I have been trying to rid my machine of this Yoog Search malware for a few weeks now. It has completely jacked my search engines and is continually flooding me with pops-ups from a "contextual ads" service whenever I open a new browser. None of my favorite scanners are able to detect it yet. I would appreciate any help. Thanks in advance. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:31 PM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NMSU\VPN Client\cvpnd.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wakka\Desktop\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: blueskyadagency - {80f478d5-4ffe-c41c-1b9d-5be267e11b5f} - C:\WINDOWS\system32\nse11.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NMSU VPN Client.lnk = C:\Program Files\NMSU\VPN Client\vpngui.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NMSU\VPN Client\cvpnd.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 10479 bytes

Hi,

Uninstall the following programs via software > add & remove programs if present:

Browser Optimizer Dcads
Contextual Tool Dcads
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Reboot afterwards.

After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Hey miekiemoes,

Thank you for responding, I really appreciate your time in helping me. Here is the the ComboFix log:

ComboFix 09-02-17.02 - Wakka 2009-02-18 18:11:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1481 [GMT -7:00]
Running from: c:\documents and settings\Wakka\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wakka\Application Data\inst.exe
c:\windows\dgekr1137.exe
c:\windows\enmw7870.exe
c:\windows\system32\51728caf-b08d-aba5-8dd9-51788d824a72.exe
c:\windows\system32\wdfrglcmhn.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-17 18:30 . 2009-02-17 18:20 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\Viewpoint
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\Common Files\AOL
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\AIM6
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\AIM Toolbar
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\Wakka\Application Data\acccore
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-02-13 19:49 . 2009-02-13 19:49 367 --ah----- C:\IPH.PH
2009-02-11 18:58 . 2009-02-11 18:58 126,976 --a------ c:\windows\War3Unin.exe
2009-02-11 18:58 . 2009-02-11 18:58 23,443 --a------ c:\windows\War3Unin.dat
2009-02-11 18:58 . 2009-02-11 18:58 2,829 --a------ c:\windows\War3Unin.pif
2009-02-11 18:56 . 2009-02-17 20:50 <DIR> d-------- c:\program files\Warcraft III
2009-02-09 00:22 . 2009-02-09 00:22 <DIR> d-------- c:\documents and settings\Wakka\Application Data\Malwarebytes
2009-02-09 00:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 00:21 . 2009-02-09 00:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 00:21 . 2009-02-09 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 00:21 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 23:38 . 2009-02-08 23:38 <DIR> d-------- c:\program files\Sun
2009-02-08 23:06 . 2009-02-08 23:06 <DIR> d-------- c:\documents and settings\Wakka\Application Data\OpenOffice.org
2009-02-08 23:02 . 2009-02-08 23:02 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-08 23:02 . 2009-02-08 23:02 <DIR> d-------- c:\program files\JRE
2009-02-08 22:55 . 2009-02-08 22:55 <DIR> d-------- c:\documents and settings\Wakka\.SunDownloadManager
2009-02-08 22:39 . 2009-02-08 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-02-08 22:35 . 2009-02-08 22:40 <DIR> d-------- c:\program files\Diner Dash Hometown Hero
2009-02-08 22:16 . 2009-02-08 22:16 <DIR> d-------- c:\documents and settings\Wakka\Application Data\Cimaware
2009-02-08 22:13 . 2009-02-08 22:25 <DIR> d-------- c:\program files\Cimaware
2009-02-08 21:59 . 2009-02-08 22:00 <DIR> d-------- c:\program files\Ontrack
2009-02-05 17:45 . 2009-02-05 17:45 <DIR> d-------- c:\temp\lgfwauto
2009-02-04 19:28 . 2009-02-04 19:28 <DIR> d-------- c:\documents and settings\Wakka\Application Data\TheScruffs
2009-02-04 19:27 . 2009-02-15 10:28 <DIR> d-------- c:\program files\The Scruffs
2009-02-04 19:01 . 2009-02-04 19:02 <DIR> d-------- c:\program files\Big Kahuna Reef
2009-02-04 19:01 . 2009-01-23 19:10 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-02-04 18:30 . 2009-01-18 14:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 18:29 . 2009-02-17 17:46 <DIR> d-------- c:\program files\Lavasoft
2009-02-04 18:29 . 2009-02-17 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 18:01 . 2009-02-04 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Amazon
2009-02-04 18:00 . 2009-02-04 18:00 <DIR> d-------- c:\program files\Amazon
2009-02-04 00:41 . 2009-02-04 00:41 <DIR> d-------- c:\program files\Steveredrum
2009-02-04 00:40 . 2009-02-04 00:41 <DIR> d-------- c:\program files\Cake Mania 3
2009-02-02 23:12 . 2009-02-02 23:12 <DIR> d-------- c:\program files\ReflexiveArcade
2009-02-02 23:12 . 2009-02-02 23:42 <DIR> d-------- c:\program files\Cake Mania 2
2009-01-31 15:21 . 2009-01-31 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-01-31 15:00 . 2009-01-31 15:00 <DIR> d-------- c:\program files\GameHouse
