System Guard 2009/ Win32/nuqel.e Help Me Please

Everything seems to be working fine again I did notice i program trying to install (Document Viewer) and wants me to click OK to this path
C:\DOCUME~1\POTTER~1\LOCALS~1\Temp\7zS104E\setup\DocumentViewer\
Going to end the process with the task manager until I hear back from you.
I'm also going to update all of my anti virus and run further scans as they have all been locked out from helping.

DRAGON MASTER JAY YOU ARE THE MAN!!!!!
I will be posting a link in my website and any other sites that I'll host in the future.
What a great service you folks provide.
Thank You Thank You Thank You

Your system's not clean. And if the current problem does not get fixed, your system will no longer boot.

This scan:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys hal.dll >>UNKNOWN [0x83B6F1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7f78fc3
\Driver\ACPI -> ACPI.sys @ 0xf7dd6cb8
\Driver\atapi -> 0x83b6f1f8
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094
NDIS: acer IPN2220 Wireless LAN Card -> SendCompleteHandler -> NDIS.sys @ 0xf7ce6ba0
PacketIndicateHandler -> NDIS.sys @ 0xf7cd5a0b
SendHandler -> NDIS.sys @ 0xf7ce9b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK

In the blue, is the infection I am talking about.

Do you want to continue diagnostics?

I want to end this when you say I'm Clean.
I ran some scans after combofix and here are some results.
The first scan found malware and for the first time all week I was able to update AVG9 and ran it as well.
I also run a program called removeitpro and it to found stuff including combofix.
I know I can reinstall combofix but after this weeks events being able to click and fix is an immediate reaction.
Tuneup Utilities has found the same 41 problems in the registry but after cleaning they return so I know there still are issues.
So yes I want to continue diagnostics.


Malwarebytes' Anti-Malware 1.44
Database version: 3828
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/6/2010 9:32:27 AM
mbam-log-2010-03-06 (09-32-27).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 258940
Time elapsed: 1 hour(s), 41 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

1. Please download Profiles by noahdfear.

• Save it to your desktop.
• Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

• Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  
• When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  
• Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.

4. In your next reply, please post the following logs for my review:

• Profiles log (1)
  
• Win32kDiag log (2)
  
• MBR log (3)

Thanks!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1747484371-3063578883-1927391205-1005
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Potters Trucking

SystemRoot REG_SZ C:\WINDOWS

Running from: C:\Documents and Settings\Potters Trucking\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Potters Trucking\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Please open Command Prompt (Start > Run and type CMD and press OK [Vista/7: Start search: CMD and press enter])
Enter the following in to the black box, pressing enter after each line:



Post a log (MBR.log).

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Please re-run ComboFix and post a log, for the final check.

