Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - JB6

Pages: [1] 2 3
1
Tech Clinic / PLEASE HELP!!!
« on: May 11, 2008, 09:35:23 PM »
Programs seem to take a little longer than usual to open. I dont know if its something to do with a virus or malware. Something just doesnt seem right still. Maybe its me, but if you see anything please let me know. I really am greatful for your help. I dont know what I would do without it.

2
Tech Clinic / PLEASE HELP!!!
« on: May 11, 2008, 01:07:13 PM »
I'm sorry I didnt see that you wanted a Hijack this log as well. Here it is....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:27 PM, on 5/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1210269065859
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 7043 bytes





Things seem to be a running a little better. I'll have to open some programs up and see. I've been on and off all day because of the holiday. I really appriciate your help!

3
Tech Clinic / PLEASE HELP!!!
« on: May 11, 2008, 11:59:06 AM »
Yea I had to go handle some personal family stuff for a little over a week. Everything was running good like I said, when I left. I think someone in my house must of been using my computer or somthing. It found 4 Malware including that Vondu. Here is the log...


Malwarebytes' Anti-Malware 1.12
Database version: 739

Scan type: Full Scan (C:\|)
Objects scanned: 99633
Time elapsed: 27 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mp3tag (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mp3tag\Mp3tagUninstall.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir (Adware.Shoper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMgFYqQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

4
Tech Clinic / PLEASE HELP!!!
« on: May 10, 2008, 05:09:52 PM »
Here ya go...




ComboFix 08-05-09.1 - Owner 2008-05-10 18:06:16.9 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.461 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-10 to 2008-05-10  )))))))))))))))))))))))))))))))
.

