Author Topic: I may have a backdoor trojan (Read 2043 times)

lloydguy · « **on:** July 22, 2008, 09:02:28 AM »

I keep getting a pop-up that says C:Windows\system32\wuauclt.exe The NTVDM CPU has encountered an illegal instruction. CS:0542 IP:0114 OP:c6 b7 4b 72 b8 Choose close to terminate the application.

I either hit close or ignore but it never goes away. It's causing my computer to have random slowdowns and freezes .help here is my hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:44 AM, on 7/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213133151312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213133245406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal ï¿½" Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ï¿½" Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 5334 bytes

guestolo · « **Reply #1 on:** July 22, 2008, 10:39:14 PM »

Download this file - Combofix.exe and save it ONLY to your desktop

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from Combofix

lloydguy · « **Reply #2 on:** July 23, 2008, 10:11:55 AM »

ComboFix 08-07-22.4 - M. Allen 2008-07-23 11:18:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.312 [GMT -4:00]
Running from: C:\Documents and Settings\M. Allen\Desktop\ComboFix.exe
* Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\M. Allen\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-22 11:04 . 2008-07-22 11:05 <DIR> d-------- C:\Program Files\Cheatbook Database 2008
2008-07-22 09:28 . 2001-08-23 08:00 50,620 --a------ C:\WINDOWS\system32\command.com.bak
2008-07-22 09:28 . 2002-12-12 15:52 2,577 --a------ C:\WINDOWS\system32\config.nt.bak
2008-07-22 09:28 . 2001-08-23 08:00 1,688 --a------ C:\WINDOWS\system32\autoexec.nt.bak
2008-07-21 10:01 . 2008-07-21 10:01 <DIR> d-------- C:\fsaua.data
2008-07-21 09:56 . 2008-07-21 09:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-21 09:34 . 2008-07-22 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-21 09:33 . 2008-07-22 10:04 <DIR> d-------- C:\Program Files\Security Task Manager
2008-07-19 15:07 . 2008-07-19 15:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-19 15:07 . 2008-07-19 15:07 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\SUPERAntiSpyware.com
2008-07-19 15:07 . 2008-07-19 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-19 14:27 . 2008-07-21 10:03 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-18 23:55 . 2008-07-18 23:55 <DIR> d-------- C:\Documents and Settings\Kenney\Application Data\GRETECH
2008-07-17 19:12 . 2008-07-17 19:12 <DIR> d-------- C:\Program Files\Haali
2008-07-17 19:11 . 2008-07-17 19:11 <DIR> d-------- C:\Program Files\Cucusoft
2008-07-17 19:11 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-17 19:11 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-17 19:11 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-17 19:11 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-17 19:11 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-17 19:11 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-17 19:00 . 2008-07-17 20:53 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\Vso
2008-07-17 19:00 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll
2008-07-17 19:00 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll
2008-07-17 19:00 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-07-17 19:00 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-07-17 19:00 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-07-17 19:00 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-07-17 19:00 . 2008-07-17 19:00 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 19:00 . 2008-07-17 19:00 47,360 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.sys
2008-07-17 18:59 . 2008-07-17 19:00 <DIR> d-------- C:\Program Files\VSO
2008-07-15 15:09 . 2008-07-15 15:09 <DIR> d---s---- C:\Documents and Settings\Trina\UserData
2008-07-14 22:20 . 2008-07-14 22:20 <DIR> d-------- C:\Documents and Settings\Trina\Application Data\GRETECH
2008-07-14 21:25 . 2008-07-16 20:11 <DIR> d-------- C:\Documents and Settings\Trina\AbiSuite
2008-07-13 15:32 . 2008-07-13 15:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-10 20:11 . 2008-07-10 20:11 <DIR> d-------- C:\Documents and Settings\Kenney
2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
2008-07-10 19:36 . 2008-07-10 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Matrox
2008-07-10 18:52 . 2008-07-10 18:52 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\DisplayTune
2008-07-10 18:49 . 2006-11-16 17:20 15,920 --a------ C:\WINDOWS\system32\drivers\PdiPorts.sys
2008-07-10 18:48 . 2008-07-10 18:48 <DIR> d-------- C:\Program Files\Portrait Displays
2008-07-10 18:48 . 2008-07-10 18:48 <DIR> d-------- C:\Program Files\Gateway
2008-07-10 18:48 . 2008-07-10 18:48 <DIR> d-------- C:\Program Files\Common Files\Portrait Displays
2008-07-10 18:22 . 2008-07-10 19:36 <DIR> d-------- C:\Program Files\Matrox Graphics Inc
2008-07-10 18:21 . 2008-07-10 19:35 <DIR> d-------- C:\mgafold
2008-07-10 18:21 . 2006-02-28 10:37 102,400 --a------ C:\WINDOWS\system32\MtxCIP.dll
2008-07-10 17:56 . 2008-07-10 17:56 <DIR> d-------- C:\Program Files\FreshDevices