ComboFix 10-03-06.03 - Potters Trucking 03/06/2010 22:08:48.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.356 [GMT -5:00]
Running from: c:\documents and settings\Potters Trucking\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 08:40 . 2010-03-06 08:40 -------- d-----w- C:\$AVG
2010-03-06 06:12 . 2010-02-28 19:33 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-06 06:12 . 2010-02-28 19:33 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-06 02:54 . 2010-03-06 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-03-03 00:20 . 2010-03-03 00:20 -------- d-----w- C:\FOUND.013
2010-03-02 23:46 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 23:46 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 02:25 . 2010-03-02 02:25 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Malwarebytes
2010-03-02 02:25 . 2010-03-02 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-02 01:28 . 2010-03-02 01:28 -------- d-----w- C:\FOUND.012
2010-02-28 21:08 . 2010-02-28 21:08 -------- d-----w- C:\FOUND.011
2010-02-28 19:34 . 2010-02-28 19:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-28 19:34 . 2010-02-28 19:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-28 19:34 . 2010-02-28 19:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-28 19:34 . 2010-02-28 19:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-28 19:33 . 2010-02-28 19:33 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-28 19:33 . 2010-02-28 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-20 19:30 . 2010-02-20 19:30 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\vlc
2010-02-20 05:46 . 2010-02-20 05:46 623152 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-20 00:10 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-20 00:10 . 2007-05-17 22:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2010-02-20 00:10 . 2006-04-05 13:09 66560 ----a-w- c:\windows\MOTA113.exe
2010-02-20 00:10 . 2005-07-14 17:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2010-02-20 00:10 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-20 00:10 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-20 00:10 . 2005-02-28 18:16 240128 ----a-w- c:\windows\system32\x.264.exe
2010-02-20 00:10 . 2006-10-07 22:43 502784 ----a-w- c:\windows\x2.64.exe
2010-02-20 00:10 . 2006-04-12 14:47 217073 ----a-w- c:\windows\meta4.exe
2010-02-20 00:10 . 2004-09-15 22:29 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-20 00:09 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-17 03:11 . 2010-02-17 03:11 -------- d-----w- C:\FOUND.009
2010-02-16 15:30 . 2010-02-16 15:30 -------- d-----w- C:\FOUND.008
2010-02-13 14:00 . 2010-02-13 14:00 3584 ----a-r- c:\documents and settings\Potters Trucking\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-13 14:00 . 2010-02-13 14:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-02-07 18:50 . 2010-02-07 18:50 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Leadertech
2010-02-07 18:39 . 2010-02-07 18:39 -------- d-----w- C:\Profiles
2010-02-06 04:04 . 2010-02-09 23:14 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 12:35 . 2009-10-11 02:19 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-02-20 15:20 . 2010-02-20 15:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-09 00:16 . 2006-12-22 12:35 116664 ----a-w- c:\documents and settings\Potters Trucking\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 18:00 . 2010-02-20 15:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-02 02:57 . 2010-02-02 02:57 -------- d-----w- c:\program files\iPod
2010-02-02 02:57 . 2010-02-02 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-31 14:18 . 2010-01-31 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-01-24 00:59 . 2010-01-24 00:59 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\MozillaControl
2010-01-24 00:59 . 2010-01-24 00:59 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-17 17:02 . 2009-10-12 20:15 112354 ----a-w- c:\windows\hpoins07.dat
2010-01-17 07:56 . 2010-01-17 07:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-17 07:52 . 2010-01-17 07:51 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Macrovision
2010-01-17 07:41 . 2010-01-17 07:41 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Roxio
2010-01-17 01:43 . 2010-01-17 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-01-17 01:39 . 2010-01-17 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\CinemaNow
2010-01-17 01:39 . 2010-01-17 01:39 -------- d-----w- c:\program files\CinemaNow
2010-01-17 01:37 . 2010-01-17 01:37 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Simple Star
2010-01-17 01:37 . 2010-01-17 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoShow Shared Assets
2010-01-17 01:37 . 2010-01-17 01:37 -------- d-----w- c:\program files\Roxio
2010-01-17 01:22 . 2010-01-17 01:22 10134 ----a-r- c:\documents and settings\Potters Trucking\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-01-16 21:22 . 2010-01-16 21:22 -------- d-----w- c:\program files\SmartSound Software
2010-01-16 21:22 . 2010-01-16 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-01-16 21:08 . 2010-01-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-16 21:08 . 2010-01-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2010-01-16 21:07 . 2010-01-16 21:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-16 21:00 . 2010-01-16 21:00 -------- d-----w- c:\program files\MSBuild
2010-01-16 21:00 . 2010-01-16 21:00 -------- d-----w- c:\program files\Reference Assemblies
2010-01-16 20:51 . 2010-01-16 20:51 -------- d-----w- c:\program files\MSXML 6.0
2010-01-16 19:15 . 2010-01-16 19:15 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Roxio Log Files
2010-01-12 00:52 . 2010-01-12 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-12-20 14:23 . 2009-12-20 14:22 152576 ----a-w- c:\documents and settings\Potters Trucking\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 14:22 . 2009-12-20 14:22 79488 ----a-w- c:\documents and settings\Potters Trucking\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 14:15 . 2010-02-20 15:20 178176 ----a-w- c:\windows\system32\unrar.dll
2006-05-03 09:06 . 2010-02-20 00:09 163328 --sh--r- c:\windows\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]
"AlcoholAutomount"="d:\alcohol 120\axcmd.exe" [2008-05-20 4608]
"SpybotSD TeaTimer"="d:\spybot\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 339968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2004-09-03 495616]
"Dit"="Dit.exe" [2003-12-30 94208]
"LogMeIn GUI"="d:\logmein\x86\LogMeInSystray.exe" [2007-04-17 63048]
"UnlockerAssistant"="d:\unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"HP Software Update"="d:\hp software update\HPWuSchd2.exe" [2005-05-12 49152]
"CPMonitor"="d:\roxio\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="d:\roxio\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinScheduler.lnk - d:\windvr3\SchSvr.exe [2010-1-11 155648]
InterVideo WinCinema Manager.lnk - d:\common\Bin\WinCinemaMgr.exe [2010-1-11 131072]
HP Image Zone Fast Start.lnk - d:\digital imaging\bin\hpqthb08.exe [2005-5-11 73728]
HP Digital Imaging Monitor.lnk - d:\digital imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-28 19:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-05 15:12 87352 ------w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"\\\\acer-d3e20d0d7f\\d drive (d)\\LimeWire\\LimeWire.exe"=
"d:\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\UTorrents\\uTorrent.exe"=
"\\\\Acer-d3e20d0d7f\\d drive (d)\\VLC Media Player\\VLC\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Roxio\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"d:\\VLC Media Player\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ItUNES\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [12/22/2006 7:27 AM 5632]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [1/16/2010 8:40 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [1/16/2010 8:40 PM 15856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/28/2010 2:34 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/28/2010 2:34 PM 360584]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [1/16/2010 8:40 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/28/2010 2:33 PM 285392]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\logmein\x86\rainfo.sys [6/19/2007 8:00 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/19/2007 9:00 PM 47640]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [1/1/1980 160896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/4/2008 5:21 PM 716272]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [1/11/2010 7:25 PM 18580]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [1/11/2010 7:47 PM 50258]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [10/10/2009 9:19 PM 13440]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/4/2007 10:02 AM 42112]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 21:28]

