Good job, Sammel, and you're welcome!!

A couple of the files I specified in the CFScript were already removed in the first run of Combofix so that is why you got the "file not found" message. However, CF continues processing the script regardless of encountering a file that is not present, so that message does not affect the removal process.

The numerical SYS file I believe is a randomly name driver that Daemon Tools creates when it launches.

Let's do a couple more things now.

1. Unless you use either of the first two of these programs, you can remove them via Add/Remove programs as they are adware related. All three are usually bundled with other programs or the arrive as preinstalled programs courtesy of you PC's OEM:
Viewpoint (Manager or Toolbar)
Wild Tangent
Browser Address Redirector - (redirects browser "Page not found" errors to a website of Google's choosing (bundled with Google Toolbar)

2. Open HJT. Click the ' 'Do a system scan only'' option to perform a HijackThis scan and place a checkmark next to the following items. Close ALL other windows and browsers except HijackThis. Click "Fix Checked".


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime - (nonessential startup: this will return unless you disable it in MSConfig)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O20 - Winlogon Notify: cbXRHYop - cbXRHYop.dll (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe - Check this for removal if you uninstalled Wild Tangent as directed above.

Close HJT

3. You asked about another antispyware program that I would recommend using. This one that I am having you run next, is excellent:

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop or a convenient location of your choosing from one of the following websites:

MBAM provides support for Windows 2000, XP, and Vista.

BestTechie.net
http://www.besttechie.net/tools/mbam-setup.exe
or
MajorGeeks.com:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Double-click mbam-setup.exe and follow the prompts to install the program. At the end of the install, verify that a checkmark is placed next to the following two options:

• Update Malwarebytes' Anti-Malware
• Launch Malwarebytes' anti-Malware

• Click Finish.
  
• MBAM will automatically update, if the above options are checked.
  
• Once the program launches, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK -> Show Results to view the scan results.
  
• Check all items found, and then choose the 'Remove Selected' option to move the selected items to the quarantine.
  
• When the scan is finished, a log will open in Notepad with the scan results. Please post the results in your next reply, along with a new HJT log.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

Hey Negster! I did everything you told me, but a couple things before i post the new logs.

1. i did NOT uninstall the wildgames console (wildtangent)because i do use that and its a service i pay for. is it malicious to my computer? will keeping it cause me to have more infections? If so, then by all means i will uninstall it. let me know!

2. I couldnt find any viewpoint stuff in add/remove programs. i remember uninstalling viewpoint stuff when i did the MRP before i wrote you guys initially. is it still on my machine? is there another way i can add remove programs if they do not show up in the control panel?

3. Is deamon tools still in my system? I thought I uninstalled it? which i guess goes back to the previous question about finding programs on the computer that dont show up on the add/remove programs menu.


Ok. I think thats all the questions i have right now. I'm sorry if I seem computer stupid.... but i am haha. ok so here are my updated logs. the first is the MBAM , then the combofox and the HJT last. Once more, thanks SO much! you're a lifesaver!




Malwarebytes' Anti-Malware 1.19
Database version: 905
Windows 5.1.2600 Service Pack 2

10:29:27 PM 6/29/2008
mbam-log-6-29-2008 (22-29-27).txt

Scan type: Quick Scan
Objects scanned: 39130
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/conflict.1/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