2009-01-31 14:24 . 2009-02-04 18:01 <DIR> d-------- c:\program files\eMule
2009-01-31 13:50 . 2009-01-31 13:50 28,672 --a------ c:\windows\bdjo2062.exe
2009-01-28 22:11 . 2009-01-28 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-28 22:11 . 2009-02-02 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-01-28 21:50 . 2009-01-28 21:50 <DIR> d-------- c:\program files\Shockwave.com
2009-01-28 21:50 . 2009-02-08 22:39 <DIR> d-------- c:\documents and settings\Wakka\Application Data\PlayFirst
2009-01-27 16:07 . 2009-02-09 20:34 <DIR> d-------- c:\documents and settings\Wakka\Application Data\dvdcss
2009-01-26 01:17 . 2009-01-26 01:17 <DIR> d-------- c:\program files\DVDFab 5
2009-01-26 01:17 . 2009-01-26 01:17 <DIR> d-------- c:\documents and settings\Wakka\Application Data\Vso
2009-01-26 01:17 . 2009-01-26 01:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-26 01:17 . 2009-01-26 01:17 47,360 --a------ c:\documents and settings\Wakka\Application Data\pcouffin.sys
2009-01-26 01:09 . 2009-01-26 01:09 <DIR> d-------- C:\APL0NNW1
2009-01-26 01:08 . 2009-01-26 01:08 <DIR> d-------- c:\program files\DVD Shrink
2009-01-25 21:57 . 2009-01-25 22:30 <DIR> d-------- C:\Apoc
2009-01-22 01:48 . 2009-01-28 08:52 29 --a------ c:\windows\popcinfo.dat
2009-01-22 00:09 . 2009-01-22 00:10 <DIR> d-------- c:\program files\Zuma Deluxe
2009-01-22 00:09 . 2009-01-22 00:09 <DIR> d-------- c:\program files\PopCap Games
2009-01-22 00:08 . 2009-01-22 00:18 <DIR> d-------- c:\program files\Insaniquarium Deluxe
2009-01-22 00:08 . 2009-01-22 00:08 737,280 --a------ c:\windows\iun6002.exe
2009-01-22 00:06 . 2009-01-22 00:06 <DIR> d-------- C:\cabs
2009-01-20 20:44 . 2009-01-20 20:44 86,016 --------- c:\windows\system32\pxwma.dll
2009-01-20 20:05 . 2009-01-20 20:05 <DIR> d-------- c:\program files\Roxio
2009-01-20 19:32 . 2009-01-20 19:32 <DIR> d-------- C:\Python26
2009-01-20 19:22 . 2009-01-29 23:16 <DIR> d-------- C:\wamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 01:16 --------- d-----w c:\program files\lg_fwupdate
2009-02-18 05:07 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-18 02:32 --------- d-----w c:\documents and settings\Wakka\Application Data\Roxio
2009-02-17 03:56 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 04:55 --------- d-----w c:\documents and settings\Wakka\Application Data\LimeWire
2009-02-11 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-09 06:35 --------- d-----w c:\program files\Java
2009-02-09 05:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 04:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-05 06:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-05 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-21 03:05 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-01-08 07:17 --------- d-----w c:\program files\DivX
2009-01-01 04:51 --------- d-----w c:\program files\World of Warcraft
2008-12-30 23:47 --------- d-----w c:\documents and settings\Wakka\Application Data\Ahead
2008-12-30 17:50 --------- d-----w c:\documents and settings\Wakka\Application Data\HandBrake
2008-12-30 17:48 --------- d-----w c:\program files\Reference Assemblies
2008-12-30 17:48 --------- d-----w c:\program files\MSBuild
2008-12-30 17:39 --------- d-----w c:\program files\Wyzo
2008-12-30 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-12-30 14:41 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-12-29 20:02 --------- d-----w c:\program files\iTunes
2008-12-29 20:02 --------- d-----w c:\program files\iPod
2008-12-29 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-29 20:01 --------- d-----w c:\program files\QuickTime
2008-12-27 07:37 --------- d-----w c:\program files\GiPo@Utilities
2008-12-24 17:28 --------- d-----w c:\documents and settings\Wakka\Application Data\???????sAppData
2008-12-24 03:46 --------- d-----w c:\program files\RandomFill
2008-08-26 01:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-26 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-26 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-07-03 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-17 509784]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-26 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Wakka\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-01-30 245760]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-16 805392]
NMSU VPN Client.lnk - c:\program files\NMSU\VPN Client\vpngui.exe [2008-12-04 1470480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Amazon Download Agent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-07-03 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-07-03 35584]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-10-28 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-13 24652]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-02-04 317440]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-09-30 14976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96c34b8d-3d98-11dd-9438-00044b03b513}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-17 18:17]