2008-05-09 04:06 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-05-09 04:06 . 2007-07-30 19:19   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-05-08 14:49 . 2008-05-08 14:49   <DIR>   d--------   C:\Program Files\VistaDriveIcon
2008-05-08 14:49 . 2008-04-14 05:42   218,624   --a------   C:\WINDOWS\system32\uxtheme.backup
2008-05-08 14:48 . 2008-05-08 14:49   8,294,454   --a------   C:\WINDOWS\startup.bmp
2008-05-08 14:42 . 2008-05-08 14:49   <DIR>   d--------   C:\WINDOWS\VistaMizer
2008-05-08 14:13 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\000001_.tmp
2008-05-08 12:19 . 2008-05-08 12:19   <DIR>   d--------   C:\Program Files\Lavasoft
2008-05-08 12:19 . 2008-05-08 12:19   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-05-07 20:17 . 2008-05-07 20:17   <DIR>   d--------   C:\Program Files\Common Files\Synacast
2008-04-30 01:22 . 2008-04-30 01:22   25,992   --a------   C:\WINDOWS\system32\pgdfgsvc.exe
2008-04-29 22:56 . 2008-04-30 01:24   <DIR>   d--------   C:\Program Files\Common Files\AOL
2008-04-29 19:19 . 2008-04-29 19:19   <DIR>   d--------   C:\Program Files\Virtual Earth 3D
2008-04-29 10:33 . 2008-04-13 22:06   144,384   ---------   C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-29 10:33 . 2008-04-14 00:10   10,240   ---------   C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-23 21:34 . 2008-04-23 21:34   <DIR>   d--------   C:\WatchNow
2008-04-23 11:43 . 2008-04-23 11:43   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-04-23 11:43 . 2008-04-23 11:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple
2008-04-23 11:40 . 2008-05-09 07:24   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-23 11:40 . 2008-04-23 11:40   1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-23 09:17 . 2008-04-23 09:18   <DIR>   d--------   C:\Program Files\QuickTime
2008-04-23 09:14 . 2008-04-23 09:15   <DIR>   d--------   C:\WINDOWS\system32\Adobe
2008-04-23 07:04 . 2007-01-18 08:00   3,968   --a------   C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-04-22 23:43 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-04-22 23:42 . 2008-04-22 23:42   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-04-22 21:24 . 2008-04-22 21:24   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 21:24 . 2008-04-22 21:24   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 17:34 . 2008-04-22 17:34   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-04-22 12:16 . 2008-04-22 12:16   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 12:15 . 2008-04-22 12:15   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 12:15 . 2008-04-22 12:15   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 23:21 . 2008-04-21 23:21   <DIR>   d--------   C:\Deckard
2008-04-21 22:58 . 2008-04-21 22:58   <DIR>   d--------   C:\Program Files\Trend Micro
2008-04-21 20:49 . 2008-04-21 20:49   2,560   --a------   C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13 . 2008-04-22 00:21   345   --ahs----   C:\WINDOWS\system32\hgjjRXyb.ini
2008-04-21 18:30 . 2004-05-04 11:53   1,645,320   --a------   C:\WINDOWS\gdiplus.dll
2008-04-21 18:30 . 2006-05-20 16:16   1,184,984   --a------   C:\WINDOWS\system32\wvc1dmod.dll
2008-04-21 18:30 . 2006-05-11 19:21   626,688   --a------   C:\WINDOWS\system32\vp7vfw.dll
2008-04-21 18:30 . 2006-09-29 12:24   217,127   --a------   C:\WINDOWS\system32\drv43260.dll
2008-04-21 18:30 . 2006-09-29 12:25   208,935   --a------   C:\WINDOWS\system32\drv33260.dll
2008-04-21 18:30 . 2006-09-29 12:26   176,165   --a------   C:\WINDOWS\system32\drv23260.dll
2008-04-21 18:30 . 2007-03-18 20:37   65,602   --a------   C:\WINDOWS\system32\cook3260.dll
2008-04-21 18:30 . 2008-04-21 18:32   47,360   --a------   C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2008-04-21 15:08 . 2008-04-21 15:08   13,144   --a------   C:\WINDOWS\system32\lsdelete.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-08 18:49   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-05-08 16:20   15,648   ----a-w   C:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-08 16:20   15,648   ----a-w   C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-05-08 16:20   12,960   ----a-w   C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-05-08 16:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 13:58   ---------   d-----w   C:\Program Files\XoftSpySE
2008-05-04 03:20   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-30 05:06   ---------   d-----w   C:\Program Files\AIM
2008-04-30 05:06   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Aim
2008-04-30 04:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-30 04:02   ---------   d-----w   C:\Program Files\Common Files\Stardock
2008-04-30 02:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-30 02:57   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-04-29 14:45   96,384   ----a-w   C:\WINDOWS\system32\drivers\sptd9373.sys
2008-04-24 08:08   ---------   d-----w   C:\Program Files\Winamp
2008-04-24 08:08   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Winamp
2008-04-23 15:45   ---------   d-----w   C:\Program Files\Web Publish
2008-04-23 13:17   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-23 03:43   ---------   d-----w   C:\Program Files\Java
2008-04-23 00:08   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Vso
2008-04-22 22:49   ---------   d-----w   C:\Program Files\LimeWire
2008-04-22 22:10   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Mp3tag
2008-04-22 21:49   ---------   d-----w   C:\Program Files\Mp3tag
2008-04-22 21:34   ---------   d-----w   C:\Program Files\Common Files\Real
2008-04-22 21:33   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
2008-04-21 22:30   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-21 22:30   ---------   d-----w   C:\Program Files\vso
2008-04-20 17:18   ---------   d--h--w   C:\Program Files\PF
2008-04-19 20:17   ---------   d-----w   C:\Program Files\Azureus
2008-04-14 09:55   1,804   ----a-w   C:\WINDOWS\system32\dcache.bin
2008-04-14 09:46   3,556,352   ----a-w   C:\WINDOWS\system32\netsetup.exe
2008-04-14 09:43   92,424   ----a-w   C:\WINDOWS\system32\rdpdd.dll
2008-04-14 09:43   87,176   ----a-w   C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 09:43   40,840   ----a-w   C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 09:43   21,896   ----a-w   C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 09:43   139,656   ----a-w   C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 09:43   12,168   ----a-w   C:\WINDOWS\system32\tsddd.dll
2008-04-14 09:43   12,040   ----a-w   C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 09:41   98,304   ----a-w   C:\WINDOWS\system32\actxprxy.dll
2008-04-14 09:40   53,279   ----a-w   C:\WINDOWS\system32\odbcji32.dll
2008-04-14 09:40   4,126   ----a-w   C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 09:40   3,584   ----a-w   C:\WINDOWS\system32\msafd.dll
2008-04-14 06:30   103,424   ----a-w   C:\WINDOWS\system32\dpcdll.dll
2008-04-14 05:00   1,845,632   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-04-14 04:58   175,744   ----a-w   C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 04:57   2,446,208   ----a-w   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 04:51   162,816   ----a-w   C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 04:50   91,520   ----a-w   C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 04:50   361,344   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 04:50   182,656   ----a-w   C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 04:49   75,264   ----a-w   C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 04:49   51,328   ----a-w   C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 04:49   48,384   ----a-w   C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 04:49   146,048   ----a-w   C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 04:49   138,112   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 04:48   52,480   ----a-w   C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 04:47   83,072   ----a-w   C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 04:47   456,576   ----a-w   C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 04:47   105,344   ----a-w   C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 04:46   49,536   ----a-w   C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 04:46   141,056   ----a-w   C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 04:45   64,512   ----a-w   C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 04:45   60,800   ----a-w   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 04:45   574,976   ----a-w   C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 04:45   334,848   ----a-w   C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 04:44   63,744   ----a-w   C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 04:44   143,744   ----a-w   C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 04:30   30,080   ----a-w   C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 04:30   225,664   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 04:30   19,072   ----a-w   C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 04:27   41,472   ----a-w   C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 04:27   40,576   ----a-w   C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 04:27   34,560   ----a-w   C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 04:27   20,864   ----a-w   C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 04:27   152,832   ----a-w   C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 04:27   14,336   ----a-w   C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 04:27   10,112   ----a-w   C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 04:26   88,320   ----a-w   C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 04:26   69,120   ----a-w   C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 04:26   35,072   ----a-w   C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 04:26   34,688   ----a-w   C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 04:26   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 04:26   30,592   ----a-w   C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 04:26   14,592   ----a-w   C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 04:26   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 04:26   12,800   ----a-w   C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 04:26   12,288   ----a-w   C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 04:25   202,624   ----a-w   C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 04:24   11,264   ----a-w   C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 04:23   71,552   ----a-w   C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 04:23   40,320   ----a-w   C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 04:23   36,608   ----a-w   C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 04:23   264,832   ----a-w   C:\WINDOWS\system32\drivers\http.sys
2008-04-14 04:21   61,824   ----a-w   C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 04:21   60,800   ----a-w   C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 04:21   59,904   ----a-w   C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 04:21   55,808   ----a-w   C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 04:21   101,120   ----a-w   C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 04:17   25,856   ----a-w   C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-14 04:15   60,160   ----a-w   C:\WINDOWS\system32\drivers\drmk.sys
2006-05-06 16:42   7,260,160   ----a-w   C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-07-07 21:03   80   --sh--r   C:\WINDOWS\system32\114AFAE353.dll
.

