Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - lloydguy

Pages: [1]

Tech Clinic / I may have a backdoor trojan

« on: August 02, 2008, 01:59:38 PM »

when I uninstalled registryfix the problem went away

Tech Clinic / I may have a backdoor trojan

« on: July 27, 2008, 04:27:43 PM »

I have all of those files even the ones with the .bak extensions

Deckard's System Scanner v20071014.68
Run by M. Allen on 2008-07-27 17:33:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
10: 2008-07-27 21:33:09 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-07-27 03:09:23 UTC - RP9 - Installed DirectX
8: 2008-07-27 03:00:28 UTC - RP8 - Installed EA Download Manager
7: 2008-07-27 02:58:20 UTC - RP7 - Installed SPOREâ„¢ Creature Creator Trial Edition
6: 2008-07-27 02:55:44 UTC - RP6 - Removed SPOREâ„¢ Creature Creator Trial Edition

-- First Restore Point --
1: 2008-07-22 15:19:58 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as M. Allen.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:05 PM, on 7/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\M. Allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\M. Allen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213133151312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213133245406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6299 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=\"red\"].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R0 pfc (Padus Aspi Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R0 PxHelper - c:\windows\system32\drivers\pxhelper.sys <Not Verified; VERITAS Software, Inc.; PxHelp20>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 Pivot - c:\windows\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pivotmou (Pivot Mouse/Pointers Filter Driver) - c:\windows\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>

S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
S3 SNTNLUSB (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal â€“ Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
R2 Iomega Activity Disk2 - "c:\progra~1\iomega\system32\activitydisk.exe" <Not Verified; Iomega Corporation; SmartSoft ActivityDisk>
R2 Matrox Centering Service - "c:\program files\matrox graphics inc\powerdesk\services\matrox.powerdesk.services.exe" <Not Verified; Matrox Graphics Inc.; Matrox PowerDesk Services>
R2 Matrox.Pdesk.ServicesHost - "c:\program files\matrox graphics inc\powerdesk se\matrox.pdesk.serviceshost.exe" <Not Verified; Matrox Graphics Inc; Matrox Services Host>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 17:31:40 492 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2004-02-24 15:35:28 282 --a------ C:\WINDOWS\Tasks\AvidSoundCardTool.job