2010-02-21 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2009-06-24 02:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: cinemanow.com
Trusted Zone: motorola.com\idenupdate
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
FF - ProfilePath - c:\documents and settings\Potters Trucking\Application Data\Mozilla\Firefox\Profiles\9rt3sa2b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin7.dll
FF - plugin: d:\vlc media player\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-06 22:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3740)
d:\unlocker\UnlockerHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
d:\microsoft office\OFFICE11\msohev.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-03-06 22:23:36
ComboFix-quarantined-files.txt 2010-03-07 03:23
ComboFix2.txt 2010-03-06 05:11

Pre-Run: 2,275,540,992 bytes free
Post-Run: 2,238,660,608 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - F41F023B30D2504D9B0036E54240DEEF

I wasn't able to completely shut down AVG last scan so I finally shut it down and re scanned
ComboFix 10-03-06.04 - Potters Trucking 03/07/2010 0:06.3.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.703.470 [GMT -5:00]
Running from: c:\documents and settings\Potters Trucking\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.

2010-03-06 08:40 . 2010-03-06 08:40 -------- d-----w- C:\$AVG
2010-03-06 06:12 . 2010-02-28 19:33 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-06 06:12 . 2010-02-28 19:33 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-06 02:54 . 2010-03-06 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-03-03 00:20 . 2010-03-03 00:20 -------- d-----w- C:\FOUND.013
2010-03-02 23:46 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 23:46 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 02:25 . 2010-03-02 02:25 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Malwarebytes
2010-03-02 02:25 . 2010-03-02 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-02 01:28 . 2010-03-02 01:28 -------- d-----w- C:\FOUND.012
2010-02-28 21:08 . 2010-02-28 21:08 -------- d-----w- C:\FOUND.011
2010-02-28 19:34 . 2010-02-28 19:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-28 19:34 . 2010-02-28 19:34 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-28 19:34 . 2010-02-28 19:34 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-28 19:34 . 2010-02-28 19:34 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-28 19:33 . 2010-02-28 19:33 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-28 19:33 . 2010-02-28 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-20 19:30 . 2010-02-20 19:30 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\vlc
2010-02-20 05:46 . 2010-02-20 05:46 623152 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-20 00:10 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-20 00:10 . 2007-05-17 22:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2010-02-20 00:10 . 2006-04-05 13:09 66560 ----a-w- c:\windows\MOTA113.exe
2010-02-20 00:10 . 2005-07-14 17:31 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2010-02-20 00:10 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-20 00:10 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-02-20 00:10 . 2005-02-28 18:16 240128 ----a-w- c:\windows\system32\x.264.exe
2010-02-20 00:10 . 2006-10-07 22:43 502784 ----a-w- c:\windows\x2.64.exe
2010-02-20 00:10 . 2006-04-12 14:47 217073 ----a-w- c:\windows\meta4.exe
2010-02-20 00:10 . 2004-09-15 22:29 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-20 00:09 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-02-17 03:11 . 2010-02-17 03:11 -------- d-----w- C:\FOUND.009
2010-02-16 15:30 . 2010-02-16 15:30 -------- d-----w- C:\FOUND.008
2010-02-13 14:00 . 2010-02-13 14:00 3584 ----a-r- c:\documents and settings\Potters Trucking\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-13 14:00 . 2010-02-13 14:00 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-02-07 18:50 . 2010-02-07 18:50 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Leadertech
2010-02-07 18:39 . 2010-02-07 18:39 -------- d-----w- C:\Profiles
2010-02-06 04:04 . 2010-02-09 23:14 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 03:18 . 2009-10-11 02:19 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-02-20 15:20 . 2010-02-20 15:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-09 00:16 . 2006-12-22 12:35 116664 ----a-w- c:\documents and settings\Potters Trucking\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 18:00 . 2010-02-20 15:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-02 02:57 . 2010-02-02 02:57 -------- d-----w- c:\program files\iPod
2010-02-02 02:57 . 2010-02-02 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-31 14:18 . 2010-01-31 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-01-24 00:59 . 2010-01-24 00:59 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\MozillaControl
2010-01-24 00:59 . 2010-01-24 00:59 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-17 17:02 . 2009-10-12 20:15 112354 ----a-w- c:\windows\hpoins07.dat
2010-01-17 07:56 . 2010-01-17 07:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-01-17 07:52 . 2010-01-17 07:51 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Macrovision