------- Sigcheck -------

2006-06-23 07:25  664576  64ce26db72810b30f7855ea51e1df836   C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2004-08-04 00:56  656384  c0823fc5469663ba63e7db88f9919d70   C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2006-06-23 07:02  658944  2b4db890936430c71419037039502752   C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2004-08-04 00:56  656384  c0823fc5469663ba63e7db88f9919d70   C:\WINDOWS\$NtUninstallKB918899_0$\wininet.dll
2006-06-23 07:25  664576  64ce26db72810b30f7855ea51e1df836   C:\WINDOWS\ie7\wininet.dll
2006-08-23 00:31  910848  bb5f137acb539029bb32853a52ec073b   C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2006-08-23 00:31  910848  bb5f137acb539029bb32853a52ec073b   C:\WINDOWS\system32\wininet.dll
2006-08-23 00:31  809472  02b4473e3c5fede0d3573ce297e8504a   C:\WINDOWS\VistaMizer\old\wininet.dll

2004-08-04 00:56  502272  01c3346c241652f43aed8e2149881bfe   C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 05:42  547328  a55b8899d2ea2e800061bcfd456e34dc   C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 05:42  547328  a55b8899d2ea2e800061bcfd456e34dc   C:\WINDOWS\system32\winlogon.exe
2008-04-14 05:42  507904  ed0ef0a136dec83df69f04118870003e   C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-01 20:36  2056832  d8aba3eab509627e707a3b14f00fbb6b   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 12:12  2059392  ba4b97c00a437c1cc3da365d93ee1e9d   C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 05:15  2059392  4d3dbdccbf97f5ba1e74f322b155c3ba   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 04:38  2057600  515d30e2c90a3665a2739309334c9283   C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-03 22:59  2056832  947fb1d86d14afcffdb54bf837ec25d0   C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 20:34  2056832  81013f36b21c7f72cf784cc6731e0002   C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 08:55  2057600  1d659bfb788ed2ba45075624b748d249   C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 00:01  2323072  063ff1fa9777d2fd8d6b608f1f700e1f   C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 00:01  2323072  063ff1fa9777d2fd8d6b608f1f700e1f   C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 00:01  2323072  063ff1fa9777d2fd8d6b608f1f700e1f   C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-04-14 00:01  2065792  109f8e3e3c82e337bb71b6bc9b895d61   C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-01 21:04  2179456  28187802b7c368c0d3aef7d4c382aabb   C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51  2182016  cef243f6defd20be4adde26c7ecacb54   C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 05:55  2182144  5a5c8db4aa962c714c8371fbdf189fc9   C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 05:10  2180352  582a8dbaa58c3b1f176eb2817daee77c   C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20  2180992  ce218bc7088681faa06633e218596ca7   C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59  2179328  4d4cf2c14550a4b7718e94a6e581856e   C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 10:17  2180352  8f0deab1f81fb83f9c5995853ce48b9f   C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 00:57  2446208  1c48d9f3ea6db95915564655c006be8a   C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 00:57  2446208  1c48d9f3ea6db95915564655c006be8a   C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 00:57  2446208  1c48d9f3ea6db95915564655c006be8a   C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-04-14 00:57  2188928  0c89243c7c3ee199b96fcc16990e0679   C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 05:42  1551872  c26978d5f821a7330439dd7f0aaaf678   C:\WINDOWS\explorer.exe
2007-06-13 07:26  1033216  7712df0cdde3a5ac89843e61cd5b3658   C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23  1033216  97bd6515465659ff8f3b7be375b2ea87   C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 00:56  1032192  a0732187050030ae399b241436565e64   C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42  1551872  c26978d5f821a7330439dd7f0aaaf678   C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 05:42  1033728  12896823fb95bfb3dc9b46bcaedc9923   C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 00:56  15360  24232996a38c0b0cf151c2140ae29fc8   C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42  25088  b5e8782d4af1b3756f38e11e7c157bbe   C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42  25088  b5e8782d4af1b3756f38e11e7c157bbe   C:\WINDOWS\system32\ctfmon.exe
2008-04-14 05:42  15360  5f1d5f88303d4a4dbc8e5f97ba967cc3   C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 25088]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [2006-06-02 10:34 2934784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"DrvIcon"="C:\Program Files\VistaDriveIcon\DrvIcon.exe" [2008-04-13 08:39 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 17:33 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 14:49 36352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 12:42 6731312]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-22 23:37:41 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Owner\Desktop\VCdRom.sys []
S2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
Start Pending2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 15:49:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-10 22:04:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-08 11:23:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-05 22:57:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 22:57:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-10 22:04:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-09-23 23:47:53 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 18:08:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-10 18:12:17
ComboFix-quarantined-files.txt  2008-05-10 22:11:50
ComboFix2.txt  2008-04-23 03:39:30
ComboFix3.txt  2008-04-22 23:34:09
ComboFix4.txt  2008-04-22 04:59:33

Pre-Run: 28,541,739,008 bytes free
Post-Run: 28,712,427,520 bytes free

306   --- E O F ---   2008-04-18 20:50:11

5
Tech Clinic / PLEASE HELP!!!
« on: May 08, 2008, 12:38:41 PM »
Hey, just wanted to let you know I have been away for a few weeks. Everything seemed to be running great before I left. When I came home I ran an Ad-aware scan and I got a Trojan called psexesvc and Malware called VirtuMonde. I def. notice its running a little slower. Anything you could do, as always, would be awesome. Here is a fresh log...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:28 PM, on 5/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7056 bytes

6
Tech Clinic / PLEASE HELP!!!
« on: April 23, 2008, 09:28:49 PM »
Seems to be running the same. Maybe I just have too much crap running? Here's the result...

http://www.virustotal.com/analisis/4367ec9...5feb946dca2c862

Hijackthis Log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:08 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 6737 bytes

7
Tech Clinic / PLEASE HELP!!!
« on: April 23, 2008, 08:18:03 PM »
Comp is running very slow. Here is my log after normal startup


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:50 PM, on 4/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\IDA\ida.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FMEQYNDLA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\FMEQYNDLA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KV - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\KV.exe
O23 - Service: PR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\PR.exe
O23 - Service: WFQUQDWZGTBW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\WFQUQDWZGTBW.exe
O23 - Service: YJAPFK - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Owner\LOCALS~1\Temp\YJAPFK.exe

--
End of file - 7331 bytes

8
Tech Clinic / PLEASE HELP!!!
« on: April 23, 2008, 06:16:37 AM »
OK I ran that and it found nothing. I ran in the indepth search like you said. The other program found 32 things. I really wish it would let me save it.