2009-02-18 c:\windows\Tasks\Daily.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-09-30 16:38]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-dvd43 - c:\program files\dvd43\dvd43_tray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Wakka\Application Data\Mozilla\Firefox\Profiles\yyxhfxx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1156)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\NMSU\VPN Client\cvpnd.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-18 18:18:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-19 01:18:49

Pre-Run: 139,750,825,984 bytes free
Post-Run: 140,684,570,624 bytes free

276 --- E O F --- 2009-02-11 05:03:58

Hi,

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
• Viewpoint Manager
• Viewpoint Media Player

Reboot.
Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:



Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

I did find an instance of Viewpoint Player in Add/Remove Programs, which I removed. After running ComboFix again I noticed that I had control over Firefox, and was actually able to delete (without Yoog re-creating itself) from the manageable search engines. I thought the day would never come Here is my ComboFix log:

ComboFix 09-02-17.02 - Wakka 2009-02-18 19:02:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1487 [GMT -7:00]
Running from: c:\documents and settings\Wakka\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wakka\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
AV: Sophos Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\Wakka\Application Data\Mozilla\Firefox\Profiles\yyxhfxx2.default\user.js
c:\windows\bdjo2062.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Wakka\Application Data\Mozilla\Firefox\Profiles\yyxhfxx2.default\user.js
c:\windows\bdjo2062.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-17 18:30 . 2009-02-17 18:20 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\Common Files\AOL
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\AIM6
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\program files\AIM Toolbar
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\Wakka\Application Data\acccore
2009-02-13 19:49 . 2009-02-18 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2009-02-13 19:49 . 2009-02-13 19:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-02-13 19:49 . 2009-02-13 19:49 367 --ah----- C:\IPH.PH
2009-02-11 18:58 . 2009-02-11 18:58 126,976 --a------ c:\windows\War3Unin.exe
2009-02-11 18:58 . 2009-02-11 18:58 23,443 --a------ c:\windows\War3Unin.dat
2009-02-11 18:58 . 2009-02-11 18:58 2,829 --a------ c:\windows\War3Unin.pif
2009-02-11 18:56 . 2009-02-18 18:47 <DIR> d-------- c:\program files\Warcraft III
2009-02-09 00:22 . 2009-02-09 00:22 <DIR> d-------- c:\documents and settings\Wakka\Application Data\Malwarebytes
2009-02-09 00:22 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 00:21 . 2009-02-09 00:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 00:21 . 2009-02-09 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-09 00:21 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 23:38 . 2009-02-08 23:38 <DIR> d-------- c:\program files\Sun
2009-02-08 23:06 . 2009-02-08 23:06 <DIR> d-------- c:\documents and settings\Wakka\Application Data\OpenOffice.org
2009-02-08 23:02 . 2009-02-08 23:02 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-08 23:02 . 2009-02-08 23:02 <DIR> d-------- c:\program files\JRE
2009-02-08 22:55 . 2009-02-08 22:55 <DIR> d-------- c:\documents and settings\Wakka\.SunDownloadManager
2009-02-08 22:39 . 2009-02-08 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-02-08 22:35 . 2009-02-08 22:40 <DIR> d-------- c:\program files\Diner Dash Hometown Hero
2009-02-08 22:16 . 2009-02-08 22:16 <DIR> d-------- c:\documents and settings\Wakka\Application Data\Cimaware