2008-07-10 17:50 . 2008-07-10 17:50 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-07-10 09:01 . 2008-07-20 12:42 38 --a------ C:\WINDOWS\avisplitter.INI
2008-07-09 20:28 . 2008-07-09 20:28 34 --------- C:\WINDOWS\system32\oeminfo.ini
2008-07-09 20:00 . 2008-07-09 20:00 2,328,704 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-07-09 19:50 . 2008-07-09 19:50 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-09 12:41 . 2008-07-09 12:41 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-09 12:17 . 2008-07-09 12:17 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-09 12:17 . 2008-07-09 12:17 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\TuneUp Software
2008-07-09 12:17 . 2008-07-09 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-09 12:17 . 2008-07-09 12:17 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-09 12:17 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-07-09 12:16 . 2008-07-19 15:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 16:52 . 2008-07-10 17:37 <DIR> d-------- C:\Program Files\Total Video Converter
2008-07-08 16:52 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-07 15:57 . 2008-07-07 15:57 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-07-07 15:57 . 2008-07-22 16:35 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\MegauploadToolbar
2008-07-02 21:09 . 2008-07-02 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-02 21:08 . 2008-07-02 21:08 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-01 15:31 . 2008-07-01 15:31 <DIR> d-------- C:\WINDOWS\Sun
2008-07-01 15:31 . 2008-07-01 15:31 <DIR> d-------- C:\Program Files\Java
2008-07-01 15:31 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-01 15:30 . 2008-07-01 15:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-01 14:23 . 2008-07-01 14:24 <DIR> d-------- C:\Program Files\WinAudit
2008-07-01 14:22 . 2008-07-01 14:22 <DIR> d-------- C:\Program Files\AbiSuite2
2008-07-01 14:22 . 2008-07-04 19:18 <DIR> d-------- C:\Documents and Settings\M. Allen\AbiSuite
2008-06-30 19:17 . 2008-06-30 19:17 <DIR> d-------- C:\Program Files\VirtualDJ
2008-06-30 19:14 . 2008-07-18 16:36 <DIR> d-------- C:\Program Files\IP-Tools
2008-06-30 18:36 . 2008-06-30 18:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-30 18:34 . 2008-06-30 18:34 <DIR> d-------- C:\Program Files\SlySoft
2008-06-30 18:34 . 2008-06-30 18:37 72 ---hs---- C:\WINDOWS\SF2A3E2E5.tmp
2008-06-30 18:33 . 2008-06-30 18:33 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-06-30 18:30 . 2008-06-30 18:30 <DIR> d-------- C:\Program Files\HOTLLAMA MEDIA
2008-06-30 18:30 . 1998-04-24 00:00 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-06-30 18:30 . 2004-07-14 16:26 152,848 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-06-30 18:25 . 2004-09-06 03:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-06-28 21:48 . 2008-06-29 13:07 <DIR> d-------- C:\Program Files\SimpleOCR
2008-06-28 21:39 . 2008-06-28 21:39 <DIR> d-------- C:\pdf995
2008-06-28 21:39 . 2008-06-28 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-28 21:37 . 2008-06-28 21:40 <DIR> d-------- C:\omniformat
2008-06-28 21:30 . 2008-06-28 21:30 <DIR> d---s---- C:\Documents and Settings\Kevin\UserData
2008-06-28 19:10 . 2008-07-09 17:50 <DIR> d-------- C:\Downloads
2008-06-28 19:09 . 2008-06-30 11:49 <DIR> d-------- C:\Program Files\FlashGet
2008-06-28 15:05 . 2008-06-28 15:05 <DIR> d-------- C:\Program Files\IrfanView
2008-06-28 14:43 . 2008-06-28 14:43 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-28 14:42 . 2008-04-14 00:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-28 14:42 . 2008-04-14 00:15 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-28 14:41 . 2008-06-28 14:41 <DIR> d-------- C:\Program Files\HP
2008-06-28 14:40 . 2008-06-28 14:40 <DIR> d-------- C:\temp\HP_WebRelease
2008-06-28 14:40 . 2008-06-28 14:40 <DIR> d-------- C:\temp
2008-06-28 14:40 . 2008-06-28 14:43 103,535 --a------ C:\WINDOWS\hpoins04.dat
2008-06-28 14:40 . 2004-06-22 08:04 17,176 --------- C:\WINDOWS\hpomdl04.dat
2008-06-28 14:35 . 2008-04-14 00:17 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-28 14:35 . 2008-04-14 00:17 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-26 18:05 . 2008-06-26 18:05 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\Apple Computer
2008-06-25 19:07 . 2008-06-25 19:07 <DIR> d-------- C:\Program Files\Avira
2008-06-25 19:07 . 2008-06-25 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-25 19:04 . 2008-07-01 14:38 <DIR> d-------- C:\Program Files\DupFinder
2008-06-25 18:42 . 2008-06-25 18:42 <DIR> d-------- C:\Documents and Settings\M. Allen\Application Data\vlc
2008-06-25 18:37 . 2008-06-25 18:37 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-25 18:36 . 2008-07-23 11:11 1,324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-25 18:35 . 2008-07-21 16:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-25 18:35 . 2008-06-25 18:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-25 18:34 . 2008-06-25 18:35 <DIR> d-------- C:\Program Files\QuickTime
2008-06-25 18:33 . 2008-06-25 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-25 17:48 . 2008-06-25 17:48 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-23 18:28 . 2008-06-28 21:30 <DIR> d-------- C:\Documents and Settings\Kevin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 15:11 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-18 20:45 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\Auslogics