2010-01-17 07:41 . 2010-01-17 07:41 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Roxio
2010-01-17 01:43 . 2010-01-17 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Uninstall
2010-01-17 01:39 . 2010-01-17 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\CinemaNow
2010-01-17 01:39 . 2010-01-17 01:39 -------- d-----w- c:\program files\CinemaNow
2010-01-17 01:37 . 2010-01-17 01:37 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Simple Star
2010-01-17 01:37 . 2010-01-17 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoShow Shared Assets
2010-01-17 01:37 . 2010-01-17 01:37 -------- d-----w- c:\program files\Roxio
2010-01-17 01:22 . 2010-01-17 01:22 10134 ----a-r- c:\documents and settings\Potters Trucking\Application Data\Microsoft\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
2010-01-16 21:22 . 2010-01-16 21:22 -------- d-----w- c:\program files\SmartSound Software
2010-01-16 21:22 . 2010-01-16 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-01-16 21:08 . 2010-01-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-16 21:08 . 2010-01-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2010-01-16 21:07 . 2010-01-16 21:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-16 21:00 . 2010-01-16 21:00 -------- d-----w- c:\program files\MSBuild
2010-01-16 21:00 . 2010-01-16 21:00 -------- d-----w- c:\program files\Reference Assemblies
2010-01-16 20:51 . 2010-01-16 20:51 -------- d-----w- c:\program files\MSXML 6.0
2010-01-16 19:15 . 2010-01-16 19:15 -------- d-----w- c:\documents and settings\Potters Trucking\Application Data\Roxio Log Files
2010-01-12 00:52 . 2010-01-12 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-12-20 14:23 . 2009-12-20 14:22 152576 ----a-w- c:\documents and settings\Potters Trucking\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-20 14:22 . 2009-12-20 14:22 79488 ----a-w- c:\documents and settings\Potters Trucking\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-12 14:15 . 2010-02-20 15:20 178176 ----a-w- c:\windows\system32\unrar.dll
2006-05-03 09:06 . 2010-02-20 00:09 163328 --sh--r- c:\windows\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-15 68856]
"AlcoholAutomount"="d:\alcohol 120\axcmd.exe" [2008-05-20 4608]
"SpybotSD TeaTimer"="d:\spybot\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 88363]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 339968]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2004-09-03 495616]
"Dit"="Dit.exe" [2003-12-30 94208]
"LogMeIn GUI"="d:\logmein\x86\LogMeInSystray.exe" [2007-04-17 63048]
"UnlockerAssistant"="d:\unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"HP Software Update"="d:\hp software update\HPWuSchd2.exe" [2005-05-12 49152]
"CPMonitor"="d:\roxio\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="d:\roxio\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"QuickTime Task"="d:\quicktime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinScheduler.lnk - d:\windvr3\SchSvr.exe [2010-1-11 155648]
InterVideo WinCinema Manager.lnk - d:\common\Bin\WinCinemaMgr.exe [2010-1-11 131072]
HP Image Zone Fast Start.lnk - d:\digital imaging\bin\hpqthb08.exe [2005-5-11 73728]
HP Digital Imaging Monitor.lnk - d:\digital imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-28 19:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-05 15:12 87352 ------w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"\\\\acer-d3e20d0d7f\\d drive (d)\\LimeWire\\LimeWire.exe"=
"d:\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\UTorrents\\uTorrent.exe"=
"\\\\Acer-d3e20d0d7f\\d drive (d)\\VLC Media Player\\VLC\\vlc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Roxio\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"d:\\VLC Media Player\\VLC\\vlc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\ItUNES\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [12/22/2006 7:27 AM 5632]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [1/16/2010 8:40 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [1/16/2010 8:40 PM 15856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/28/2010 2:34 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/28/2010 2:34 PM 360584]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [1/16/2010 8:40 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/28/2010 2:33 PM 285392]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\logmein\x86\rainfo.sys [6/19/2007 8:00 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/19/2007 9:00 PM 47640]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [1/1/1980 160896]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/4/2008 5:21 PM 716272]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [1/11/2010 7:25 PM 18580]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [1/11/2010 7:47 PM 50258]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [10/10/2009 9:19 PM 13440]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11/4/2007 10:02 AM 42112]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656]
S3 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-03-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 21:28]