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-26 23:12:09 0 d-------- C:\Documents and Settings\M. Allen\Application Data\SPORE Creature Creator
2008-07-26 23:06:42 0 d-------- C:\WINDOWS\Logs
2008-07-26 23:00:35 0 d-------- C:\ProgramData
2008-07-26 23:00:29 1096 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-26 22:58:22 0 d-------- C:\Program Files\Electronic Arts
2008-07-26 21:56:54 0 d-------- C:\Program Files\Vivia
2008-07-26 21:49:54 0 d-------- C:\Documents and Settings\M. Allen\Application Data\DVD Flick
2008-07-26 21:48:13 0 d-------- C:\Documents and Settings\M. Allen\.thumbnails
2008-07-26 21:48:12 0 d-------- C:\Documents and Settings\M. Allen\.imgseek
2008-07-26 21:44:57 0 d-------- C:\Program Files\imgSeek
2008-07-26 21:43:56 0 d-------- C:\Program Files\DVD Flick
2008-07-26 20:24:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-07-26 20:24:42 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-26 20:22:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-07-26 20:22:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-26 19:38:01 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Malwarebytes
2008-07-26 19:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 19:37:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 11:17:29 68096 --a------ C:\WINDOWS\zip.exe
2008-07-23 11:17:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-23 11:17:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 11:17:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 11:17:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 11:17:29 98816 --a------ C:\WINDOWS\sed.exe
2008-07-23 11:17:29 80412 --a------ C:\WINDOWS\grep.exe
2008-07-23 11:17:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 11:04:01 0 d-------- C:\Program Files\Cheatbook Database 2008
2008-07-22 10:04:24 0 dr-h----- C:\Documents and Settings\M. Allen\Recent
2008-07-21 10:01:53 0 d-------- C:\fsaua.data
2008-07-21 09:56:27 0 d-------- C:\Program Files\Trend Micro
2008-07-21 09:34:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-21 09:33:59 0 d-------- C:\Program Files\Security Task Manager
2008-07-19 15:07:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-19 15:07:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-19 15:07:11 0 d-------- C:\Documents and Settings\M. Allen\Application Data\SUPERAntiSpyware.com
2008-07-19 14:27:30 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-18 23:55:05 0 d-------- C:\Documents and Settings\Kenney\Application Data\GRETECH
2008-07-17 19:12:42 0 d-------- C:\Program Files\Haali
2008-07-17 19:11:27 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-17 19:11:27 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-17 19:11:27 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-17 19:11:26 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-17 19:11:22 0 d-------- C:\Program Files\Cucusoft
2008-07-17 19:00:18 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-17 19:00:18 47360 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-17 19:00:17 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Vso
2008-07-17 19:00:02 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-17 19:00:02 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-17 19:00:02 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-17 19:00:02 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-17 18:59:56 0 d-------- C:\Program Files\VSO
2008-07-16 19:59:14 0 d-------- C:\Documents and Settings\Trina\Application Data\Mozilla
2008-07-15 15:09:51 0 d---s---- C:\Documents and Settings\Trina\UserData
2008-07-14 22:20:28 0 d-------- C:\Documents and Settings\Trina\Application Data\GRETECH
2008-07-14 21:25:52 0 d-------- C:\Documents and Settings\Trina\AbiSuite
2008-07-13 15:32:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-10 20:11:51 0 d-------- C:\Documents and Settings\Kenney\Application Data\Identities
2008-07-10 20:11:34 0 dr-h----- C:\Documents and Settings\Kenney\SendTo
2008-07-10 20:11:34 0 dr-h----- C:\Documents and Settings\Kenney\Recent
2008-07-10 20:11:34 0 d--h----- C:\Documents and Settings\Kenney\PrintHood
2008-07-10 20:11:34 0 d--h----- C:\Documents and Settings\Kenney\NetHood
2008-07-10 20:11:34 0 dr------- C:\Documents and Settings\Kenney\My Documents
2008-07-10 20:11:34 0 d--h----- C:\Documents and Settings\Kenney\Local Settings