2008-07-11 19:34 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-07-10 22:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 22:48 62,009 ----a-w C:\WINDOWS\system32\wpfb_g400dhd.dll
2008-07-10 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-10 21:33 --------- d-----w C:\Program Files\Auslogics
2008-07-10 21:29 --------- d-----w C:\Program Files\MP3 CD Converter
2008-07-10 21:17 --------- d-----w C:\Program Files\Google
2008-07-08 21:38 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 21:31 --------- d-----w C:\Program Files\MediaCoder
2008-07-07 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-06-30 22:43 --------- d-----w C:\Program Files\Unlocker
2008-06-30 22:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-26 23:47 --------- d-----w C:\Program Files\SpeedFan
2008-06-25 22:48 --------- d-----w C:\Program Files\Symantec
2008-06-25 22:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-25 21:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-21 22:49 --------- d-----w C:\Program Files\ian's iBeat v.1.4 engine
2008-06-21 22:48 45,056 ----a-w C:\WINDOWS\SIUnInst.exe
2008-06-21 22:47 --------- d-----w C:\Program Files\Piano Chord Helper
2008-06-21 22:33 --------- d-----w C:\Program Files\WinDirStat
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:16 --------- d-----w C:\Program Files\Fortop Digital Software
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 20:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-18 05:15 --------- d-----w C:\Program Files\PCPitstop
2008-06-17 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-06-17 13:59 99,648 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-06-16 22:05 --------- d-----w C:\Program Files\Foxit Software
2008-06-16 21:56 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\Media Player Classic
2008-06-16 21:20 --------- d-----w C:\Program Files\Nsasoft
2008-06-14 19:36 --------- d-----w C:\Program Files\PayPal
2008-06-14 19:36 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\InstallShield
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 03:31 --------- d-----w C:\Program Files\Hide Your IP Address
2008-06-11 17:02 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\CDBurnerXP_Soft
2008-06-11 16:55 180,224 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll
2008-06-11 16:48 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\GRETECH
2008-06-11 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-06-11 16:46 --------- d-----w C:\Program Files\GRETECH
2008-06-11 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-11 00:01 --------- d-----w C:\Program Files\7-Zip
2008-06-10 21:56 --------- d-----w C:\Program Files\X-Setup Pro
2008-06-10 21:56 --------- d-----w C:\Documents and Settings\M. Allen\Application Data\X-Setup Pro
2008-06-10 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-06-09 18:43 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-09 17:16 --------- d-----w C:\Program Files\VS Revo Group
2008-06-09 17:07 --------- d-----w C:\Program Files\RegistryFix
2008-06-09 17:00 --------- d-----w C:\Program Files\CCleaner
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 06:52 2,121,235 ----a-w C:\WINDOWS\system32\x264vfw.dll
2003-06-25 21:31 1,897,672 ----a-w C:\Program Files\winzip81.exe
2003-06-25 21:29 71,077,738 ----a-w C:\Program Files\XDV_3_5_4Win.zip
2000-12-12 16:17 100,432 ------w C:\Program Files\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-13 18:55 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 09:32 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"SENTINEL"= snti386.dll
"aux1"= ctwdm32.dll
"aux2"= ctwdm32.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"Iomega Active Disk"=C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
"Palm MulitUser Config"=C:\Program Files\Palm\Configtool.exe
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"Iomega Startup Options"=C:\Program Files\Iomega\Common\ImgStart.exe
"Matrox PowerDesk SE"="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
"PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
"DT GWY"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R0 PxHelper;PxHelper;C:\WINDOWS\system32\drivers\PxHelper.sys [2001-09-11 18:23]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 12:17]
R2 Matrox Centering Service;Matrox Centering Service;C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2008-06-11 16:29]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [2008-06-11 16:33]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2007-02-09 12:17]
S3 G550DH;G550DH;C:\WINDOWS\system32\DRIVERS\g550dhm.sys [2002-08-29 15:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-09 12:17]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-07-23 15:24:08 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2004-02-24 19:35:28 C:\WINDOWS\Tasks\AvidSoundCardTool.job"
- C:\PROGRA~1\Avid\AVIDXP~1\AVIDSO~1.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 11:24:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2008-07-23 11:26:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 15:26:48