ComboFix 08-06-20.4 - Samm 2008-06-29 22:32:00.3 - NTFSx86
Running from: C:\Documents and Settings\Samm\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-29 22:28 . 2008-06-29 22:28 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-29 22:20 . 2008-06-29 22:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 22:20 . 2008-06-29 22:20 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Malwarebytes
2008-06-29 22:20 . 2008-06-29 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 22:20 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-29 22:20 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-29 15:40 . 2008-06-29 15:40 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Gamelab
2008-06-29 02:31 . 2008-06-29 14:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-29 02:31 . 2008-06-29 02:31 <DIR> d-------- C:\Program Files\AVG
2008-06-29 02:31 . 2008-06-29 02:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-29 02:31 . 2008-06-29 02:31 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-29 02:31 . 2008-06-29 02:31 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-29 02:31 . 2008-06-29 02:31 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-28 20:53 . 2008-06-28 20:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-28 20:48 . 2008-06-28 21:45 <DIR> d-------- C:\SDFix
2008-06-28 01:39 . 2008-06-28 01:39 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Home Sweet Home
2008-06-26 23:02 . 2008-06-26 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-06-26 22:14 . 2008-06-26 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-06-26 19:30 . 2008-06-26 19:32 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Academy
2008-06-26 16:45 . 2008-06-26 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
2008-06-25 00:28 . 2008-06-29 17:42 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Boomzap
2008-06-24 23:53 . 2008-06-24 23:53 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Jane s Hotel
2008-06-21 17:51 . 2008-06-21 17:51 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Magic Seeds
2008-06-21 16:22 . 2008-06-21 16:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-12 00:49 . 2008-06-12 00:49 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-12 00:47 . 2008-06-12 00:47 5,154,304 --a------ C:\WindowsDefender.msi
2008-06-11 22:34 . 2008-06-28 17:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-11 22:34 . 2008-06-28 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 22:32 . 2008-06-11 22:32 9,722,720 --a------ C:\spybotsd152.exe
2008-06-11 21:22 . 2008-06-11 21:22 <DIR> d-------- C:\Program Files\CCleaner
2008-06-11 20:50 . 2008-06-11 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 20:49 . 2008-06-11 20:49 <DIR> d-------- C:\HJT
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 13:46 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:01 . 2008-06-10 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Ludia
2008-06-10 21:34 . 2008-06-10 21:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-10 20:37 . 2008-06-10 20:37 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Youdagames
2008-06-10 19:54 . 2008-06-10 19:56 <DIR> d-------- C:\Program Files\Mall Tycoon 3
2008-06-10 15:55 . 2008-06-10 15:55 <DIR> d-------- C:\Program Files\BFG
2008-06-10 15:10 . 2008-06-21 16:23 <DIR> d-------- C:\Program Files\Flower Stand Tycoon
2008-06-09 19:41 . 2008-06-09 19:41 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-09 19:28 . 2008-06-09 19:33 <DIR> d-------- C:\Program Files\WinAce
2008-06-07 15:52 . 2008-06-07 15:52 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\iWinArcade
2008-06-07 15:52 . 2008-06-07 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-06-06 22:38 . 2008-06-07 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Free Ride Games
2008-06-06 22:38 . 2007-06-04 14:04 9,774 --------- C:\WINDOWS\FRG.ico
2008-06-06 22:38 . 2008-06-07 02:08 63 --a------ C:\WINDOWS\GPlrLanc.dat
2008-06-04 00:12 . 2008-06-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-06-03 23:56 . 2008-06-03 23:56 0 --a------ C:\WINDOWS\Game.INI
2008-06-03 22:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-01 18:29 . 2008-06-01 18:34 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Move Networks
2008-05-31 14:09 . 2008-04-01 14:09 32 -ra------ C:\Documents and Settings\All Users\hash.dat
2008-05-31 14:02 . 2008-05-31 14:09 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\yoclient
2008-05-26 21:10 . 2008-05-26 21:10 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-19 21:00 . 2008-06-29 14:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-18 00:18 . 2008-06-26 22:37 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\PlayFirst
2008-05-18 00:18 . 2008-06-26 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-16 18:01 . 2008-05-16 18:01 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\WildTangent
2008-05-16 18:00 . 2008-06-29 17:40 <DIR> d-------- C:\Program Files\WildGames
2008-05-16 18:00 . 2008-06-29 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-05-15 01:46 . 2008-05-15 01:46 <DIR> d-------- C:\Documents and Settings\Samm\Application Data\Meridian93
2008-05-15 00:40 . 2008-05-15 00:40 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-05-09 13:50 . 2008-05-09 13:50 56 -r-hs---- C:\WINDOWS\system32\63BFF1F608.sys
2008-05-03 17:12 . 2008-06-05 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 02:18 --------- d-----w C:\Program Files\BAE
2008-06-29 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-27 19:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-22 18:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 19:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 03:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 01:11 --------- d-----w C:\Program Files\Viewpoint
2008-06-12 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 01:07 --------- d-----w C:\Program Files\Dell
2008-06-11 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\GTek
2008-05-09 17:49 --------- d-----w C:\Documents and Settings\Samm\Application Data\Corel
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-01 03:55 --------- d-----w C:\Documents and Settings\Samm\Application Data\Pogo Games
2007-11-20 21:29 168 --sh--r C:\WINDOWS\system32\08F6F1BF63.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-28_ 0.40.05.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-28 04:29:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-30 01:46:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 07:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-29 01:13:36 5,459,968 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-29 01:13:36 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-28 07:48:40 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-29 00:54:06 5,459,968 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-29 00:54:06 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2007-12-20 20:54:11 26,952 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-06-29 06:31:28 26,184 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 04:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 04:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 04:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 04:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-29 02:31 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 12:55 68856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-27 03:14:52 24576]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-18 23:38:12 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Samm^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Samm\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-04-05 20:19 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-04-05 20:22 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 16:16 1121792 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2005-04-05 20:23 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-27 03:18 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
C:\Program Files\Westelcom Accelerator\slipcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 20:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-05 12:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-29 02:31]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-29 02:31]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-29 02:31]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-29 02:31]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe" [2008-05-05 18:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 01:50:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-27 19:00:22 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 22:39:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 22:52:22
ComboFix-quarantined-files.txt 2008-06-30 02:52:13
ComboFix2.txt 2008-06-28 22:23:11
ComboFix3.txt 2008-06-28 04:40:46