2008-07-10 20:11:34 0 dr------- C:\Documents and Settings\Kenney\Favorites
2008-07-10 20:11:34 0 d-------- C:\Documents and Settings\Kenney\Desktop
2008-07-10 20:11:34 0 d---s---- C:\Documents and Settings\Kenney\Cookies
2008-07-10 20:11:34 0 dr-h----- C:\Documents and Settings\Kenney\Application Data
2008-07-10 20:11:34 0 d---s---- C:\Documents and Settings\Kenney\Application Data\Microsoft
2008-07-10 20:11:33 0 d--h----- C:\Documents and Settings\Kenney\Templates
2008-07-10 20:11:33 0 dr------- C:\Documents and Settings\Kenney\Start Menu
2008-07-10 20:11:33 786432 --ah----- C:\Documents and Settings\Kenney\NTUSER.DAT
2008-07-10 19:36:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
2008-07-10 19:36:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Matrox
2008-07-10 18:52:44 0 d-------- C:\Documents and Settings\M. Allen\Application Data\DisplayTune
2008-07-10 18:48:48 62009 --a------ C:\WINDOWS\system32\wpfb_g400dhd.dll <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
2008-07-10 18:48:46 62009 --a------ C:\WINDOWS\system32\WPFB.DLL <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
2008-07-10 18:48:46 2304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-07-10 18:48:46 11323 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>
2008-07-10 18:48:46 17465 --a------ C:\WINDOWS\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
2008-07-10 18:48:45 0 d-------- C:\Program Files\Portrait Displays
2008-07-10 18:48:21 372736 --a------ C:\WINDOWS\ijl15.dll <Not Verified; Intel Corporation; IntelÂ® JPEG Library>
2008-07-10 18:48:18 0 d-------- C:\Program Files\Gateway
2008-07-10 18:48:18 0 d-------- C:\Program Files\Common Files\Portrait Displays
2008-07-10 18:22:02 0 d-------- C:\Program Files\Matrox Graphics Inc
2008-07-10 18:21:05 0 d-------- C:\mgafold
2008-07-10 17:56:38 0 d-------- C:\Program Files\FreshDevices
2008-07-09 20:00:22 2328704 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; MicrosoftÂ® WindowsÂ® Operating System>
2008-07-09 19:50:41 0 d--h----- C:\WINDOWS\Icons
2008-07-09 12:41:40 0 d--h----- C:\WINDOWS\PIF
2008-07-09 12:17:47 0 d-------- C:\Documents and Settings\M. Allen\Application Data\TuneUp Software
2008-07-09 12:17:26 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-09 12:17:20 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-09 12:16:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 16:52:19 0 d-------- C:\Program Files\Total Video Converter
2008-07-07 15:57:24 0 d-------- C:\Program Files\MegauploadToolbar
2008-07-07 15:57:24 0 d-------- C:\Documents and Settings\M. Allen\Application Data\MegauploadToolbar
2008-07-02 21:09:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-02 21:08:40 0 d-------- C:\Program Files\Yahoo!
2008-07-01 15:31:58 0 d-------- C:\WINDOWS\Sun
2008-07-01 15:31:58 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Sun
2008-07-01 15:31:01 0 d-------- C:\Program Files\Java
2008-07-01 15:30:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-01 14:23:24 0 d-------- C:\Program Files\WinAudit
2008-07-01 14:22:20 0 d-------- C:\Documents and Settings\M. Allen\AbiSuite
2008-07-01 14:22:05 0 d-------- C:\Program Files\AbiSuite2
2008-06-30 19:17:21 0 d-------- C:\Program Files\VirtualDJ
2008-06-30 19:14:32 0 d-------- C:\Program Files\IP-Tools
2008-06-30 18:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-30 18:34:17 0 d-------- C:\Program Files\SlySoft
2008-06-30 18:33:53 0 d-------- C:\Program Files\Elaborate Bytes
2008-06-30 18:30:57 0 d-------- C:\Program Files\HOTLLAMA MEDIA
2008-06-30 18:30:31 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-28 21:48:54 0 d-------- C:\Program Files\SimpleOCR
2008-06-28 21:39:34 0 d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-28 21:39:07 0 d-------- C:\pdf995
2008-06-28 21:37:58 0 d-------- C:\omniformat
2008-06-28 21:30:43 0 d---s---- C:\Documents and Settings\Kevin\UserData
2008-06-28 19:10:40 0 d-------- C:\Downloads
2008-06-28 19:09:09 0 d-------- C:\Program Files\FlashGet
2008-06-28 15:05:02 0 d-------- C:\Program Files\IrfanView
2008-06-28 14:43:14 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-28 14:41:13 0 d-------- C:\Program Files\HP
2008-06-28 14:40:30 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-06-28 14:40:30 103535 --a------ C:\WINDOWS\hpoins04.dat
2008-06-28 14:40:03 0 d-------- C:\temp