Pre-Run: 13,727,129,600 bytes free
Post-Run: 14,090,608,640 bytes free

291 --- E O F --- 2008-07-08 11:26:43

I still have the problem though combofix did delete a file called inst.exe.

guestolo · « **Reply #3 on:** July 23, 2008, 09:43:09 PM »

Did the problems start after you installed Service pack 3?

I see SP3 installed, but yet your version of Internet Explorer is still IE6

lloydguy · « **Reply #4 on:** July 24, 2008, 07:12:41 AM »

no I had had sp3 for a while. I got it the day after it was released but I didn't start having this problem until about a week ago.

guestolo · « **Reply #5 on:** July 24, 2008, 07:51:03 PM »

Can I run a scanner please and see if it comes back clean
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Also, Post a fresh hijackthis log and let me know how things are running please

lloydguy · « **Reply #6 on:** July 26, 2008, 07:25:49 PM »

Malwarebytes' Anti-Malware 1.23
Database version: 996
Windows 5.1.2600 Service Pack 3

8:42:57 PM 7/26/2008
mbam-log-7-26-2008 (20-42-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 79130
Time elapsed: 47 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:57 PM, on 7/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\GRETECH\GomPlayer\GOM.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213133151312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213133245406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6270 bytes

guestolo · « **Reply #7 on:** July 26, 2008, 07:58:51 PM »

Can you do the following for me please
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back the Whole contents of Main.txt and Extra.txt

In addition: Can you look for the presence of these files and let me know if they exist
C:\WINDOWS\system32\command.com
C:\WINDOWS\system32\config.nt
C:\WINDOWS\system32\autoexec.nt

Take note that they do not have the .bak extension after the file names
As eg... C:\WINDOWS\system32\command.com.bak

lloydguy · « **Reply #8 on:** July 27, 2008, 04:27:43 PM »

I have all of those files even the ones with the .bak extensions

Deckard's System Scanner v20071014.68
Run by M. Allen on 2008-07-27 17:33:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
10: 2008-07-27 21:33:09 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-07-27 03:09:23 UTC - RP9 - Installed DirectX
8: 2008-07-27 03:00:28 UTC - RP8 - Installed EA Download Manager
7: 2008-07-27 02:58:20 UTC - RP7 - Installed SPOREâ„¢ Creature Creator Trial Edition
6: 2008-07-27 02:55:44 UTC - RP6 - Removed SPOREâ„¢ Creature Creator Trial Edition