9
Tech Clinic / PLEASE HELP!!!
« on: April 22, 2008, 11:40:10 PM »
I dont know why but it wont let me save my log file for rootkit. Its telling me it encountered a problem and needs to close when i click save. Any ideas?

10
Tech Clinic / PLEASE HELP!!!
« on: April 22, 2008, 11:03:01 PM »
No I dont know what Process Explorer is. What is that?

11
Tech Clinic / PLEASE HELP!!!
« on: April 22, 2008, 10:32:45 PM »
Here ya go...

ComboFix 08-04-22.1 - Owner 2008-04-22 23:46:59.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.434 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-03-23 to 2008-04-23  )))))))))))))))))))))))))))))))
.

2008-04-22 23:43 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-04-22 23:42 . 2008-04-22 23:42   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-04-22 21:24 . 2008-04-22 21:24   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-04-22 21:24 . 2008-04-22 21:24   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 17:34 . 2008-04-22 17:34   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-04-22 12:16 . 2008-04-22 12:16   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 12:15 . 2008-04-22 12:15   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 12:15 . 2008-04-22 12:15   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 23:21 . 2008-04-21 23:21   <DIR>   d--------   C:\Deckard
2008-04-21 22:58 . 2008-04-21 22:58   <DIR>   d--------   C:\Program Files\Trend Micro
2008-04-21 20:49 . 2008-04-21 20:49   2,560   --a------   C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13 . 2008-04-22 00:21   345   --ahs----   C:\WINDOWS\system32\hgjjRXyb.ini
2008-04-21 20:08 . 2008-04-21 20:08   <DIR>   d--------   C:\Program Files\Stardock
2008-04-21 18:30 . 2004-05-04 11:53   1,645,320   --a------   C:\WINDOWS\gdiplus.dll
2008-04-21 18:30 . 2006-05-20 16:16   1,184,984   --a------   C:\WINDOWS\system32\wvc1dmod.dll
2008-04-21 18:30 . 2006-05-11 19:21   626,688   --a------   C:\WINDOWS\system32\vp7vfw.dll
2008-04-21 18:30 . 2006-09-29 12:24   217,127   --a------   C:\WINDOWS\system32\drv43260.dll
2008-04-21 18:30 . 2006-09-29 12:25   208,935   --a------   C:\WINDOWS\system32\drv33260.dll
2008-04-21 18:30 . 2006-09-29 12:26   176,165   --a------   C:\WINDOWS\system32\drv23260.dll
2008-04-21 18:30 . 2007-03-18 20:37   65,602   --a------   C:\WINDOWS\system32\cook3260.dll
2008-04-21 18:30 . 2008-04-21 18:32   47,360   --a------   C:\Documents and Settings\Owner\Application Data\pcouffin.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 03:43   ---------   d-----w   C:\Program Files\Java
2008-04-23 00:08   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Vso
2008-04-22 23:22   96,256   ----a-w   C:\WINDOWS\system32\drivers\sptd9373.sys
2008-04-22 23:06   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-22 22:49   ---------   d-----w   C:\Program Files\LimeWire
2008-04-22 22:10   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Mp3tag
2008-04-22 21:49   ---------   d-----w   C:\Program Files\Mp3tag
2008-04-22 21:34   ---------   d-----w   C:\Program Files\Common Files\Real
2008-04-22 21:33   348,160   ----a-w   C:\WINDOWS\system32\msvcr71.dll
2008-04-21 22:40   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 22:30   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-21 22:30   ---------   d-----w   C:\Program Files\vso
2008-04-20 17:18   ---------   d--h--w   C:\Program Files\PF
2008-04-19 20:17   ---------   d-----w   C:\Program Files\Azureus
2008-04-12 01:20   ---------   d-----w   C:\Program Files\Microsoft Silverlight
2008-04-09 21:07   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2008-03-30 23:55   ---------   d-----w   C:\Program Files\TVAnts
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-02-23 00:07   ---------   d-----w   C:\Program Files\TVUPlayer
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2005-06-07 06:45   784   ----a-w   C:\Documents and Settings\Owner\Application Data\mpauth.dat
2006-05-06 16:42   7,260,160   ----a-w   C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-07-07 21:03   80   --sh--r   C:\WINDOWS\system32\114AFAE353.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-04-22_23.38.55.59   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-25 05:28:39   135,168   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:43   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 06:37:01   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 17:33 185896]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-30 12:42 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
--a------ 2006-06-02 10:34 2934784 C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-22 17:33 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-21 18:51 3481600 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Owner\Desktop\VCdRom.sys []
S2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys []
Start Pending2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 03:32:36 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-17 13:06:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-15 22:57:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 22:57:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-23 03:32:36 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-09-23 23:47:53 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 23:48:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 23:50:09
ComboFix-quarantined-files.txt  2008-04-23 03:49:55
ComboFix2.txt  2008-04-23 03:39:30
ComboFix3.txt  2008-04-22 23:34:09
ComboFix4.txt  2008-04-22 04:59:33

Pre-Run: 34,757,521,408 bytes free
Post-Run: 34,747,531,264 bytes free

171   --- E O F ---   2008-04-18 20:50:11





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:49 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 5794 bytes

12
Tech Clinic / PLEASE HELP!!!
« on: April 22, 2008, 09:19:52 PM »
OK here is the report and hijackthis log...

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Tuesday, April 22, 2008 10:41:14 PM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 23/04/2008
 Kaspersky Anti-Virus database records: 722306
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\

Scan Statistics:
   Total number of scanned objects: 54585
   Number of viruses found: 9
   Number of infected objects: 28
   Number of suspicious objects: 0
   Duration of the scan process: 00:48:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-39737d2b.zip/vmain.class   Infected: Exploit.Java.Gimsh.b   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-1181d259-39737d2b.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-595d018e.zip/vmain.class   Infected: Exploit.Java.Gimsh.b   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-595d018e.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-52fcc1a5.zip/vmain.class   Infected: Exploit.Java.Gimsh.a   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-52fcc1a5.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-52759e7b.zip/vmain.class   Infected: Exploit.Java.Gimsh.b   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-52759e7b.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-75422158.zip/vmain.class   Infected: Exploit.Java.Gimsh.b   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-75422158.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-6ef4b6f1.zip/vmain.class   Infected: Exploit.Java.Gimsh.b   skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-6ef4b6f1.zip   ZIP: infected - 1   skipped
C:\Documents and Settings\Owner\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008042220080423\index.dat   Object is locked   skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2997C193-A464-4307-88C9-F9C00083CD16.dat   Object is locked   skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Owner\ntuser.dat   Object is locked   skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\mIRC\mirc.exe   Infected: not-a-virus:Client-IRC.Win32.mIRC.621   skipped
C:\QooBox\Quarantine\C\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll.vir   Infected: not-a-virus:AdWare.Win32.Shopper.v   skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\awturrpq.dll.vir   Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr   skipped
C:\QooBox\Quarantine\catchme2008-04-22_ 04857.12.zip/tuvUkKbB.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr   skipped
C:\QooBox\Quarantine\catchme2008-04-22_ 04857.12.zip   ZIP: infected - 1   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP748\A0133472.exe   Infected: not-a-virus:AdTool.Win32.Zango.s   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP767\A0134151.dll   Infected: not-a-virus:AdWare.Win32.HotBar.ck   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134886.exe/data0000.cab/UNINST~1.EXE   Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134886.exe/data0000.cab   Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134886.exe   Rsrc-Package: infected - 2   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134887.exe/data0000.cab/UNINST~1.EXE   Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134887.exe/data0000.cab   Infected: not-a-virus:AdWare.Win32.Virtumonde.pnc   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0134887.exe   Rsrc-Package: infected - 2   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138852.dll   Infected: not-a-virus:AdWare.Win32.Shopper.v   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138882.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr   skipped
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP775\change.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{EF00E8C5-F23E-40D3-8397-19B5393CA6FB}.bin   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\closeapp.exe   Infected: not-a-virus:RiskTool.Win32.CloseApp.a   skipped
C:\WINDOWS\system32\config\Antiviru.evt   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd.sys   Object is locked   skipped
C:\WINDOWS\system32\drivers\sptd9373.sys   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_4fc.dat   Object is locked   skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped

Scan process completed.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:58 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 5404 bytes

13
Tech Clinic / PLEASE HELP!!!
« on: April 22, 2008, 07:06:18 PM »
IDK why but for some reason my computer is going slow now. It's not logging me off anymore but it isnt running nearly as fast as it was this morning. Do you want a new Hijackthis log??

14
Tech Clinic / PLEASE HELP!!!
« on: April 22, 2008, 11:45:01 AM »
Ok. After I ran Combofix last night and rebooted and did another reset.cmd everything has been working good. I did what you just told me and here are my logs...

Malwarebytes' Anti-Malware 1.11
Database version: 670

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 90954
Time elapsed: 45 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\khfGabbX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP771\A0135720.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138778.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{939ECD28-A11F-4E35-97DB-BA59D1CF2BD0}\RP774\A0138886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.




Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-22 13:05:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05, on 2008-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)

--
End of file - 5680 bytes

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-22 12:16:08         0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-22 12:15:56         0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 12:15:55         0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 00:59:37      6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-04-22 00:42:52    388608 --a------ C:\WINDOWS\system32\CF32578.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-21 23:41:43     68096 --a------ C:\WINDOWS\zip.exe
2008-04-21 23:41:43    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-21 23:41:43     80412 --a------ C:\WINDOWS\grep.exe
2008-04-21 23:41:42     49152 --a------ C:\WINDOWS\VFind.exe
2008-04-21 23:41:42    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-21 23:41:42    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-21 23:41:42     98816 --a------ C:\WINDOWS\sed.exe
2008-04-21 23:41:42     73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-21 22:58:08         0 d-------- C:\Program Files\Trend Micro
2008-04-21 20:49:22      2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:08:58         0 d-------- C:\Program Files\Stardock
2008-04-21 18:30:21     47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-21 18:30:07    217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-21 18:30:07    208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-21 18:30:07    176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-21 18:30:07     65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-21 18:30:06    626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-21 18:30:05   1645320 --a------ C:\WINDOWS\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-04-22 01:09:06         0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-21 18:33:26         0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-04-21 18:33:25       668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-04-21 18:32:36        33 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-04-21 18:32:35      1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-04-21 18:32:35      7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-04-21 18:30:02         0 d-------- C:\Program Files\vso
2008-04-20 13:18:05         0 d--h----- C:\Program Files\PF
2008-04-19 20:06:59         0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-19 19:32:10         0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-19 16:17:11         0 d-------- C:\Program Files\Azureus
2008-04-11 21:20:03         0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-30 19:55:25         0 d-------- C:\Program Files\TVAnts
2008-03-23 10:44:55        41 --a------ C:\WINDOWS\popcinfo.dat
2008-02-22 20:07:42         0 d-------- C:\Program Files\TVUPlayer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-25 17:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-22 23:37:41]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-12 23:13:49]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet




-- End of Deckard's System Scanner: finished at 2008-04-22 13:06:23 ------------

15
Tech Clinic / PLEASE HELP!!!
« on: April 21, 2008, 11:40:57 PM »
Did everything you said. Here is the log.

ComboFix 08-04-20.5 - Owner 2008-04-22  0:43:41.4 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\inst.exe
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HFDHPNWQ\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Owner\Application Data\ShoppingReport
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Owner\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe
C:\Program Files\uusee
C:\Program Files\uusee\AD\1\000\index_new.html
C:\Program Files\uusee\AD\1\000\uue_new.jpg
C:\Program Files\uusee\AD\1\001\index_new.html
C:\Program Files\uusee\AD\1\001\uue_new.jpg
C:\Program Files\uusee\AD\1\cy\cy.html
C:\Program Files\uusee\AD\1\dm\dm.html
C:\Program Files\uusee\AD\1\dsj\dsj.html
C:\Program Files\uusee\AD\1\dst\dst.html
C:\Program Files\uusee\AD\1\dy\dy.html
C:\Program Files\uusee\AD\1\gp\gp.html
C:\Program Files\uusee\AD\1\jk\jk.html
C:\Program Files\uusee\AD\1\ty\ty.html
C:\Program Files\uusee\AD\1\uu\uu.html
C:\Program Files\uusee\AD\1\yl\yl.html
C:\Program Files\uusee\AD\1\yx\yx.html
C:\Program Files\uusee\AD\1\yx\yx1.html
C:\Program Files\uusee\AD\1\zx\zx.html
C:\Program Files\uusee\AD\2\100\index.html
C:\Program Files\uusee\AD\2\200\index.html
C:\Program Files\uusee\AD\2\300\index.html
C:\Program Files\uusee\AD\UUAD_Banner_1.html
C:\Program Files\uusee\AD\UUAD_Banner_3.html
C:\Program Files\uusee\AD\UUAD_Buffering.html
C:\Program Files\uusee\AD\UUAD_Buffering.jpg
C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
C:\Program Files\uusee\ARMP.ocx
C:\Program Files\uusee\ARMPD.dll
C:\Program Files\uusee\check_cmd.exe
C:\Program Files\uusee\flvplayer.swf
C:\Program Files\uusee\in_psp.dll
C:\Program Files\uusee\MultiVMR9.dll
C:\Program Files\uusee\out_mmshttp.dll
C:\Program Files\uusee\rmsp011.ax
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\u264Dec.ax
C:\Program Files\uusee\UFDeMux.ax
C:\Program Files\uusee\uninst.exe
C:\Program Files\uusee\updateC2.ocx
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer.ocx
C:\Program Files\uusee\UUPlayer_update.ini
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\uusee_video.dll
C:\Program Files\uusee\UUSEEAudioDec.ax
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUSEETemp\UUPlayer.dll
C:\Program Files\uusee\UUSEETemp\UUSeePlayer.exe
C:\Program Files\uusee\UUSEETemp\UUUpgrade.ini
C:\Program Files\uusee\UUTV.xml
C:\Program Files\uusee\UUTV_MY.xml
C:\Program Files\uusee\UUTV_UUPlayer.xml
C:\Program Files\uusee\UUUpgrade.exe
C:\Program Files\uusee\UUUpgrade.ini
C:\Program Files\uusee\UUUpgrade.ocx
C:\Program Files\uusee\vermini.ini
C:\Program Files\uusee\vermini_x.ini
C:\Program Files\uusee\vermini_x1.ini
C:\Program Files\uusee\What's new.mht
C:\Program Files\uusee\What's new.txt
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\awturrpq.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\khfGabbX.dll
C:\WINDOWS\system32\tuvUkKbB.dll
C:\WINDOWS\system32\XbbaGfhk.ini
C:\WINDOWS\system32\XbbaGfhk.ini2

.
(((((((((((((((((((((((((   Files Created from 2008-03-22 to 2008-04-22  )))))))))))))))))))))))))))))))
.

2008-04-21 23:21 . 2008-04-21 23:21   <DIR>   d--------   C:\Deckard
2008-04-21 22:58 . 2008-04-21 22:58   <DIR>   d--------   C:\Program Files\Trend Micro
2008-04-21 20:49 . 2008-04-21 20:49   2,560   --a------   C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13 . 2008-04-22 00:21   345   --ahs----   C:\WINDOWS\system32\hgjjRXyb.ini
2008-04-21 20:08 . 2008-04-21 20:08   <DIR>   d--------   C:\Program Files\Stardock
2008-04-21 18:30 . 2004-05-04 11:53   1,645,320   --a------   C:\WINDOWS\gdiplus.dll
2008-04-21 18:30 . 2006-05-20 16:16   1,184,984   --a------   C:\WINDOWS\system32\wvc1dmod.dll
2008-04-21 18:30 . 2006-05-11 19:21   626,688   --a------   C:\WINDOWS\system32\vp7vfw.dll
2008-04-21 18:30 . 2006-09-29 12:24   217,127   --a------   C:\WINDOWS\system32\drv43260.dll
2008-04-21 18:30 . 2006-09-29 12:25   208,935   --a------   C:\WINDOWS\system32\drv33260.dll
2008-04-21 18:30 . 2006-09-29 12:26   176,165   --a------   C:\WINDOWS\system32\drv23260.dll
2008-04-21 18:30 . 2007-03-18 20:37   65,602   --a------   C:\WINDOWS\system32\cook3260.dll
2008-04-21 18:30 . 2008-04-21 18:32   47,360   --a------   C:\Documents and Settings\Owner\Application Data\pcouffin.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 00:36   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-21 22:40   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 22:33   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\Vso
2008-04-21 22:30   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-21 22:30   ---------   d-----w   C:\Program Files\vso
2008-04-20 17:18   ---------   d--h--w   C:\Program Files\PF
2008-04-19 20:17   ---------   d-----w   C:\Program Files\Azureus
2008-04-12 01:20   ---------   d-----w   C:\Program Files\Microsoft Silverlight
2008-03-30 23:55   ---------   d-----w   C:\Program Files\TVAnts
2008-02-23 00:07   ---------   d-----w   C:\Program Files\TVUPlayer
2005-06-07 06:45   784   ----a-w   C:\Documents and Settings\Owner\Application Data\mpauth.dat
2006-05-06 16:42   7,260,160   ----a-w   C:\Program Files\mozilla firefox\plugins\libvlc.dll
2006-07-07 21:03   80   --sh--r   C:\WINDOWS\system32\114AFAE353.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 14:37 79224]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-25 17:34 185784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-22 23:37:41 113664]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-01-12 23:13:49 107520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-26 14:43:45 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-30 12:42 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
--a------ 2006-06-02 10:34 2934784 C:\Program Files\IDA\ida.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-25 17:34 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-12-21 18:51 3481600 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\iWin Games\\iWinGames.exe"=
"C:\\Program Files\\iWin Games\\WebUpdater.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 14:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 14:35]
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Owner\Desktop\VCdRom.sys []
S2 RVIEG01;VSC Engine;C:\Program Files\Cakewalk\Shared Dxi\Roland\RVIEg01.sys []
Start Pending2 RpcxSs;Remote Procedure Call (RPC) Extensions;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 04:54:22 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-17 13:06:38 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-15 22:57:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-08 22:57:16 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-22 04:54:27 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-09-23 23:47:53 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 00:52:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-04-22  0:59:32 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-22 04:59:07

Pre-Run: 34,677,641,216 bytes free
Post-Run: 34,707,087,360 bytes free

400   --- E O F ---   2008-04-18 20:50:11

16
Tech Clinic / PLEASE HELP!!!
« on: April 21, 2008, 11:09:06 PM »
Ok now its back to doing the same old logging off crap.

17
Tech Clinic / PLEASE HELP!!!
« on: April 21, 2008, 11:04:58 PM »
Ok I'm about to do the above following but now all of a sudden it stopped trying to log off and things are working just a little slower than they were before. This is really weird. Anyway let me try what you said.

18
Tech Clinic / PLEASE HELP!!!
« on: April 21, 2008, 10:28:49 PM »
Combofix starts and says it is going to scan my computer. I made sure everything was closed and did not touch it at all with the mouse. It changes my clock and right after it does that it goes to blue screen error. Wow this is frustrating!

19
Tech Clinic / PLEASE HELP!!!
« on: April 21, 2008, 10:06:02 PM »
Ok I was able to do it. Here ya go...

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-21 23:21:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
53: 2008-04-22 03:21:53 UTC - RP773 - Deckard's System Scanner Restore Point
52: 2008-04-22 01:34:04 UTC - RP772 - Restore Operation
51: 2008-04-22 00:14:28 UTC - RP771 - Last known good configuration
50: 2008-04-22 00:14:18 UTC - RP770 - System Checkpoint
49: 2008-04-22 00:14:16 UTC - RP769 - System Checkpoint


-- First Restore Point --
1: 2008-04-22 00:14:04 UTC - RP721 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:10 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {4020100D-29D7-4392-AFD5-5AD713FF4B88} - C:\WINDOWS\system32\tuvUkKbB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {9FC835BF-C7A6-4A98-8F2E-AEB36109E4B9} - C:\WINDOWS\system32\byXRjjgh.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O20 - Winlogon Notify: tuvUkKbB - C:\WINDOWS\SYSTEM32\tuvUkKbB.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 6300 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71[/color]
[color=\"red\"].cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153[/color]
[color=\"red\"].hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23[/color]
[color=\"red\"].inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/color]
[color=\"red\"].ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69[/color]
[color=\"red\"].js - JSFile - DefaultIcon - C:\WINDOWS\System32\WScript.exe,3[/color]
[color=\"red\"].reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1[/color]
[color=\"red\"].txt - txtfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,70[/color]
[color=\"red\"].vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S1 vcdrom (Virtual CD-ROM Device Driver) - c:\documents and settings\owner\desktop\vcdrom.sys (file missing)
S2 RVIEG01 (VSC Engine) - c:\program files\cakewalk\shared dxi\roland\rvieg01.sys (file missing)
S3 CA561 (ICatch VI PC CAMERA) - c:\windows\system32\drivers\spca561.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys (file missing)
S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 RpcxSs (Remote Procedure Call (RPC) Extensions) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 23:07:31       448 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-04-21 23:07:31       438 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-04-17 09:06:38       372 --a------ C:\WINDOWS\Tasks\RegCure.job
2008-04-15 18:57:00       270 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-10-08 18:57:16       392 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-09-23 19:47:53       362 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 22:58:08         0 d-------- C:\Program Files\Trend Micro
2008-04-21 20:49:22      2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-04-21 20:13:53    101473 --ahs---- C:\WINDOWS\system32\hgjjRXyb.ini2
2008-04-21 20:13:48    272896 --a------ C:\WINDOWS\system32\byXRjjgh.dll
2008-04-21 20:10:51     38400 --a------ C:\WINDOWS\system32\awturrpq.dll
2008-04-21 20:08:58         0 d-------- C:\Program Files\Stardock
2008-04-21 20:08:43     38400 --a------ C:\WINDOWS\system32\tuvUkKbB.dll
2008-04-21 18:30:21     47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-21 18:30:07    217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-04-21 18:30:07    208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-04-21 18:30:07    176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-04-21 18:30:07     65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-21 18:30:06    626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-21 18:30:05   1645320 --a------ C:\WINDOWS\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-29 00:09:48         0 d-------- C:\Documents and Settings\Owner\Application Data\ShoppingReport
2008-03-29 00:09:47         0 d-------- C:\Program Files\ShoppingReport


