help unknown virus infection

at first when i would double click on the drive letter in my computer and get a windows error recycler\*******.com was not found
i got that to stop but now my antivirus is disabled and i can not access the windows update website it gets redirected to a google looking page
i followed some other posts and have dss log file and the virus scan report already


please help

ok i have never used a forum before but when i try to post the dds report it says the reply is to big

Use more than one post, break it up into 2 or 3 posts.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nick at 11:21:09.20 on Sat 03/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.642 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nick\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 7.0\SCIEPlgn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: NameServer = 85.255.112.156,85.255.112.129
TCP: {CFAF05F6-D208-4358-97FC-63D9051711A0} = 85.255.112.156,85.255.112.129
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\aszmp3s6.default\
FF - prefs.js: browser.startup.homepage - www.pogo.com
FF - plugin: c:\documents and settings\all users.windows\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\ksolo\npAVX.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2007-10-31 110096]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-21 11608]
R1 klif;Klif;c:\windows\system32\drivers\klif.sys [2007-12-28 195344]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-21 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-21 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-21 55640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-12 98488]

=============== Created Last 30 ================

2009-03-21 11:08 --d----- C:\_OTMoveIt
2009-03-21 00:36 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-21 00:36 --d----- c:\program files\Avira
2009-03-21 00:36 --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-03-20 23:57 4,640 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-20 23:57 2,504 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-20 23:57 32 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-20 23:57 32 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-20 18:33 91,700 a------- c:\windows\system32\drivers\klin.dat
2009-03-20 18:33 85,860 a------- c:\windows\system32\drivers\klick.dat
2009-03-20 18:33 --d----- c:\program files\Kaspersky Lab
2009-03-20 18:33 --d----- c:\docume~1\alluse~1.win\applic~1\Kaspersky Lab
2009-03-20 18:32 --d----- C:\kav
2009-03-20 15:59 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-20 15:59 --d----- c:\docume~1\nick\applic~1\HouseCall 6.6
2009-03-20 00:02 --d----- c:\program files\Hunting Unlimited 2009
2009-03-19 22:02 52,736 a------- c:\windows\ipuninst.exe
2009-03-19 21:57 --d----- c:\windows\system32\appmgmt
2009-03-19 14:11 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-03-19 14:11 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-03-19 14:08 --d----- c:\program files\Global Star
2009-03-19 12:00 516,096 -------- c:\windows\system32\ati2sgag.exe
2009-03-19 11:54 294,912 a----r-- c:\windows\system32\atiiiexx.dll
2009-03-19 11:54 131,072 a----r-- c:\windows\system32\ATIDEMGR.dll
2009-03-19 11:40 10 a------- c:\windows\WININIT.INI
2009-03-19 00:37 --d----- c:\program files\Wheel Of Fortune 2
2009-03-19 00:34 --d----- c:\docume~1\nick\applic~1\Ludia
2009-03-19 00:34 --d----- c:\docume~1\alluse~1.win\applic~1\Ludia
2009-03-19 00:33 --d----- c:\docume~1\nick\applic~1\UNOUndercover
2009-03-19 00:30 --d----- c:\windows\Alice Greenfingers 2
2009-03-19 00:30 --d----- c:\program files\Alice Greenfingers 2
2009-03-19 00:30 --d----- c:\windows\Hell's Kitchen
2009-03-19 00:30 --d----- c:\program files\Hell's Kitchen
2009-03-18 21:56 --d----- c:\docume~1\alluse~1.win\applic~1\n7-89-o9-3r-4t-r9
2009-03-18 21:55 --d----- c:\docume~1\nick\applic~1\GameHouse
2009-03-18 21:55 3,448 a------- c:\windows\system32\a
2009-03-18 20:11 --d----- c:\docume~1\alluse~1.win\applic~1\FreshGames
2009-03-18 20:11 --d----- c:\windows\Ranch Rush
2009-03-18 20:11 --d----- c:\program files\Ranch Rush
2009-03-18 17:17 --d----- c:\docume~1\alluse~1.win\applic~1\Cabela's Big Game Hunter - Alaskan Adventure Saves
2009-03-18 17:14 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-03-18 16:45 --d----- c:\windows\Are You Smarter Than A 5th Grader Make The Grade
2009-03-18 16:45 --d----- c:\program files\Are You Smarter Than A 5th Grader Make The Grade
2009-03-17 14:36 306,688 a------- c:\windows\IsUninst.exe
2009-03-17 13:06 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-17 13:04 0 a------- c:\windows\vpd.properties
2009-03-17 11:51 --d----- c:\docume~1\alluse~1.win\applic~1\FarmFrenzy2
2009-03-17 11:51 --d----- c:\windows\Farm Frenzy 2
2009-03-17 11:51 --d----- c:\program files\Farm Frenzy 2
2009-03-17 11:50 --d----- c:\docume~1\alluse~1.win\applic~1\FarmFrenzy-PizzaParty
2009-03-17 11:47 --d----- c:\program files\Farm Frenzy Pizza Party
2009-03-17 11:44 86,016 a------- c:\windows\unvise32qt.exe
2009-03-17 11:43 607 a------- c:\windows\system32\QuickTime.qtp
2009-03-17 11:43 --d----- c:\windows\system32\QuickTime
2009-03-17 11:15 69 a------- c:\windows\NeroDigital.ini
2009-03-17 11:07 --d----- c:\docume~1\alluse~1.win\applic~1\LightScribe
2009-03-17 11:01 --d----- c:\docume~1\alluse~1.win\applic~1\Nero
2009-03-17 10:41 --d----- c:\program files\Mystery Case Files Return to Ravenhearst
2009-03-17 10:30 --d----- c:\program files\Mystery Case Files - Ravenhearst
2009-03-16 22:01 --d----- c:\docume~1\nick\applic~1\Boomzap
2009-03-15 18:17 --d----- c:\docume~1\alluse~1.win\applic~1\Playrix Entertainment
2009-03-15 16:20 --d----- c:\docume~1\nick\applic~1\EA
2009-03-15 16:20 --d----- c:\docume~1\alluse~1.win\applic~1\EA
2009-03-15 16:19 --d----- c:\docume~1\alluse~1.win\applic~1\Trymedia
2009-03-15 16:19 --d----- c:\program files\Yahoo! Games
2009-03-15 13:57 13 a------- c:\windows\popcinfo.dat
2009-03-15 13:20 --d----- c:\program files\TryMedia
2009-03-15 13:20 --d----- c:\program files\PopCap Games
2009-03-14 10:56 1,089,601 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-13 20:14 --d----- c:\documents and settings\nick\Saved Games
2009-03-13 20:14 --d----- c:\docume~1\nick\applic~1\Flood Light Games
2009-03-13 20:14 --d----- c:\docume~1\alluse~1.win\applic~1\Flood Light Games
2009-03-13 17:09 --d----- c:\windows\system32\CatRoot_bak
2009-03-13 16:59 --d----- c:\windows\system32\XPSViewer
2009-03-13 16:58 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-13 16:58 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-13 16:58 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-13 16:58 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-13 16:58 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-13 16:58 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-13 16:58 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-13 16:53 1,197,294 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-03-13 16:53 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-03-13 16:53 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-03-13 16:48 128,896 -c------ c:\windows\system32\dllcache\fltmgr.sys
2009-03-13 16:48 23,040 -c------ c:\windows\system32\dllcache\fltmc.exe
2009-03-13 16:48 16,896 -c------ c:\windows\system32\dllcache\fltlib.dll
2009-03-13 16:46 --d----- c:\windows\system32\URTTemp
2009-03-13 16:09 584,192 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-03-12 22:02 189,784 a------- c:\windows\system32\PnkBstrB.xtr
2009-03-12 22:01 138,944 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 14:03 --d----- c:\docume~1\nick\applic~1\id Software
2009-03-12 14:01 22,328 a------- c:\docume~1\nick\applic~1\PnkBstrK.sys
2009-03-12 14:01 189,784 a------- c:\windows\system32\PnkBstrB.exe
2009-03-12 14:01 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-12 14:01 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-03-12 14:01 --d----- c:\windows\system32\LogFiles
2009-03-12 14:01 --d----- c:\docume~1\alluse~1.win\applic~1\id Software
2009-03-12 12:36 --d----- c:\program files\common files\DivX Shared
2009-03-12 02:58 --d----- c:\docume~1\nick\applic~1\LimeWire
2009-03-12 01:57 --d----- c:\windows\Logs
2009-03-12 01:57 --d----- c:\program files\SiSoftware
2009-03-11 17:27 --d----- c:\windows\system32\RTCOM
2009-03-11 17:26 --d----- c:\program files\Realtek
2009-03-11 17:08 35,840 a------- c:\windows\system32\RtkCoInstXP.dll
2009-03-11 15:53 --d----- c:\program files\kSolo
2009-03-11 14:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-11 14:39 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-11 14:39 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-11 14:39 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-11 14:39 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-11 14:39 3,060,224 -c------ c:\windows\system32\dllcache\mshtml.dll

2009-03-11 14:37 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-11 14:37 683,520 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-11 14:36 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-03-11 14:34 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-10 16:00 --d----- c:\windows\pss
2009-03-10 15:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-10 15:44 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 15:33 --d----- c:\program files\CardPlayer
2009-03-10 15:33 --d----- c:\docume~1\alluse~1.win\applic~1\CardPlayer
2009-03-10 14:50 --d----- c:\docume~1\alluse~1.win\applic~1\Azureus
2009-03-10 14:50 --d----- c:\docume~1\nick\applic~1\Azureus
2009-03-10 14:23 316,640 a------- c:\windows\WMSysPr9.prx
2009-03-10 14:22 --d----- c:\windows\provisioning
2009-03-10 14:22 --d----- c:\windows\peernet
2009-03-10 14:21 --d----- c:\windows\ServicePackFiles
2009-03-10 14:18 --d----- c:\windows\EHome
2009-03-10 14:16 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-03-10 14:16 11,776 -------- c:\windows\system32\spnpinst.exe
2009-03-10 14:16 7,208 -------- c:\windows\system32\secupd.sig
2009-03-10 14:16 4,569 -------- c:\windows\system32\secupd.dat
2009-03-10 13:59 --d----- C:\ATI
2009-03-10 13:49 --d----- c:\windows\system32\PreInstall
2009-03-10 13:49 --d-h--- c:\windows\$hf_mig$
2009-03-10 13:49 --d----- c:\windows\system32\bits
2009-03-10 13:48 351,232 a------- c:\windows\system32\winhttp.dll
2009-03-10 13:48 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-03-10 13:48 438,784 -------- c:\windows\system32\xpob2res.dll
2009-03-10 13:48 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-03-10 13:48 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-03-10 13:47 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-03-10 13:47 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-03-10 13:47 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-03-10 13:47 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-03-10 13:47 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-10 13:46 --ds---- c:\documents and settings\nick\UserData
2009-03-10 13:46 13,646 a------- c:\windows\system32\wpa.bak
2009-03-10 13:34 241 a------- c:\windows\lexstat.ini
2009-03-10 13:33 299,520 a------- c:\windows\uninst.exe
2009-03-10 13:33 --d----- c:\documents and settings\nick\WINDOWS
2009-03-10 13:29 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-03-10 13:29 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-03-10 13:29 --d----- c:\windows\system32\Lang
2009-03-10 13:27 172,032 a------- c:\windows\system32\dllcache\mssap.dll
2009-03-10 13:27 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-10 13:26 208,896 -------- c:\windows\system32\nvuide.exe
2009-03-10 13:26 1,570 -------- c:\windows\system32\nvide.nvu
2009-03-10 13:26 363,008 a----r-- c:\windows\system32\idecoiins.dll
2009-03-10 13:26 363,008 a----r-- c:\windows\system32\idecoi.dll
2009-03-10 13:26 105,088 a----r-- c:\windows\system32\drivers\nvata.sys
2009-03-10 13:26 35,840 a----r-- c:\windows\system32\NVCOI.DLL
2009-03-10 13:26 --d----- c:\windows\system32\ReinstallBackups
2009-03-10 13:25 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-03-10 13:24 --d----- c:\windows\system32\Tools
2009-03-10 13:21 4,864 a----r-- c:\windows\system32\drivers\PortIo.sys
2009-03-10 13:08 --d----- c:\program files\common files\ATI
2009-03-10 13:08 --d----- c:\program files\common files\CyberLink
2009-03-10 13:06 --d----- c:\program files\common files\Simple Star Shared
2009-03-10 13:06 --d----- c:\program files\common files\SWF Studio
2009-03-10 13:06 --d----- c:\program files\common files\Wise Installation Wizard
2009-03-10 13:06 --d----- c:\program files\DivX
2009-03-10 13:06 --d----- c:\program files\GameHouse
2009-03-10 13:06 --d----- c:\program files\iWin.com Games
2009-03-10 13:05 --d----- c:\program files\Lexmark
2009-03-10 13:05 --d----- c:\program files\Lexmark Z700-P700 Series
2009-03-10 13:05 --d----- c:\program files\LimeWire
2009-03-10 13:04 --d----- c:\program files\Microsoft IntelliPoint
2009-03-10 13:04 --d----- c:\program files\Microsoft IntelliType Pro
2009-03-10 13:03 --d----- c:\program files\MySpace
2009-03-10 13:03 --d----- c:\program files\MSXML 6.0
2009-03-10 13:03 --d----- c:\program files\MSXML 4.0
2009-03-10 13:02 --d----- c:\program files\Nero
2009-03-10 13:01 --d----- c:\program files\On-line Help Console
2009-03-10 13:01 --d----- c:\program files\Oberon Media
2009-03-10 13:01 --d----- c:\program files\PlayFirst
2009-03-10 13:00 --d----- c:\program files\PokerStars.NET
2009-03-10 12:59 --d----- c:\program files\RealArcade
2009-03-10 12:57 --d----- c:\program files\TheLearningPit
2009-03-10 12:57 --d----- c:\program files\Symantec
2009-03-10 12:57 --d----- c:\program files\Shockwave.com
2009-03-10 12:57 --d----- c:\program files\Vuze
2009-03-10 12:57 --d----- c:\program files\Windows Media Components
2009-03-10 12:57 --d----- c:\program files\Windows Media Connect 2
2009-03-10 12:41 162,304 a------- c:\documents and settings\nick\lame_enc_en.dll
2009-03-10 12:41 53,248 a------- c:\documents and settings\nick\lametritonus_en.dll
2009-03-10 12:38 --d----- c:\program files\Yahoo!
2009-03-10 12:31 --ds---- c:\windows\system32\Microsoft
2009-03-10 12:30 --dsh--- c:\windows\Installer
2009-03-10 12:30 --d----- c:\documents and settings\Nick
2009-03-10 12:29 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-10 12:27 26,112 ac------ c:\windows\system32\dllcache\EXCH_seos.dll
2009-03-10 12:26 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-03-10 12:26 --dsh--- c:\documents and settings\all users.windows\DRM
2009-03-10 12:25 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-10 12:24 --d----- c:\program files\common files\MSSoap
2009-03-10 12:24 --d-h--- c:\program files\WindowsUpdate
2009-03-10 12:24 --d----- c:\program files\Online Services
2009-03-10 12:24 --d----- c:\program files\Messenger
2009-03-10 12:24 --d----- c:\program files\MSN Gaming Zone
2009-03-10 12:23 --d----- c:\program files\Windows NT
2009-03-10 06:19 --d----- c:\program files\common files\ODBC
2009-03-10 06:19 --d----- c:\program files\common files\SpeechEngines
2009-03-10 06:19 --d--r-- c:\documents and settings\all users.windows\Documents

==================== Find3M ====================

2009-03-10 14:25 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-10 12:24 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-04 17:58 5,045,760 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-02 16:01 17,530,368 a------- c:\windows\RTHDCPL.EXE
2009-03-02 11:14 57,344 a------- c:\windows\ALCMTR.EXE
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-26 20:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-26 20:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-01-26 20:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-26 20:35 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-01-26 20:35 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-26 20:35 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-26 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-26 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-26 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-26 20:34 684,032 a------- c:\windows\system32\DivX.dll
2009-01-21 15:54 1,206,816 a------- c:\windows\RtlUpd.exe
2008-07-19 08:44 5,696 a------- c:\program files\install.log

============= FINISH: 11:21:21.14 ===============

here is the virus scan



Avira AntiVir Personal
Report file date: Saturday, March 21, 2009 00:39

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 3/11/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 2/24/2009 17:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 12:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 19:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 22:36:42
AEscript.DLL : 8.1.1.56 352634 Bytes 2/27/2009 01:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 16:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 18:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 20:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 18:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 19:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 2/9/2009 12:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 3/11/2009 20:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, March 21, 2009 00:39

Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
c:\windows\system32\gaopdxcounter
[INFO] The file is not visible.
[NOTE] A backup was created as '4a337e4f.qua' ( QUARANTINE )
c:\windows\system32\gaopdxwyktlidmtaovmqjpbibsblmompeosrqo.dll
[INFO] The file is not visible.
[NOTE] A backup was created as '4b46a100.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxeqalkmovxymevsegbpaaossvqbasbnrb.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4b4b7960.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxipbasbpcbqhowbmqerqhevtmdxvrbfam.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4b495140.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxkmxbfpyymsnnvxvagyfwigmprqpxmjxi.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4b4f28a0.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxmtamemxgfthkmyfwopubwesiqfppdwkr.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4b4d0080.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxqxfmneoacrdlltaamwrrivjimpbfyrxf.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4bb3d8e0.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxtimivxbqpuyqtnyvmfagxnpqxvkbwmwu.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4bb1b0c0.qua' ( QUARANTINE )
c:\windows\system32\drivers\gaopdxxorcvnftiqxerqiuxtapmqxvhemuoqno.sys
[INFO] The file is not visible.
[NOTE] A backup was created as '4e37f1e8.qua' ( QUARANTINE )
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys\group
[INFO] The registry entry is invisible.
'46007' objects were checked, '14' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Nick\Desktop\Azureus Downloads\Bigfishgames-Mystery Case Files_Return to Ravenhearst.rar
[0] Archive type: RAR
--> Mystery Case Files_Return to Ravenhearst.exe
[DETECTION] Contains recognition pattern of the DR/Hcktl.Hammer.A.3 dropper
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\6B81UN6R\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Alice Greenfingers 2\AliceGreenfingers2.exe
[DETECTION] Is the TR/Agent.1127758.A Trojan
C:\Program Files\Mystery Case Files Return to Ravenhearst\Mystery Case Files_Return to Ravenhearst.exe
[DETECTION] Is the TR/Hcktl.Hammer.A.2 Trojan
C:\System Volume Information\_restore{305CD94D-E85B-4D5E-A4F9-A5B21316FE2B}\RP40\A0019161.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{305CD94D-E85B-4D5E-A4F9-A5B21316FE2B}\RP44\A0019507.exe
[DETECTION] Is the TR/Hcktl.Hammer.A.2 Trojan
C:\System Volume Information\_restore{305CD94D-E85B-4D5E-A4F9-A5B21316FE2B}\RP47\A0019766.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.aaju dropper
C:\WINDOWS\alllzh.exe
[DETECTION] Is the TR/Hcktl.Hammer.A.2 Trojan
C:\WINDOWS\system32\kek.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.aajt dropper
C:\WINDOWS\system32\mpxa.exe
[DETECTION] Is the TR/3Proxy.41984 Trojan
Begin scan in 'D:\'
D:\mp3z\Leona Lewis - Spirit [Full Album] (2008)\008-leona_lewis-the_first_time_ever_i_saw_your_face.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit

Beginning disinfection:
C:\Documents and Settings\Nick\Desktop\Azureus Downloads\Bigfishgames-Mystery Case Files_Return to Ravenhearst.rar
[NOTE] The file was moved to '4a2b8692.qua'!
C:\Program Files\Alice Greenfingers 2\AliceGreenfingers2.exe
[DETECTION] Is the TR/Agent.1127758.A Trojan
[NOTE] The file was moved to '4a2d86ac.qua'!
C:\Program Files\Mystery Case Files Return to Ravenhearst\Mystery Case Files_Return to Ravenhearst.exe
[DETECTION] Is the TR/Hcktl.Hammer.A.2 Trojan
[NOTE] The file was moved to '4a3786b9.qua'!
C:\System Volume Information\_restore{305CD94D-E85B-4D5E-A4F9-A5B21316FE2B}\RP40\A0019161.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49f48671.qua'!
C:\System Volume Information\_restore{305CD94D-E85B-4D5E-A4F9-A5B21316FE2B}\RP44\A0019507.exe
[DETECTION] Is the TR/Hcktl.Hammer.A.2 Trojan
[NOTE] The file was moved to '49f48673.qua'!
C:\System Volume Information\_restore{305CD94D-E85B-4D5E-A4F9-A5B21316FE2B}\RP47\A0019766.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.aaju dropper
[NOTE] The file was moved to '488ea964.qua'!
C:\WINDOWS\alllzh.exe
[DETECTION] Is the TR/Hcktl.Hammer.A.2 Trojan
[NOTE] The file was moved to '4a3086af.qua'!
C:\WINDOWS\system32\kek.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.aajt dropper
[NOTE] The file was moved to '4a2f86a8.qua'!
C:\WINDOWS\system32\mpxa.exe
[DETECTION] Is the TR/3Proxy.41984 Trojan
[NOTE] The file was moved to '4a3c86b3.qua'!
D:\mp3z\Leona Lewis - Spirit [Full Album] (2008)\008-leona_lewis-the_first_time_ever_i_saw_your_face.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49fc8673.qua'!


End of the scan: Saturday, March 21, 2009 01:16
Used time: 36:04 Minute(s)

The scan has been done completely.

6218 Scanned directories
324099 Files were scanned
10 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
19 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
324088 Files not concerned
1676 Archives were scanned
3 Warnings
20 Notes
46007 Objects were scanned with rootkit scan
14 Hidden objects were found

Hello.