-- First Restore Point --
1: 2008-07-22 15:19:58 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as M. Allen.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:05 PM, on 7/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\M. Allen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\M. Allen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213133151312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213133245406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6299 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/color]
[color=\"red\"].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/color]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Microsoft® Windows NT® Operating System>
R0 pfc (Padus Aspi Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R0 PxHelper - c:\windows\system32\drivers\pxhelper.sys <Not Verified; VERITAS Software, Inc.; PxHelp20>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 Pivot - c:\windows\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pivotmou (Pivot Mouse/Pointers Filter Driver) - c:\windows\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>

S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
S3 SNTNLUSB (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal â€“ Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\common files\portrait displays\shared\dtsrvc.exe
R2 Iomega Activity Disk2 - "c:\progra~1\iomega\system32\activitydisk.exe" <Not Verified; Iomega Corporation; SmartSoft ActivityDisk>
R2 Matrox Centering Service - "c:\program files\matrox graphics inc\powerdesk\services\matrox.powerdesk.services.exe" <Not Verified; Matrox Graphics Inc.; Matrox PowerDesk Services>
R2 Matrox.Pdesk.ServicesHost - "c:\program files\matrox graphics inc\powerdesk se\matrox.pdesk.serviceshost.exe" <Not Verified; Matrox Graphics Inc; Matrox Services Host>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 17:31:40 492 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2004-02-24 15:35:28 282 --a------ C:\WINDOWS\Tasks\AvidSoundCardTool.job