2009-02-08 22:13 . 2009-02-08 22:25 <DIR> d-------- c:\program files\Cimaware
2009-02-08 21:59 . 2009-02-08 22:00 <DIR> d-------- c:\program files\Ontrack
2009-02-05 17:45 . 2009-02-05 17:45 <DIR> d-------- c:\temp\lgfwauto
2009-02-04 19:28 . 2009-02-04 19:28 <DIR> d-------- c:\documents and settings\Wakka\Application Data\TheScruffs
2009-02-04 19:27 . 2009-02-15 10:28 <DIR> d-------- c:\program files\The Scruffs
2009-02-04 19:01 . 2009-02-04 19:02 <DIR> d-------- c:\program files\Big Kahuna Reef
2009-02-04 19:01 . 2009-01-23 19:10 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-02-04 18:30 . 2009-01-18 14:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-04 18:29 . 2009-02-17 17:46 <DIR> d-------- c:\program files\Lavasoft
2009-02-04 18:29 . 2009-02-17 17:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-04 18:01 . 2009-02-04 18:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Amazon
2009-02-04 18:00 . 2009-02-04 18:00 <DIR> d-------- c:\program files\Amazon
2009-02-04 00:41 . 2009-02-04 00:41 <DIR> d-------- c:\program files\Steveredrum
2009-02-04 00:40 . 2009-02-04 00:41 <DIR> d-------- c:\program files\Cake Mania 3
2009-02-02 23:12 . 2009-02-02 23:12 <DIR> d-------- c:\program files\ReflexiveArcade
2009-02-02 23:12 . 2009-02-02 23:42 <DIR> d-------- c:\program files\Cake Mania 2
2009-01-31 15:21 . 2009-01-31 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2009-01-31 15:00 . 2009-01-31 15:00 <DIR> d-------- c:\program files\GameHouse
2009-01-31 14:24 . 2009-02-04 18:01 <DIR> d-------- c:\program files\eMule
2009-01-28 22:11 . 2009-01-28 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-28 22:11 . 2009-02-02 23:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-01-28 21:50 . 2009-01-28 21:50 <DIR> d-------- c:\program files\Shockwave.com
2009-01-28 21:50 . 2009-02-08 22:39 <DIR> d-------- c:\documents and settings\Wakka\Application Data\PlayFirst
2009-01-27 16:07 . 2009-02-09 20:34 <DIR> d-------- c:\documents and settings\Wakka\Application Data\dvdcss
2009-01-26 01:17 . 2009-01-26 01:17 <DIR> d-------- c:\program files\DVDFab 5
2009-01-26 01:17 . 2009-01-26 01:17 <DIR> d-------- c:\documents and settings\Wakka\Application Data\Vso
2009-01-26 01:17 . 2009-01-26 01:17 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-01-26 01:17 . 2009-01-26 01:17 47,360 --a------ c:\documents and settings\Wakka\Application Data\pcouffin.sys
2009-01-26 01:09 . 2009-01-26 01:09 <DIR> d-------- C:\APL0NNW1
2009-01-26 01:08 . 2009-01-26 01:08 <DIR> d-------- c:\program files\DVD Shrink
2009-01-25 21:57 . 2009-01-25 22:30 <DIR> d-------- C:\Apoc
2009-01-22 01:48 . 2009-01-28 08:52 29 --a------ c:\windows\popcinfo.dat
2009-01-22 00:09 . 2009-01-22 00:10 <DIR> d-------- c:\program files\Zuma Deluxe
2009-01-22 00:09 . 2009-01-22 00:09 <DIR> d-------- c:\program files\PopCap Games
2009-01-22 00:08 . 2009-01-22 00:18 <DIR> d-------- c:\program files\Insaniquarium Deluxe
2009-01-22 00:08 . 2009-01-22 00:08 737,280 --a------ c:\windows\iun6002.exe
2009-01-22 00:06 . 2009-01-22 00:06 <DIR> d-------- C:\cabs
2009-01-20 20:44 . 2009-01-20 20:44 86,016 --------- c:\windows\system32\pxwma.dll
2009-01-20 20:05 . 2009-01-20 20:05 <DIR> d-------- c:\program files\Roxio
2009-01-20 19:32 . 2009-01-20 19:32 <DIR> d-------- C:\Python26
2009-01-20 19:22 . 2009-01-29 23:16 <DIR> d-------- C:\wamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 01:58 --------- d-----w c:\program files\lg_fwupdate
2009-02-18 05:07 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-18 02:32 --------- d-----w c:\documents and settings\Wakka\Application Data\Roxio
2009-02-17 03:56 --------- d-----w c:\program files\Common Files\Adobe
2009-02-12 04:55 --------- d-----w c:\documents and settings\Wakka\Application Data\LimeWire