There is so many problems right now.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\mpxa.exe
C:\WINDOWS\system32\kek.exe
C:\WINDOWS\alllzh.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxwyktlidmtaovmqjpbibsblmompeosrqo.dll
c:\windows\system32\drivers\gaopdxeqalkmovxymevsegbpaaossvqbasbnrb.sys
c:\windows\system32\drivers\gaopdxipbasbpcbqhowbmqerqhevtmdxvrbfam.sys
c:\windows\system32\drivers\gaopdxkmxbfpyymsnnvxvagyfwigmprqpxmjxi.sys
c:\windows\system32\drivers\gaopdxmtamemxgfthkmyfwopubwesiqfppdwkr.sys
c:\windows\system32\drivers\gaopdxqxfmneoacrdlltaamwrrivjimpbfyrxf.sys
c:\windows\system32\drivers\gaopdxtimivxbqpuyqtnyvmfagxnpqxvkbwmwu.sys
c:\windows\system32\drivers\gaopdxxorcvnftiqxerqiuxtapmqxvhemuoqno.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sat Mar 21 12:15:05 2009

12:15:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sat Mar 21 12:15:35 2009

12:15:35: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Sat Mar 21 12:15:47 2009

12:15:47: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxtimivxbqpuyqtnyvmfagxnpqxvkbwmwu.sys
Start Type: 1 (System)

Rootkit scan completed.


Error: file "C:\WINDOWS\system32\mpxa.exe" not found!
Deletion of file "C:\WINDOWS\system32\mpxa.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\kek.exe" not found!
Deletion of file "C:\WINDOWS\system32\kek.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\alllzh.exe" not found!
Deletion of file "C:\WINDOWS\alllzh.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\gaopdxcounter" deleted successfully.
File "c:\windows\system32\gaopdxwyktlidmtaovmqjpbibsblmompeosrqo.dll" deleted successfully.
File "c:\windows\system32\drivers\gaopdxeqalkmovxymevsegbpaaossvqbasbnrb.sys" deleted successfully.
File "c:\windows\system32\drivers\gaopdxipbasbpcbqhowbmqerqhevtmdxvrbfam.sys" deleted successfully.
File "c:\windows\system32\drivers\gaopdxkmxbfpyymsnnvxvagyfwigmprqpxmjxi.sys" deleted successfully.
File "c:\windows\system32\drivers\gaopdxmtamemxgfthkmyfwopubwesiqfppdwkr.sys" deleted successfully.
File "c:\windows\system32\drivers\gaopdxqxfmneoacrdlltaamwrrivjimpbfyrxf.sys" deleted successfully.
File "c:\windows\system32\drivers\gaopdxtimivxbqpuyqtnyvmfagxnpqxvkbwmwu.sys" deleted successfully.
File "c:\windows\system32\drivers\gaopdxxorcvnftiqxerqiuxtapmqxvhemuoqno.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

You are running an old version of Hijack This, and we need to use the new version before we can do anything else.

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:06 PM, on 3/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFAF05F6-D208-4358-97FC-63D9051711A0}: NameServer = 85.255.112.156,85.255.112.129
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.156,85.255.112.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.156,85.255.112.129
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe

--
End of file - 3654 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O17 - HKLM\System\CCS\Services\Tcpip\..\{CFAF05F6-D208-4358-97FC-63D9051711A0}: NameServer = 85.255.112.156,85.255.112.129
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.156,85.255.112.129
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.156,85.255.112.129
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

I want to see what's installed.

• Open HijackThis again.
  
• Click "Open the Misc Tools section"
  
• Click "Open Uninstall Manager"
  
• Click "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

4 Elements (remove only)
Adobe Flash Player 10 Plugin
Alchemy Deluxe 1.5y
Alice Greenfingers 2
Are You Smarter Than A 5th Grader Make The Grade
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Casino Island To Go
Critical Update for Windows Media Player 11 (KB959772)
Deal or No Deal
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Farm Frenzy 2
Hell's Kitchen
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HouseCall 6.6
Hunting Unlimited 2009 1.0
Java(TM) 6 Update 12
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
kSolo Recorder
Lexmark Photo Center
Lexmark Z700-P700 Series
LightScribe System Software 1.10.16.1
LimeWire 5.1.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Mystery Case Files - Ravenhearst 1.00
Nero 8 Essentials
neroxml
NVIDIA Drivers
On-line Help Console
Orchard
PunkBuster Services
Quake Live Mozilla Plugin
QuickTime
Ranch Rush
Realtek High Definition Audio Driver
Restaurant Rush (remove only)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SiSoftware Sandra Lite 2009.SP2
SpadeClub Poker
UNO - Undercover
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Womens Murder Club 2 BONUS

Hello.

You are running two AV's, this is a bad idea as they can conflict and cause problems. I see Avira and Kaspersky.
I would recommend that you remove Symantec to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• Kaspersky Anti-Virus 7.0
  
• Kaspersky Anti-Virus 7.0
  

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.
Should you choose to remove them, but you are having trouble doing so, please let me know in your next post here and I will aid you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

• LimeWire 5.1.2
  

Then please find and delete this folder in bold (if present):
C:\Program Files\Limewire

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.34
Database version: 1882
Windows 5.1.2600 Service Pack 2

3/21/2009 1:02:56 PM
mbam-log-2009-03-21 (13-02-56).txt

Scan type: Quick Scan
Objects scanned: 69130
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\IXYRQRML\License.v.3[2].exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nick\Desktop\avenger.exe (Rogue.Installer) -> Quarantined and deleted successfully.