-- Find3M Report ---------------------------------------------------------------

2008-07-26 23:12:24 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-26 22:58:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-26 22:01:35 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-23 11:35:04 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-23 11:20:05 0 d-------- C:\Program Files\Common Files
2008-07-18 16:45:20 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Auslogics
2008-07-17 20:53:28 1132376 --a------ C:\Documents and Settings\M. Allen\Application Data\vso_ts_preview.xml
2008-07-17 19:00:32 34 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.log
2008-07-17 19:00:18 1144 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.inf
2008-07-17 19:00:18 7887 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.cat
2008-07-10 18:47:49 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-10 17:33:59 0 d-------- C:\Program Files\Auslogics
2008-07-10 17:29:19 0 d-------- C:\Program Files\MP3 CD Converter
2008-07-10 17:17:47 0 d-------- C:\Program Files\Google
2008-07-10 17:17:46 261 --a------ C:\Documents and Settings\M. Allen\Application Data\.googlewebacchosts
2008-07-08 17:31:38 0 d-------- C:\Program Files\MediaCoder
2008-07-01 14:38:57 0 d-------- C:\Program Files\DupFinder
2008-06-30 18:41:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-26 19:47:52 0 d-------- C:\Program Files\SpeedFan
2008-06-26 18:05:56 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Apple Computer
2008-06-25 19:07:49 0 d-------- C:\Program Files\Avira
2008-06-25 18:48:48 0 d-------- C:\Program Files\Symantec
2008-06-25 18:48:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-25 18:42:57 0 d-------- C:\Documents and Settings\M. Allen\Application Data\vlc
2008-06-25 18:37:46 0 d-------- C:\Program Files\VideoLAN
2008-06-25 18:35:23 0 d-------- C:\Program Files\QuickTime
2008-06-22 18:34:39 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Real
2008-06-21 18:49:00 0 d-------- C:\Program Files\ian's iBeat v.1.4 engine
2008-06-21 18:48:58 45056 --a------ C:\WINDOWS\SIUnInst.exe <Not Verified; MJSoft; SmartInstall>
2008-06-21 18:47:46 0 d-------- C:\Program Files\Piano Chord Helper
2008-06-21 18:33:08 0 d-------- C:\Program Files\WinDirStat
2008-06-20 13:16:33 0 d-------- C:\Program Files\Fortop Digital Software
2008-06-18 01:15:29 0 d-------- C:\Program Files\PCPitstop
2008-06-16 20:14:23 0 d-------- C:\Documents and Settings\M. Allen\Application Data\WinRAR
2008-06-16 18:05:21 0 d-------- C:\Program Files\Foxit Software
2008-06-16 17:56:03 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Media Player Classic
2008-06-16 17:20:40 0 d-------- C:\Program Files\Nsasoft
2008-06-15 18:55:28 0 d-------- C:\Program Files\Messenger
2008-06-14 15:36:24 0 d-------- C:\Program Files\PayPal
2008-06-14 15:36:15 0 d-------- C:\Documents and Settings\M. Allen\Application Data\InstallShield
2008-06-13 18:58:38 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Help
2008-06-13 18:21:39 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Google
2008-06-11 23:31:11 0 d-------- C:\Program Files\Hide Your IP Address
2008-06-11 13:02:15 0 d-------- C:\Documents and Settings\M. Allen\Application Data\CDBurnerXP_Soft
2008-06-11 12:55:38 180224 --a------ C:\WINDOWS\system32\wmdrmsdk.dll <Not Verified; Microsoft Corporation; MicrosoftÂ® DRM>
2008-06-11 12:48:42 0 d-------- C:\Documents and Settings\M. Allen\Application Data\GRETECH
2008-06-11 12:46:36 0 d-------- C:\Program Files\GRETECH
2008-06-11 12:20:40 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-10 20:01:34 0 d-------- C:\Program Files\7-Zip
2008-06-10 19:53:33 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Macromedia
2008-06-10 19:53:33 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Adobe
2008-06-10 19:45:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-10 19:45:53 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Mozilla
2008-06-10 19:21:47 0 d-------- C:\Program Files\Movie Maker
2008-06-10 19:17:50 0 d-------- C:\Program Files\Windows NT
2008-06-10 17:56:49 0 d-------- C:\Program Files\X-Setup Pro
2008-06-10 17:56:33 0 d-------- C:\Documents and Settings\M. Allen\Application Data\X-Setup Pro
2008-06-09 14:43:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 13:16:25 0 d-------- C:\Program Files\VS Revo Group
2008-06-09 13:07:17 0 d-------- C:\Program Files\RegistryFix
2008-06-09 13:00:30 0 d-------- C:\Program Files\CCleaner
2008-04-28 02:52:30 2121235 --a------ C:\WINDOWS\system32\x264vfw.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [07/22/2008 09:32 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/25/2008 06:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/13/2008 06:55 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [05/16/2008 06:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"NoSharedDocuments"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"Iomega Active Disk"=C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
"Palm MulitUser Config"=C:\Program Files\Palm\Configtool.exe
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"Iomega Startup Options"=C:\Program Files\Iomega\Common\ImgStart.exe
"Matrox PowerDesk SE"="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
"PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
"DT GWY"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-07-27 17:34:58 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 511.49 MiB / 301.13 MiB
Pagefile Memory (total/avail): 992.89 MiB / 774.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.04 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 5.64 GiB free.
D: is Fixed (NTFS) - 111.78 GiB total, 101.11 GiB free.
E: is Fixed (NTFS) - 111.79 GiB total, 108.85 GiB free.
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - WDC WD1200BB-00CAA1 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - E:

\\.\PHYSICALDRIVE2 - WDC WD1200BB-00CAA1 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.78 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD400BB-32CFC0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\M. Allen\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\M. Allen
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MA5DA~1.ALL\LOCALS~1\Temp
TMP=C:\DOCUME~1\MA5DA~1.ALL\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=M. Allen
USERPROFILE=C:\Documents and Settings\M. Allen
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