Pre-Run: 21,461,090,304 bytes free
Post-Run: 21,458,710,528 bytes free

238 --- E O F --- 2008-06-26 18:12:40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:50 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 6208 bytes

Hi Sammel,

If you paid for the Wild Tangent service, by all means keep it. You can read about Wild Tangent under the topic "controversy" here. Basically, it has some phone home functionality to report usage statistics. though it really isn't that bad. No, it won't get you infected like using P2P programs to download anonymous software can:
http://en.wikipedia.org/wiki/WildTangent
Many times it is installed by OEMs or bundled foistware, but since this is not the case with you, just keep it if you are satisfied with the program.

There are registry remnants of Daemon Tools program that are remaining and showing in your SDFix log. That often happens when a program is uninstalled though. It is rare that all the registry entries are cleaned out completely, and like I said those randomly named drivers in the system32 directory that CF has detected, were most likely created by Daemon Tools. This in your CF log is the Daemon Tools driver:
008-06-09 19:41 . 2008-06-09 19:41 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys

But it may be gone now. You can check.

If you uninstalled Viewpoint then it is probably gone. I saw traces of it in your previous logs earlier in this thread. Any reputable program or program that purports to be so, should be uninstallable through Add/Remove programs.


Your Java (JRE) is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.

Please follow these steps to remove older version Java components and update.

[list]Download the latest version of the Java Runtime Environment - (JRE) 6 Update 6.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6 -
The Java SE Runtime Environment (JRE) allows end-users to run Java applications."

• Click the "Download" button to the right.
  
• Check the box that says: "Accept License Agreement", and the page will refresh.
  
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

Good Morning! I think I did everything correctly. Thanks. I also got rid of wildtangent. no big deal, one less thing i have to pay for! my computer is running ALOT better, i can actually navigate around the internet now!

heres my updated log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:54 AM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 6180 bytes

Great job!!, Sammel. I'm glad to hear your PC is working well again!

Please fix this Java autostart in HJT, as there is no need for it to run automatically at Windows startup:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

Be sure to hit "fix checked", and then reboot.

Next, Open a command prompt:

Click Start > Run, type or paste the following, then hit Enter or OK:

ComboFix /u

This will:
1. Reset your clock settings.
2. Rehide file extensions, and System/Hidden files
3. Flush your System Restore points and create new Restore point
4. Remove the tools we used

Then follow up by reading this article this article on how to Prevent Reinfection. It provides many safe surfing tips, and other important information.

_________________
Negster22 - MS MVP - Consumer Security 2006-2008