2009-02-11 15:08 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-09 06:37 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-09 06:35 --------- d-----w c:\program files\Java
2009-02-09 05:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-09 04:59 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-05 06:25 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-05 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-21 03:05 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-01-08 07:17 --------- d-----w c:\program files\DivX
2009-01-01 04:51 --------- d-----w c:\program files\World of Warcraft
2008-12-30 23:47 --------- d-----w c:\documents and settings\Wakka\Application Data\Ahead
2008-12-30 17:50 --------- d-----w c:\documents and settings\Wakka\Application Data\HandBrake
2008-12-30 17:48 --------- d-----w c:\program files\Reference Assemblies
2008-12-30 17:48 --------- d-----w c:\program files\MSBuild
2008-12-30 17:39 --------- d-----w c:\program files\Wyzo
2008-12-30 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-12-30 14:41 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
2008-12-29 20:02 --------- d-----w c:\program files\iTunes
2008-12-29 20:02 --------- d-----w c:\program files\iPod
2008-12-29 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-29 20:01 --------- d-----w c:\program files\QuickTime
2008-12-27 07:37 --------- d-----w c:\program files\GiPo@Utilities
2008-12-24 17:28 --------- d-----w c:\documents and settings\Wakka\Application Data\???????sAppData
2008-12-24 03:46 --------- d-----w c:\program files\RandomFill
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-04 23:52 2,131,968 ----a-w c:\windows\system32\python26.dll
2008-08-26 01:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-18_18.18.13.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-19 01:58:09 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-26 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-26 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-07-03 249856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-18 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-30 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-22 319488]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-17 509784]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-12-26 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Wakka\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-01-30 245760]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-02-16 805392]
NMSU VPN Client.lnk - c:\program files\NMSU\VPN Client\vpngui.exe [2008-12-04 1470480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Amazon Download Agent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-04 64160]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-07-03 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-07-03 35584]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-10-28 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-09-30 98304]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-02-04 317440]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-09-30 14976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96c34b8d-3d98-11dd-9438-00044b03b513}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-02-18 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-17 18:17]

2009-02-18 c:\windows\Tasks\Daily.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-09-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Wakka\Application Data\Mozilla\Firefox\Profiles\yyxhfxx2.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
.

**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-02-18 19:05:44
ComboFix-quarantined-files.txt 2009-02-19 02:05:42

Pre-Run: 140,662,087,680 bytes free
Post-Run: 140,649,873,408 bytes free

252 --- E O F --- 2009-02-11 05:03:58

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !