807un.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\3wr807un.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\3wr807un.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\3wr807un.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 16:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1060284298-507921405-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,17,10,a6,1a,91,59,de,05,47,ad,f5,09,7c,bc,e9,85,39,77,8f,44,8f,a0,
2b,9a,90,1b,83,b5,2d,46,f7,c8,38,a7,be,bb,a0,d1,8a,71,03,12,c6,b7,1d,c0,43,\
"??"=hex:9a,c3,59,50,72,6a,1a,2f,b3,4d,bb,af,4d,6f,c4,86

[HKEY_USERS\S-1-5-21-1060284298-507921405-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f3,b4,a5,20,23,1b,8a,66,38,a5,dc,a4,c1,ef,b4,c9,39,71,2c,e5,81,
83,27,db,5f,2e,62,6c,6a,48,04,c9,6b,72,ba,69,ea,2e,3a,0f,5e,49,fd,4f,ef,5e,\
"rkeysecu"=hex:ea,13,f9,d7,77,1f,03,70,cc,fd,10,91,ca,1b,a5,43
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(464)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-18 16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 23:40
ComboFix2.txt 2009-07-18 22:37
ComboFix3.txt 2009-05-23 17:02
ComboFix4.txt 2009-05-23 02:43
ComboFix5.txt 2009-07-18 23:31

Pre-Run: 130,304,757,760 bytes free
Post-Run: 130,263,171,072 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
315 --- E O F --- 2009-07-18 10:04

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.39
Database version: 2462
Windows 5.1.2600 Service Pack 3

7/18/2009 6:41:19 PM
mbam-log-2009-07-18 (18-41-19).txt

Scan type: Quick Scan
Objects scanned: 93227
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Malwarebytes' Anti-Malware 1.39
Database version: 2462
Windows 5.1.2600 Service Pack 3

7/19/2009 11:01:52 AM
mbam-log-2009-07-19 (11-01-52).txt

Scan type: Quick Scan
Objects scanned: 93313
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

How is the computer running?

Glad we could help

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.