M. Allen (admin)
Trina
Kevin
Kenney

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.55 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
AbiWord 2.6.3 --> C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AiO_Scan -->
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Defrag --> "C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
Avid Xpress DV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81D251F6-2346-4278-8950-62EBF76B0278}\setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheatbook Database 2008 --> "C:\Program Files\Cheatbook Database 2008\Uninstal.exe"
Cleaner 5 EZ --> C:\WINDOWS\unvise32.exe C:\Program Files\Media100\Cleaner 5 EZ\uninstal.log
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 3.1.0.26 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EzTune --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4955758-B754-471D-9091-7CE2C3D9E9AA}\setup.exe" -l0x9 -removeonly
Fortop FLV Player 1.1 --> "C:\Program Files\Fortop Digital Software\Fortop FLV Player\unins000.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
ian's iBeat v.1.4 engine --> C:\WINDOWS\SIUnInst.exe C:\Program Files\ian's iBeat v.1.4 engine\Uninst.log
Illusion FX Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13C15DA7-5571-4B4D-B174-3AD5670C42E3}\SETUP.EXE" -l0x9
imgSeek (remove only) --> "C:\Program Files\imgSeek\uninstall.exe"
Iomega App Services --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
IomegaWare --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
IP-Tools --> C:\Program Files\IP-Tools\UnInstal.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(tm) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 4.0.0 (Standard) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matrox Graphics Software (remove only) --> C:\WINDOWS\system32\PDesk\PDUninst.exe
Matrox PowerDesk-SE --> MsiExec.exe /X{5C207B28-7991-4241-8B34-66E47FC09D5E}
MediaCoder 0.6.1 --> C:\Program Files\MediaCoder\uninst.exe
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MP3 CD Converter 4.01 --> "C:\Program Files\MP3 CD Converter\unins000.exe"
Palm Desktop --> MsiExec.exe /X{9B52B30C-F65C-4244-ABCE-215E46E27AF0}
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
Piano Chord Helper 4.2 --> "C:\Program Files\Piano Chord Helper\unins000.exe"
Pivot Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
PowerDirector Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninst
Product Key Explorer 1.8.3 --> "C:\Program Files\Nsasoft\ProductKeyExplorer\unins000.exe"
QFolder -->
QuickTime -->
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Scan -->
SDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Sentinel System Driver --> MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
SPOREâ„¢ Creature Creator Trial Edition --> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Video Converter 3.12 080330 --> "C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vivia --> MsiExec.exe /I{EF8CCDB9-8AF2-4B45-9C27-B892CC33793A}
WebFldrs XP -->
WinDirStat 1.1.2 --> "C:\Program Files\WinDirStat\Uninstall.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XQDC X-Setup Pro 9.0.100 --> "C:\Program Files\X-Setup Pro\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type2045 / Error
Event Submitted/Written: 07/26/2008 09:58:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vivia.exe, version 0.0.0.0, faulting module avcodec-51.dll, version 0.0.0.0, fault address 0x00002acb.
Processing media-specific event for [vivia.exe!ws!]

Event Record #/Type2042 / Error
Event Submitted/Written: 07/26/2008 09:56:24 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Vivia -- 1: ALLUSERS property is not 1 - this MSM cannot be used for a per-user or fallback-to-per-user install 2:

Event Record #/Type2040 / Error
Event Submitted/Written: 07/26/2008 09:34:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2033 / Warning
Event Submitted/Written: 07/26/2008 08:23:54 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\System Volume Information\_restore{71365B75-A399-4A6A-A9AC-9433BCDC4948}\RP2\A0002015.exe

Event Record #/Type2032 / Warning
Event Submitted/Written: 07/26/2008 08:22:13 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\QooBox\Quarantine\C\Documents and Settings\M. Allen\Application Data\inst.exe.vir

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type27240 / Error
Event Submitted/Written: 07/27/2008 05:16:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Workstation service terminated with the following error:
%%2

Event Record #/Type27238 / Error
Event Submitted/Written: 07/27/2008 05:16:02 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%2

Event Record #/Type27237 / Error
Event Submitted/Written: 07/27/2008 05:16:00 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Workstation service terminated with the following error:
%%2

Event Record #/Type27235 / Error
Event Submitted/Written: 07/27/2008 05:16:00 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%2

Event Record #/Type27230 / Error
Event Submitted/Written: 07/27/2008 05:13:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Workstation service terminated with the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-07-27 17:34:58 ------------

Tech Clinic / I may have a backdoor trojan

« on: July 26, 2008, 07:25:49 PM »

Malwarebytes' Anti-Malware 1.23
Database version: 996
Windows 5.1.2600 Service Pack 3

8:42:57 PM 7/26/2008
mbam-log-7-26-2008 (20-42-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 79130
Time elapsed: 47 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:57 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\GRETECH\GomPlayer\GOM.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213133151312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213133245406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6270 bytes

Tech Clinic / I may have a backdoor trojan

« on: July 24, 2008, 07:12:41 AM »

no I had had sp3 for a while. I got it the day after it was released but I didn't start having this problem until about a week ago.

Tech Clinic / I may have a backdoor trojan

« on: July 23, 2008, 10:11:55 AM »

ComboFix 08-07-22.4 - M. Allen 2008-07-23 11:18:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.312 [GMT -4:00]
Running from: C:\Documents and Settings\M. Allen\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\M. Allen\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-22 11:04 . 2008-07-22 11:05 <DIR> d-------- C:\Program Files\Cheatbook Database 2008
2008-07-22 09:28 . 2001-08-23 08:00 50,620 --a------ C:\WINDOWS\system32\command.com.bak
2008-07-22 09:28 . 2002-12-12 15:52 2,577 --a------ C:\WINDOWS\system32\config.nt.bak
2008-07-22 09:28 . 2001-08-23 08:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt.bak
2008-07-21 10:01 . 2008-07-21 10:01 <DIR> d-------- C:\fsaua.data
2008-07-21 09:56 . 2008-07-21 09:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 09:34 . 2008-07-22 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-21 09:33 . 2008-07-22 10:04 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-19 15:07 . 2008-07-19 15:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-19 15:07 . 2008-07-19 15:07 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\SUPERAntiSpyware.com
2008-07-19 15:07 . 2008-07-19 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-19 14:27 . 2008-07-21 10:03 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-18 23:55 . 2008-07-18 23:55 <DIR> d-------- C:\Documents and Settings\Kenney\Application Data\GRETECH
2008-07-17 19:12 . 2008-07-17 19:12 <DIR> d-------- C:\Program Files\Haali
2008-07-17 19:11 . 2008-07-17 19:11 <DIR> d-------- C:\Program Files\Cucusoft
2008-07-17 19:11 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-17 19:11 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-17 19:11 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-17 19:11 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-17 19:11 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-17 19:11 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-17 19:00 . 2008-07-17 20:53 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\Vso
2008-07-17 19:00 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-17 19:00 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-17 19:00 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-17 19:00 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-17 19:00 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-17 19:00 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-17 19:00 . 2008-07-17 19:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 19:00 . 2008-07-17 19:00 47,360 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.sys
2008-07-17 18:59 . 2008-07-17 19:00 <DIR> d-------- C:\Program Files\VSO
2008-07-15 15:09 . 2008-07-15 15:09 <DIR> d---s---- C:\Documents and Settings\Trina\UserData
2008-07-14 22:20 . 2008-07-14 22:20 <DIR> d-------- C:\Documents and Settings\Trina\Application Data\GRETECH
2008-07-14 21:25 . 2008-07-16 20:11 <DIR> d-------- C:\Documents and Settings\Trina\AbiSuite
2008-07-13 15:32 . 2008-07-13 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-10 20:11 . 2008-07-10 20:11 <DIR> d-------- C:\Documents and Settings\Kenney
2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Matrox
2008-07-10 18:52 . 2008-07-10 18:52 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\DisplayTune
2008-07-10 18:49 . 2006-11-16 17:20 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2008-07-10 18:48 . 2008-07-10 18:48 <DIR> d-------- C:\Program Files\Portrait Displays
2008-07-10 18:48 . 2008-07-10 18:48 <DIR> d-------- C:\Program Files\Gateway
2008-07-10 18:48 . 2008-07-10 18:48 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2008-07-10 18:22 . 2008-07-10 19:36 <DIR> d-------- C:\Program Files\Matrox Graphics Inc
2008-07-10 18:21 . 2008-07-10 19:35 <DIR> d-------- C:\mgafold
2008-07-10 18:21 . 2006-02-28 10:37 102,400 --a------ C:\WINDOWS\system32\MtxCIP.dll
2008-07-10 17:56 . 2008-07-10 17:56 <DIR> d-------- C:\Program Files\FreshDevices
2008-07-10 17:50 . 2008-07-10 17:50 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-10 09:01 . 2008-07-20 12:42 38 --a------ C:\WINDOWS\avisplitter.INI
2008-07-09 20:28 . 2008-07-09 20:28 34 --------- C:\WINDOWS\system32\oeminfo.ini
2008-07-09 20:00 . 2008-07-09 20:00 2,328,704 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-07-09 19:50 . 2008-07-09 19:50 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-09 12:41 . 2008-07-09 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-09 12:17 . 2008-07-09 12:17 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-09 12:17 . 2008-07-09 12:17 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\TuneUp Software
2008-07-09 12:17 . 2008-07-09 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-09 12:17 . 2008-07-09 12:17 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-09 12:17 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-09 12:16 . 2008-07-19 15:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 16:52 . 2008-07-10 17:37 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-08 16:52 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-07-07 15:57 . 2008-07-22 16:35 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\MegauploadToolbar
2008-07-02 21:09 . 2008-07-02 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-01 15:31 . 2008-07-01 15:31 <DIR> d-------- C:\WINDOWS\Sun
2008-07-01 15:31 . 2008-07-01 15:31 <DIR> d-------- C:\Program Files\Java
2008-07-01 15:31 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-01 15:30 . 2008-07-01 15:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 14:23 . 2008-07-01 14:24 <DIR> d-------- C:\Program Files\WinAudit
2008-07-01 14:22 . 2008-07-01 14:22 <DIR> d-------- C:\Program Files\AbiSuite2
2008-07-01 14:22 . 2008-07-04 19:18 <DIR> d-------- C:\Documents and Settings\M. Allen\AbiSuite
2008-06-30 19:17 . 2008-06-30 19:17 <DIR> d-------- C:\Program Files\VirtualDJ
2008-06-30 19:14 . 2008-07-18 16:36 <DIR> d-------- C:\Program Files\IP-Tools
2008-06-30 18:36 . 2008-06-30 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-30 18:34 . 2008-06-30 18:34 <DIR> d-------- C:\Program Files\SlySoft
2008-06-30 18:34 . 2008-06-30 18:37 72 ---hs---- C:\WINDOWS\SF2A3E2E5.tmp
2008-06-30 18:33 . 2008-06-30 18:33 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\Program Files\HOTLLAMA MEDIA
2008-06-30 18:30 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-30 18:30 . 2004-07-14 16:26 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-30 18:25 . 2004-09-06 03:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-28 21:48 . 2008-06-29 13:07 <DIR> d-------- C:\Program Files\SimpleOCR
2008-06-28 21:39 . 2008-06-28 21:39 <DIR> d-------- C:\pdf995
2008-06-28 21:39 . 2008-06-28 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-28 21:37 . 2008-06-28 21:40 <DIR> d-------- C:\omniformat
2008-06-28 21:30 . 2008-06-28 21:30 <DIR> d---s---- C:\Documents and Settings\Kevin\UserData
2008-06-28 19:10 . 2008-07-09 17:50 <DIR> d-------- C:\Downloads
2008-06-28 19:09 . 2008-06-30 11:49 <DIR> d-------- C:\Program Files\FlashGet
2008-06-28 15:05 . 2008-06-28 15:05 <DIR> d-------- C:\Program Files\IrfanView
2008-06-28 14:43 . 2008-06-28 14:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-28 14:42 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-28 14:42 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-28 14:41 . 2008-06-28 14:41 <DIR> d-------- C:\Program Files\HP
2008-06-28 14:40 . 2008-06-28 14:40 <DIR> d-------- C:\temp\HP_WebRelease
2008-06-28 14:40 . 2008-06-28 14:40 <DIR> d-------- C:\temp
2008-06-28 14:40 . 2008-06-28 14:43 103,535 --a------ C:\WINDOWS\hpoins04.dat
2008-06-28 14:40 . 2004-06-22 08:04 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-06-28 14:35 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-28 14:35 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-26 18:05 . 2008-06-26 18:05 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\Apple Computer
2008-06-25 19:07 . 2008-06-25 19:07 <DIR> d-------- C:\Program Files\Avira
2008-06-25 19:07 . 2008-06-25 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-25 19:04 . 2008-07-01 14:38 <DIR> d-------- C:\Program Files\DupFinder
2008-06-25 18:42 . 2008-06-25 18:42 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\vlc
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-25 18:36 . 2008-07-23 11:11 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-25 18:35 . 2008-07-21 16:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 18:35 . 2008-06-25 18:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 18:34 . 2008-06-25 18:35 <DIR> d-------- C:\Program Files\QuickTime
2008-06-25 18:33 . 2008-06-25 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-25 17:48 . 2008-06-25 17:48 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-23 18:28 . 2008-06-28 21:30 <DIR> d-------- C:\Documents and Settings\Kevin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 15:11 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-18 20:45 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\Auslogics
2008-07-11 19:34 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-10 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 22:48 62,009 ----a-w C:\WINDOWS\system32\wpfb_g400dhd.dll
2008-07-10 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-10 21:33 --------- d-----w C:\Program Files\Auslogics
2008-07-10 21:29 --------- d-----w C:\Program Files\MP3 CD Converter
2008-07-10 21:17 --------- d-----w C:\Program Files\Google
2008-07-08 21:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 21:31 --------- d-----w C:\Program Files\MediaCoder
2008-07-07 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-06-30 22:43 --------- d-----w C:\Program Files\Unlocker
2008-06-30 22:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-26 23:47 --------- d-----w C:\Program Files\SpeedFan
2008-06-25 22:48 --------- d-----w C:\Program Files\Symantec
2008-06-25 22:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-25 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 22:49 --------- d-----w C:\Program Files\ian's iBeat v.1.4 engine
2008-06-21 22:48 45,056 ----a-w C:\WINDOWS\SIUnInst.exe