2010-02-21 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2009-06-24 02:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: cinemanow.com
Trusted Zone: motorola.com\idenupdate
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
FF - ProfilePath - c:\documents and settings\Potters Trucking\Application Data\Mozilla\Firefox\Profiles\9rt3sa2b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: d:\quicktime\Plugins\npqtplugin7.dll
FF - plugin: d:\vlc media player\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 00:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(1128)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
d:\microsoft office\OFFICE11\msohev.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-03-07 00:17:37
ComboFix-quarantined-files.txt 2010-03-07 05:17
ComboFix2.txt 2010-03-07 03:23
ComboFix3.txt 2010-03-06 05:11

Pre-Run: 2,247,180,288 bytes free
Post-Run: 2,233,384,960 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 015A8CE385A2852BB5FE14CEAA8F1745

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE

You now have a clean restore point, to get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

FOR THOSE OF YOU VIEWING THIS POST CHECK OUT THE RESULTS
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
TuneUp Utilities 2009
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````
Thank you DragonMaster Jay and the whole team at GeekPolice.

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: http://www.GeekPolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm

===

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

====

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

No I haven't anymore questions because you have answered them all.
Once again Thank you for your skills in solving my problem and hopefully preventing future ones.I appreciate all that you have done for me and my computer/files.
DragonMaster Jay you are without a doubt a professional in your field.
I'm not in a position to donate but I have added a link on 1 of my sites in hopes of driving some traffic your way . fulltruckereffect.com and I will be adding this link to all my future sites being hosted by my site.
Thanks .........

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 9.0
Online Armor 4.0
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
TuneUp Utilities 2009
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

39 updates complete , I thought service pack 3 was included guess I need to go back again.

yadad wrote:

No I haven't anymore questions because you have answered them all.
Once again Thank you for your skills in solving my problem and hopefully preventing future ones.I appreciate all that you have done for me and my computer/files.
DragonMaster Jay you are without a doubt a professional in your field.
I'm not in a position to donate but I have added a link on 1 of my sites in hopes of driving some traffic your way . fulltruckereffect.com and I will be adding this link to all my future sites being hosted by my site.
Thanks .........

You're welcome. Thanks for the comments.