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-26 23:12:09 0 d-------- C:\Documents and Settings\M. Allen\Application Data\SPORE Creature Creator
2008-07-26 23:06:42 0 d-------- C:\WINDOWS\Logs
2008-07-26 23:00:35 0 d-------- C:\ProgramData
2008-07-26 23:00:29 1096 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-26 22:58:22 0 d-------- C:\Program Files\Electronic Arts
2008-07-26 21:56:54 0 d-------- C:\Program Files\Vivia
2008-07-26 21:49:54 0 d-------- C:\Documents and Settings\M. Allen\Application Data\DVD Flick
2008-07-26 21:48:13 0 d-------- C:\Documents and Settings\M. Allen\.thumbnails
2008-07-26 21:48:12 0 d-------- C:\Documents and Settings\M. Allen\.imgseek
2008-07-26 21:44:57 0 d-------- C:\Program Files\imgSeek
2008-07-26 21:43:56 0 d-------- C:\Program Files\DVD Flick
2008-07-26 20:24:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-07-26 20:24:42 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-26 20:22:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-07-26 20:22:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-26 19:38:01 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Malwarebytes
2008-07-26 19:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-26 19:37:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 11:17:29 68096 --a------ C:\WINDOWS\zip.exe
2008-07-23 11:17:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-23 11:17:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-23 11:17:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-23 11:17:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-23 11:17:29 98816 --a------ C:\WINDOWS\sed.exe
2008-07-23 11:17:29 80412 --a------ C:\WINDOWS\grep.exe
2008-07-23 11:17:29 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 11:04:01 0 d-------- C:\Program Files\Cheatbook Database 2008
2008-07-22 10:04:24 0 dr-h----- C:\Documents and Settings\M. Allen\Recent
2008-07-21 10:01:53 0 d-------- C:\fsaua.data
2008-07-21 09:56:27 0 d-------- C:\Program Files\Trend Micro
2008-07-21 09:34:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-07-21 09:33:59 0 d-------- C:\Program Files\Security Task Manager
2008-07-19 15:07:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-19 15:07:11 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-19 15:07:11 0 d-------- C:\Documents and Settings\M. Allen\Application Data\SUPERAntiSpyware.com
2008-07-19 14:27:30 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-07-18 23:55:05 0 d-------- C:\Documents and Settings\Kenney\Application Data\GRETECH
2008-07-17 19:12:42 0 d-------- C:\Program Files\Haali
2008-07-17 19:11:27 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-17 19:11:27 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-17 19:11:27 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-17 19:11:26 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-17 19:11:22 0 d-------- C:\Program Files\Cucusoft
2008-07-17 19:00:18 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-17 19:00:18 47360 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-17 19:00:17 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Vso
2008-07-17 19:00:02 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-07-17 19:00:02 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-07-17 19:00:02 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-07-17 19:00:02 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-17 18:59:56 0 d-------- C:\Program Files\VSO
2008-07-16 19:59:14 0 d-------- C:\Documents and Settings\Trina\Application Data\Mozilla
2008-07-15 15:09:51 0 d---s---- C:\Documents and Settings\Trina\UserData
2008-07-14 22:20:28 0 d-------- C:\Documents and Settings\Trina\Application Data\GRETECH
2008-07-14 21:25:52 0 d-------- C:\Documents and Settings\Trina\AbiSuite
2008-07-13 15:32:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2008-07-10 20:11:51 0 d-------- C:\Documents and Settings\Kenney\Application Data\Identities
2008-07-10 20:11:34 0 dr-h----- C:\Documents and Settings\Kenney\SendTo
2008-07-10 20:11:34 0 dr-h----- C:\Documents and Settings\Kenney\Recent
2008-07-10 20:11:34 0 d--h----- C:\Documents and Settings\Kenney\PrintHood
2008-07-10 20:11:34 0 d--h----- C:\Documents and Settings\Kenney\NetHood
2008-07-10 20:11:34 0 dr------- C:\Documents and Settings\Kenney\My Documents
2008-07-10 20:11:34 0 d--h----- C:\Documents and Settings\Kenney\Local Settings
2008-07-10 20:11:34 0 dr------- C:\Documents and Settings\Kenney\Favorites
2008-07-10 20:11:34 0 d-------- C:\Documents and Settings\Kenney\Desktop
2008-07-10 20:11:34 0 d---s---- C:\Documents and Settings\Kenney\Cookies
2008-07-10 20:11:34 0 dr-h----- C:\Documents and Settings\Kenney\Application Data
2008-07-10 20:11:34 0 d---s---- C:\Documents and Settings\Kenney\Application Data\Microsoft
2008-07-10 20:11:33 0 d--h----- C:\Documents and Settings\Kenney\Templates
2008-07-10 20:11:33 0 dr------- C:\Documents and Settings\Kenney\Start Menu
2008-07-10 20:11:33 786432 --ah----- C:\Documents and Settings\Kenney\NTUSER.DAT
2008-07-10 19:36:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Matrox Graphics Inc
2008-07-10 19:36:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Matrox
2008-07-10 18:52:44 0 d-------- C:\Documents and Settings\M. Allen\Application Data\DisplayTune
2008-07-10 18:48:48 62009 --a------ C:\WINDOWS\system32\wpfb_g400dhd.dll <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
2008-07-10 18:48:46 62009 --a------ C:\WINDOWS\system32\WPFB.DLL <Not Verified; Portrait Displays, Inc.; Pivot Sofware>
2008-07-10 18:48:46 2304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-07-10 18:48:46 11323 --a------ C:\WINDOWS\system32\drivers\pivotmou.sys <Not Verified; Portrait Displays, Inc.; Pivot ® Software ®>
2008-07-10 18:48:46 17465 --a------ C:\WINDOWS\system32\drivers\pivot.sys <Not Verified; Portrait Displays, Inc.; Windows ® 2000 DDK driver>
2008-07-10 18:48:45 0 d-------- C:\Program Files\Portrait Displays
2008-07-10 18:48:21 372736 --a------ C:\WINDOWS\ijl15.dll <Not Verified; Intel Corporation; IntelÂ® JPEG Library>
2008-07-10 18:48:18 0 d-------- C:\Program Files\Gateway
2008-07-10 18:48:18 0 d-------- C:\Program Files\Common Files\Portrait Displays
2008-07-10 18:22:02 0 d-------- C:\Program Files\Matrox Graphics Inc
2008-07-10 18:21:05 0 d-------- C:\mgafold
2008-07-10 17:56:38 0 d-------- C:\Program Files\FreshDevices
2008-07-09 20:00:22 2328704 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; MicrosoftÂ® WindowsÂ® Operating System>
2008-07-09 19:50:41 0 d--h----- C:\WINDOWS\Icons
2008-07-09 12:41:40 0 d--h----- C:\WINDOWS\PIF
2008-07-09 12:17:47 0 d-------- C:\Documents and Settings\M. Allen\Application Data\TuneUp Software
2008-07-09 12:17:26 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-09 12:17:20 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-09 12:16:03 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-08 16:52:19 0 d-------- C:\Program Files\Total Video Converter
2008-07-07 15:57:24 0 d-------- C:\Program Files\MegauploadToolbar
2008-07-07 15:57:24 0 d-------- C:\Documents and Settings\M. Allen\Application Data\MegauploadToolbar
2008-07-02 21:09:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-02 21:08:40 0 d-------- C:\Program Files\Yahoo!
2008-07-01 15:31:58 0 d-------- C:\WINDOWS\Sun
2008-07-01 15:31:58 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Sun
2008-07-01 15:31:01 0 d-------- C:\Program Files\Java
2008-07-01 15:30:24 0 d-------- C:\Program Files\Common Files\Java
2008-07-01 14:23:24 0 d-------- C:\Program Files\WinAudit
2008-07-01 14:22:20 0 d-------- C:\Documents and Settings\M. Allen\AbiSuite
2008-07-01 14:22:05 0 d-------- C:\Program Files\AbiSuite2
2008-06-30 19:17:21 0 d-------- C:\Program Files\VirtualDJ
2008-06-30 19:14:32 0 d-------- C:\Program Files\IP-Tools
2008-06-30 18:36:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-30 18:34:17 0 d-------- C:\Program Files\SlySoft
2008-06-30 18:33:53 0 d-------- C:\Program Files\Elaborate Bytes
2008-06-30 18:30:57 0 d-------- C:\Program Files\HOTLLAMA MEDIA
2008-06-30 18:30:31 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-06-28 21:48:54 0 d-------- C:\Program Files\SimpleOCR
2008-06-28 21:39:34 0 d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2008-06-28 21:39:07 0 d-------- C:\pdf995
2008-06-28 21:37:58 0 d-------- C:\omniformat
2008-06-28 21:30:43 0 d---s---- C:\Documents and Settings\Kevin\UserData
2008-06-28 19:10:40 0 d-------- C:\Downloads
2008-06-28 19:09:09 0 d-------- C:\Program Files\FlashGet
2008-06-28 15:05:02 0 d-------- C:\Program Files\IrfanView
2008-06-28 14:43:14 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-28 14:41:13 0 d-------- C:\Program Files\HP
2008-06-28 14:40:30 17176 -----n--- C:\WINDOWS\hpomdl04.dat
2008-06-28 14:40:30 103535 --a------ C:\WINDOWS\hpoins04.dat
2008-06-28 14:40:03 0 d-------- C:\temp