2008-06-21 22:47 --------- d-----w C:\Program Files\Piano Chord Helper
2008-06-21 22:33 --------- d-----w C:\Program Files\WinDirStat
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:16 --------- d-----w C:\Program Files\Fortop Digital Software
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 20:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-18 05:15 --------- d-----w C:\Program Files\PCPitstop
2008-06-17 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-06-17 13:59 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-06-16 22:05 --------- d-----w C:\Program Files\Foxit Software
2008-06-16 21:56 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\Media Player Classic
2008-06-16 21:20 --------- d-----w C:\Program Files\Nsasoft
2008-06-14 19:36 --------- d-----w C:\Program Files\PayPal
2008-06-14 19:36 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\InstallShield
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 03:31 --------- d-----w C:\Program Files\Hide Your IP Address
2008-06-11 17:02 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\CDBurnerXP_Soft
2008-06-11 16:55 180,224 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
2008-06-11 16:48 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\GRETECH
2008-06-11 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-06-11 16:46 --------- d-----w C:\Program Files\GRETECH
2008-06-11 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-11 00:01 --------- d-----w C:\Program Files\7-Zip
2008-06-10 21:56 --------- d-----w C:\Program Files\X-Setup Pro
2008-06-10 21:56 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\X-Setup Pro
2008-06-10 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-06-09 18:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-09 17:16 --------- d-----w C:\Program Files\VS Revo Group
2008-06-09 17:07 --------- d-----w C:\Program Files\RegistryFix
2008-06-09 17:00 --------- d-----w C:\Program Files\CCleaner
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll
2003-06-25 21:31 1,897,672 ----a-w C:\Program Files\winzip81.exe
2003-06-25 21:29 71,077,738 ----a-w C:\Program Files\XDV_3_5_4Win.zip
2000-12-12 16:17 100,432 ------w C:\Program Files\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-13 18:55 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 09:32 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"SENTINEL"= snti386.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"Iomega Active Disk"=C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
"Palm MulitUser Config"=C:\Program Files\Palm\Configtool.exe
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"Iomega Startup Options"=C:\Program Files\Iomega\Common\ImgStart.exe
"Matrox PowerDesk SE"="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
"PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
"DT GWY"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 PxHelper;PxHelper;C:\WINDOWS\system32\drivers\PxHelper.sys [2001-09-11 18:23]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 12:17]
R2 Matrox Centering Service;Matrox Centering Service;C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2008-06-11 16:29]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [2008-06-11 16:33]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 12:17]
S3 G550DH;G550DH;C:\WINDOWS\system32\DRIVERS\g550dhm.sys [2002-08-29 15:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-09 12:17]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 15:24:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2004-02-24 19:35:28 C:\WINDOWS\Tasks\AvidSoundCardTool.job"
- C:\PROGRA~1\Avid\AVIDXP~1\AVIDSO~1.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 11:24:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-07-23 11:26:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 15:26:48

Pre-Run: 13,727,129,600 bytes free
Post-Run: 14,090,608,640 bytes free

291 --- E O F --- 2008-07-08 11:26:43

I still have the problem though combofix did delete a file called inst.exe.

Tech Clinic / I may have a backdoor trojan

« on: July 22, 2008, 09:02:28 AM »

I keep getting a pop-up that says C:Windows\system32\wuauclt.exe The NTVDM CPU has encountered an illegal instruction. CS:0542 IP:0114 OP:c6 b7 4b 72 b8 Choose close to terminate the application.

I either hit close or ignore but it never goes away. It's causing my computer to have random slowdowns and freezes .help here is my hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:44 AM, on 7/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213133151312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213133245406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal ï¿½" Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ï¿½" Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5334 bytes

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - lloydguy

Tech Clinic / I may have a backdoor trojan

Tech Clinic / I may have a backdoor trojan

Tech Clinic / I may have a backdoor trojan

Tech Clinic / I may have a backdoor trojan

Tech Clinic / I may have a backdoor trojan

Tech Clinic / I may have a backdoor trojan