-- Find3M Report ---------------------------------------------------------------

2008-04-21 20:36:02         0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-21 18:33:26         0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2008-04-21 18:33:25       668 --a------ C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
2008-04-21 18:32:36        33 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2008-04-21 18:32:35      1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2008-04-21 18:32:35      7887 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2008-04-21 18:30:02         0 d-------- C:\Program Files\vso
2008-04-20 13:18:05         0 d--h----- C:\Program Files\PF
2008-04-19 20:06:59         0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-04-19 19:32:10         0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-04-19 16:17:11         0 d-------- C:\Program Files\Azureus
2008-04-11 21:20:03         0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-30 19:55:25         0 d-------- C:\Program Files\TVAnts
2008-03-23 10:44:55        41 --a------ C:\WINDOWS\popcinfo.dat
2008-02-22 20:07:42         0 d-------- C:\Program Files\TVUPlayer


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 08:13 AM   1173024   --a------   C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4020100D-29D7-4392-AFD5-5AD713FF4B88}]
04/21/2008 08:08 PM   38400   --a------   C:\WINDOWS\system32\tuvUkKbB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FC835BF-C7A6-4A98-8F2E-AEB36109E4B9}]
04/21/2008 08:13 PM   272896   --a------   C:\WINDOWS\system32\byXRjjgh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/21/2005 11:48 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 11:44 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/25/2006 05:34 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/22/2005 11:37:41 PM]
iWin Desktop Alerts.lnk - C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [1/12/2008 11:13:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/26/2006 2:43:45 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4020100D-29D7-4392-AFD5-5AD713FF4B88}"= C:\WINDOWS\system32\tuvUkKbB.dll [04/21/2008 08:08 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvUkKbB]
tuvUkKbB.dll 04/21/2008 08:08 PM 38400 C:\WINDOWS\system32\tuvUkKbB.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXRjjgh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Download Accelerator]
C:\Program Files\IDA\ida.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memory Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
RpcxSs




-- End of Deckard's System Scanner: finished at 2008-04-21 23:24:29 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.20GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 766.48 MiB / 490.45 MiB
Pagefile Memory (total/avail): 1108.57 MiB / 825.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.1 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 55.87 GiB total, 32.36 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD600BB-75CAA0 - 55.87 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 55.87 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080421-1] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\bot.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\bot.exe:*:Enabled:Windows Update"
"C:\\WINDOWS\\bxproxy.exe"="C:\\WINDOWS\\bxproxy.exe:*:Enabled:Windows Update"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"="C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE:*:Disabled:SC3UpdaterMFC"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Owner\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe"="C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\MaxTV Online\\maxtv.exe"="C:\\Program Files\\MaxTV Online\\maxtv.exe:*:Enabled:maxtv"
"C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe"="C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe:*:Enabled:Streamer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Z-Net mIRC\\mirc.exe"="C:\\Program Files\\Z-Net mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:File Transfer Program"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Setup.exe"="D:\\Setup.exe:*:Enabled:Setup"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OBESE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\OBESE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Support Tools\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=OBESE
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Bink and Smacker --> C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
BitPim 1.0.3.20071126 --> "C:\Program Files\BitPim\unins000.exe"
Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
ConvertXtoDVD 3.0.0.7 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell DJ Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9  /remove
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DreamStation DXi --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EZ AVI TO WMV Converter 3.00 --> "C:\Program Files\ezvideotools.com\EZ AVI TO WMV Converter\unins000.exe"
FairStars Audio Converter 1.52 --> "C:\Program Files\FairStars Audio Converter\unins000.exe"
FriendBlasterPro --> "C:\Program Files\FriendBlasterPro\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
GTK+ Runtime 2.6.9 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Internet Download Accelerator version 5.0.5 --> "C:\Program Files\IDA\unins000.exe"
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jewel Quest 2 (remove only) --> "C:\Program Files\iWin.com Games\Jewel Quest 2\Uninstall.exe"
K-Lite Codec Pack 3.5.3 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire PRO 4.12.4 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9  -removeonly
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Windows Media Video 9 VCM --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Move Networks Player for Firefox --> "C:\Program Files\Mozilla Firefox\plugins\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.35 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.5.0.0 --> C:\Program Files\RegCure\uninst.exe
RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ShopperReports --> C:\Program Files\ShoppingReport\Uninst.exe
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
UUSee ÍøÂçµçÊÓ [4.4.0.49] --> C:\Program Files\uusee\uninst.exe
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Virtual Sound Canvas DXi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}\setup.exe" UNINSTALL_XXX
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type327 / Error
Event Submitted/Written: 04/21/2008 08:15:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type321 / Error
Event Submitted/Written: 04/19/2008 09:18:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application tvants.exe, version 1.0.0.59, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [tvants.exe!ws!]

Event Record #/Type318 / Warning
Event Submitted/Written: 04/18/2008 04:50:54 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type317 / Warning
Event Submitted/Written: 04/18/2008 04:50:54 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type316 / Warning
Event Submitted/Written: 04/18/2008 04:50:53 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2139507 / Error
Event Submitted/Written: 04/21/2008 11:01:15 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126

Event Record #/Type2139486 / Error
Event Submitted/Written: 04/21/2008 09:37:57 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126

Event Record #/Type2139467 / Error
Event Submitted/Written: 04/21/2008 09:34:08 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126

Event Record #/Type2139447 / Error
Event Submitted/Written: 04/21/2008 09:30:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Remote Procedure Call (RPC) Extensions service terminated with the following error:
%%126

Event Record #/Type2139442 / Error
Event Submitted/Written: 04/21/2008 09:28:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-04-21 23:24:29 ------------

20
Tech Clinic / PLEASE HELP!!!
« on: April 21, 2008, 09:46:11 PM »
Ok here is my new Hijack This log with v2.0.2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:45 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 5645 bytes



I went into my ad-aware and there is nothing in quarentine. I deleted all the objects ad-aware found. It didnt find anything critical I was just doing a routine scan. Right now it is cycling every 5 seconds. My icons dissapear as well as the task bar. Very annoying. I really appriciate you helping.

Pages: [1] 2 3