Hello.
Please run DDS again now and post the new log.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nick at 13:24:05.34 on Sat 03/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.630 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Nick\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nick\applic~1\mozilla\firefox\profiles\aszmp3s6.default\
FF - prefs.js: browser.startup.homepage - www.pogo.com
FF - plugin: c:\documents and settings\all users.windows\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\program files\ksolo\npAVX.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-21 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-21 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-21 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-21 55640]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-3-11 1684736]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-3-12 98488]

=============== Created Last 30 ================

2009-03-21 12:57 --d----- c:\docume~1\nick\applic~1\Malwarebytes
2009-03-21 12:57 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 12:57 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 12:57 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 12:57 --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-03-21 11:22 --d----- c:\program files\Trend Micro
2009-03-21 11:08 --d----- C:\_OTMoveIt
2009-03-21 00:36 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-03-21 00:36 --d----- c:\program files\Avira
2009-03-21 00:36 --d----- c:\docume~1\alluse~1.win\applic~1\Avira
2009-03-20 18:32 --d----- C:\kav
2009-03-20 15:59 138,384 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-20 15:59 --d----- c:\docume~1\nick\applic~1\HouseCall 6.6
2009-03-20 00:02 --d----- c:\program files\Hunting Unlimited 2009
2009-03-19 22:02 52,736 a------- c:\windows\ipuninst.exe
2009-03-19 21:57 --d----- c:\windows\system32\appmgmt
2009-03-19 14:11 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-03-19 14:11 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-03-19 14:08 --d----- c:\program files\Global Star
2009-03-19 12:00 516,096 -------- c:\windows\system32\ati2sgag.exe
2009-03-19 11:54 294,912 a----r-- c:\windows\system32\atiiiexx.dll
2009-03-19 11:54 131,072 a----r-- c:\windows\system32\ATIDEMGR.dll
2009-03-19 11:40 10 a------- c:\windows\WININIT.INI
2009-03-19 00:37 --d----- c:\program files\Wheel Of Fortune 2
2009-03-19 00:34 --d----- c:\docume~1\nick\applic~1\Ludia
2009-03-19 00:34 --d----- c:\docume~1\alluse~1.win\applic~1\Ludia
2009-03-19 00:33 --d----- c:\docume~1\nick\applic~1\UNOUndercover
2009-03-19 00:30 --d----- c:\windows\Alice Greenfingers 2
2009-03-19 00:30 --d----- c:\program files\Alice Greenfingers 2
2009-03-19 00:30 --d----- c:\windows\Hell's Kitchen
2009-03-19 00:30 --d----- c:\program files\Hell's Kitchen
2009-03-18 21:56 --d----- c:\docume~1\alluse~1.win\applic~1\n7-89-o9-3r-4t-r9
2009-03-18 21:55 --d----- c:\docume~1\nick\applic~1\GameHouse
2009-03-18 21:55 3,448 a------- c:\windows\system32\a
2009-03-18 20:11 --d----- c:\docume~1\alluse~1.win\applic~1\FreshGames
2009-03-18 20:11 --d----- c:\windows\Ranch Rush
2009-03-18 20:11 --d----- c:\program files\Ranch Rush
2009-03-18 17:17 --d----- c:\docume~1\alluse~1.win\applic~1\Cabela's Big Game Hunter - Alaskan Adventure Saves
2009-03-18 17:14 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-03-18 16:45 --d----- c:\windows\Are You Smarter Than A 5th Grader Make The Grade
2009-03-18 16:45 --d----- c:\program files\Are You Smarter Than A 5th Grader Make The Grade
2009-03-17 14:36 306,688 a------- c:\windows\IsUninst.exe
2009-03-17 13:06 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-03-17 13:04 0 a------- c:\windows\vpd.properties
2009-03-17 11:51 --d----- c:\docume~1\alluse~1.win\applic~1\FarmFrenzy2
2009-03-17 11:51 --d----- c:\windows\Farm Frenzy 2
2009-03-17 11:51 --d----- c:\program files\Farm Frenzy 2
2009-03-17 11:50 --d----- c:\docume~1\alluse~1.win\applic~1\FarmFrenzy-PizzaParty
2009-03-17 11:47 --d----- c:\program files\Farm Frenzy Pizza Party
2009-03-17 11:44 86,016 a------- c:\windows\unvise32qt.exe
2009-03-17 11:43 607 a------- c:\windows\system32\QuickTime.qtp
2009-03-17 11:43 --d----- c:\windows\system32\QuickTime
2009-03-17 11:15 69 a------- c:\windows\NeroDigital.ini
2009-03-17 11:07 --d----- c:\docume~1\alluse~1.win\applic~1\LightScribe
2009-03-17 11:01 --d----- c:\docume~1\alluse~1.win\applic~1\Nero
2009-03-17 10:41 --d----- c:\program files\Mystery Case Files Return to Ravenhearst
2009-03-17 10:30 --d----- c:\program files\Mystery Case Files - Ravenhearst
2009-03-16 22:01 --d----- c:\docume~1\nick\applic~1\Boomzap
2009-03-15 18:17 --d----- c:\docume~1\alluse~1.win\applic~1\Playrix Entertainment
2009-03-15 16:20 --d----- c:\docume~1\nick\applic~1\EA
2009-03-15 16:20 --d----- c:\docume~1\alluse~1.win\applic~1\EA
2009-03-15 16:19 --d----- c:\docume~1\alluse~1.win\applic~1\Trymedia
2009-03-15 16:19 --d----- c:\program files\Yahoo! Games
2009-03-15 13:57 13 a------- c:\windows\popcinfo.dat
2009-03-15 13:20 --d----- c:\program files\TryMedia
2009-03-15 13:20 --d----- c:\program files\PopCap Games
2009-03-14 10:56 1,089,601 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-13 20:14 --d----- c:\documents and settings\nick\Saved Games
2009-03-13 20:14 --d----- c:\docume~1\nick\applic~1\Flood Light Games
2009-03-13 20:14 --d----- c:\docume~1\alluse~1.win\applic~1\Flood Light Games
2009-03-13 17:09 --d----- c:\windows\system32\CatRoot_bak
2009-03-13 16:59 --d----- c:\windows\system32\XPSViewer
2009-03-13 16:58 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-13 16:58 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-13 16:58 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-13 16:58 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-13 16:58 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-13 16:58 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-13 16:58 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-13 16:53 1,197,294 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-03-13 16:53 764,868 -c------ c:\windows\system32\dllcache\apph_sp.sdb
2009-03-13 16:53 217,118 -c------ c:\windows\system32\dllcache\apphelp.sdb
2009-03-13 16:48 128,896 -c------ c:\windows\system32\dllcache\fltmgr.sys
2009-03-13 16:48 23,040 -c------ c:\windows\system32\dllcache\fltmc.exe
2009-03-13 16:48 16,896 -c------ c:\windows\system32\dllcache\fltlib.dll
2009-03-13 16:46 --d----- c:\windows\system32\URTTemp
2009-03-13 16:09 584,192 -c------ c:\windows\system32\dllcache\rpcrt4.dll
2009-03-12 22:02 189,784 a------- c:\windows\system32\PnkBstrB.xtr
2009-03-12 22:01 138,944 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 14:03 --d----- c:\docume~1\nick\applic~1\id Software
2009-03-12 14:01 22,328 a------- c:\docume~1\nick\applic~1\PnkBstrK.sys
2009-03-12 14:01 189,784 a------- c:\windows\system32\PnkBstrB.exe

2009-03-12 14:01 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-12 14:01 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-03-12 14:01 --d----- c:\windows\system32\LogFiles
2009-03-12 14:01 --d----- c:\docume~1\alluse~1.win\applic~1\id Software
2009-03-12 12:36 --d----- c:\program files\common files\DivX Shared
2009-03-12 02:58 --d----- c:\docume~1\nick\applic~1\LimeWire
2009-03-12 01:57 --d----- c:\windows\Logs
2009-03-12 01:57 --d----- c:\program files\SiSoftware
2009-03-11 17:27 --d----- c:\windows\system32\RTCOM
2009-03-11 17:26 --d----- c:\program files\Realtek
2009-03-11 17:08 35,840 a------- c:\windows\system32\RtkCoInstXP.dll
2009-03-11 15:53 --d----- c:\program files\kSolo
2009-03-11 14:41 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-11 14:39 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-11 14:39 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-11 14:39 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-11 14:39 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-11 14:39 3,060,224 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-03-11 14:37 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-11 14:37 683,520 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-11 14:36 247,326 -c------ c:\windows\system32\dllcache\strmdll.dll
2009-03-11 14:34 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-10 16:00 --d----- c:\windows\pss
2009-03-10 15:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-10 15:44 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 15:33 --d----- c:\program files\CardPlayer
2009-03-10 15:33 --d----- c:\docume~1\alluse~1.win\applic~1\CardPlayer
2009-03-10 14:50 --d----- c:\docume~1\alluse~1.win\applic~1\Azureus
2009-03-10 14:50 --d----- c:\docume~1\nick\applic~1\Azureus
2009-03-10 14:23 316,640 a------- c:\windows\WMSysPr9.prx
2009-03-10 14:22 --d----- c:\windows\provisioning
2009-03-10 14:22 --d----- c:\windows\peernet
2009-03-10 14:21 --d----- c:\windows\ServicePackFiles
2009-03-10 14:18 --d----- c:\windows\EHome
2009-03-10 14:16 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-03-10 14:16 11,776 -------- c:\windows\system32\spnpinst.exe
2009-03-10 14:16 7,208 -------- c:\windows\system32\secupd.sig
2009-03-10 14:16 4,569 -------- c:\windows\system32\secupd.dat
2009-03-10 13:59 --d----- C:\ATI
2009-03-10 13:49 --d----- c:\windows\system32\PreInstall
2009-03-10 13:49 --d-h--- c:\windows\$hf_mig$
2009-03-10 13:49 --d----- c:\windows\system32\bits
2009-03-10 13:48 351,232 a------- c:\windows\system32\winhttp.dll
2009-03-10 13:48 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-03-10 13:48 438,784 -------- c:\windows\system32\xpob2res.dll
2009-03-10 13:48 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-03-10 13:48 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-03-10 13:47 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-03-10 13:47 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-03-10 13:47 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-03-10 13:47 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-03-10 13:47 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-10 13:46 --ds---- c:\documents and settings\nick\UserData
2009-03-10 13:46 13,646 a------- c:\windows\system32\wpa.bak
2009-03-10 13:34 241 a------- c:\windows\lexstat.ini
2009-03-10 13:33 299,520 a------- c:\windows\uninst.exe
2009-03-10 13:33 --d----- c:\documents and settings\nick\WINDOWS
2009-03-10 13:29 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-03-10 13:29 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-03-10 13:29 --d----- c:\windows\system32\Lang
2009-03-10 13:27 172,032 a------- c:\windows\system32\dllcache\mssap.dll
2009-03-10 13:27 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-10 13:26 208,896 -------- c:\windows\system32\nvuide.exe
2009-03-10 13:26 1,570 -------- c:\windows\system32\nvide.nvu
2009-03-10 13:26 363,008 a----r-- c:\windows\system32\idecoiins.dll
2009-03-10 13:26 363,008 a----r-- c:\windows\system32\idecoi.dll
2009-03-10 13:26 105,088 a----r-- c:\windows\system32\drivers\nvata.sys
2009-03-10 13:26 35,840 a----r-- c:\windows\system32\NVCOI.DLL
2009-03-10 13:26 --d----- c:\windows\system32\ReinstallBackups
2009-03-10 13:25 208,896 a------- c:\windows\system32\NVUNINST.EXE
2009-03-10 13:24 --d----- c:\windows\system32\Tools
2009-03-10 13:21 4,864 a----r-- c:\windows\system32\drivers\PortIo.sys
2009-03-10 13:08 --d----- c:\program files\common files\ATI
2009-03-10 13:08 --d----- c:\program files\common files\CyberLink
2009-03-10 13:06 --d----- c:\program files\common files\Simple Star Shared
2009-03-10 13:06 --d----- c:\program files\common files\SWF Studio
2009-03-10 13:06 --d----- c:\program files\common files\Wise Installation Wizard
2009-03-10 13:06 --d----- c:\program files\DivX
2009-03-10 13:06 --d----- c:\program files\GameHouse
2009-03-10 13:06 --d----- c:\program files\iWin.com Games
2009-03-10 13:05 --d----- c:\program files\Lexmark
2009-03-10 13:05 --d----- c:\program files\Lexmark Z700-P700 Series
2009-03-10 13:04 --d----- c:\program files\Microsoft IntelliPoint
2009-03-10 13:04 --d----- c:\program files\Microsoft IntelliType Pro
2009-03-10 13:03 --d----- c:\program files\MySpace
2009-03-10 13:03 --d----- c:\program files\MSXML 6.0
2009-03-10 13:03 --d----- c:\program files\MSXML 4.0
2009-03-10 13:02 --d----- c:\program files\Nero
2009-03-10 13:01 --d----- c:\program files\On-line Help Console
2009-03-10 13:01 --d----- c:\program files\Oberon Media
2009-03-10 13:01 --d----- c:\program files\PlayFirst
2009-03-10 13:00 --d----- c:\program files\PokerStars.NET
2009-03-10 12:59 --d----- c:\program files\RealArcade
2009-03-10 12:57 --d----- c:\program files\TheLearningPit
2009-03-10 12:57 --d----- c:\program files\Symantec
2009-03-10 12:57 --d----- c:\program files\Shockwave.com
2009-03-10 12:57 --d----- c:\program files\Vuze
2009-03-10 12:57 --d----- c:\program files\Windows Media Components
2009-03-10 12:57 --d----- c:\program files\Windows Media Connect 2
2009-03-10 12:41 162,304 a------- c:\documents and settings\nick\lame_enc_en.dll
2009-03-10 12:41 53,248 a------- c:\documents and settings\nick\lametritonus_en.dll
2009-03-10 12:38 --d----- c:\program files\Yahoo!
2009-03-10 12:31 --ds---- c:\windows\system32\Microsoft
2009-03-10 12:30 --dsh--- c:\windows\Installer
2009-03-10 12:30 --d----- c:\documents and settings\Nick
2009-03-10 12:29 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-10 12:27 26,112 ac------ c:\windows\system32\dllcache\EXCH_seos.dll
2009-03-10 12:26 2,134,528 ac------ c:\windows\system32\dllcache\EXCH_smtpsnap.dll
2009-03-10 12:26 --dsh--- c:\documents and settings\all users.windows\DRM
2009-03-10 12:25 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-10 12:24 --d----- c:\program files\common files\MSSoap
2009-03-10 12:24 --d-h--- c:\program files\WindowsUpdate
2009-03-10 12:24 --d----- c:\program files\Online Services
2009-03-10 12:24 --d----- c:\program files\Messenger
2009-03-10 12:24 --d----- c:\program files\MSN Gaming Zone
2009-03-10 12:23 --d----- c:\program files\Windows NT
2009-03-10 06:19 --d----- c:\program files\common files\ODBC
2009-03-10 06:19 --d----- c:\program files\common files\SpeechEngines
2009-03-10 06:19 --d--r-- c:\documents and settings\all users.windows\Documents

==================== Find3M ====================

2009-03-10 14:25 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-10 12:24 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-04 17:58 5,045,760 a------- c:\windows\system32\drivers\RtkHDAud.sys
2009-03-02 16:01 17,530,368 a------- c:\windows\RTHDCPL.EXE
2009-03-02 11:14 57,344 a------- c:\windows\ALCMTR.EXE
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-01-26 20:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-01-26 20:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-01-26 20:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-01-26 20:35 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-01-26 20:35 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-01-26 20:35 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-01-26 20:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-01-26 20:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-01-26 20:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-01-26 20:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-26 20:34 684,032 a------- c:\windows\system32\DivX.dll
2009-01-21 15:54 1,206,816 a------- c:\windows\RtlUpd.exe
2008-07-19 08:44 5,696 a------- c:\program files\install.log

============= FINISH: 13:24:18.39 ===============

Hello.
MBAM has removed the avenger (false positive), I want to use the avenger again, so you'll need to re-download again and extract it.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
gaopdxserv.sys

Drivers to delete:
gaopdxserv.sys

Files to delete:
c:\windows\system32\a

Folders to delete:
C:\_OTMoveIt
c:\docume~1\nick\applic~1\LimeWire
c:\program files\iWin.com Games

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

4. Please copy/paste the content of c:\avenger.txt into your reply.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gaopdxserv.sys" disabled successfully.
Driver "gaopdxserv.sys" deleted successfully.
File "c:\windows\system32\a" deleted successfully.
Folder "C:\_OTMoveIt" deleted successfully.
Folder "c:\docume~1\nick\applic~1\LimeWire" deleted successfully.
Folder "c:\program files\iWin.com Games" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hello.
How is the machine now?

much better your a genius thanks so much

Hello.
Glad to hear it.

We need to remove the tools we have used.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt3.exe to run it again.
  
• Press the green CleanUp! button.
  
• Press Yes cleanup process prompt.
  
• It will start cleaning now, and will want to reboot after, please allow it to do so.
  
• It will make a log of what it has removed, but I don't need to see the log.
  

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.