-- Find3M Report ---------------------------------------------------------------

2008-07-26 23:12:24 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-26 22:58:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-26 22:01:35 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-07-23 11:35:04 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-23 11:20:05 0 d-------- C:\Program Files\Common Files
2008-07-18 16:45:20 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Auslogics
2008-07-17 20:53:28 1132376 --a------ C:\Documents and Settings\M. Allen\Application Data\vso_ts_preview.xml
2008-07-17 19:00:32 34 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.log
2008-07-17 19:00:18 1144 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.inf
2008-07-17 19:00:18 7887 --a------ C:\Documents and Settings\M. Allen\Application Data\pcouffin.cat
2008-07-10 18:47:49 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-10 17:33:59 0 d-------- C:\Program Files\Auslogics
2008-07-10 17:29:19 0 d-------- C:\Program Files\MP3 CD Converter
2008-07-10 17:17:47 0 d-------- C:\Program Files\Google
2008-07-10 17:17:46 261 --a------ C:\Documents and Settings\M. Allen\Application Data\.googlewebacchosts
2008-07-08 17:31:38 0 d-------- C:\Program Files\MediaCoder
2008-07-01 14:38:57 0 d-------- C:\Program Files\DupFinder
2008-06-30 18:41:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-26 19:47:52 0 d-------- C:\Program Files\SpeedFan
2008-06-26 18:05:56 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Apple Computer
2008-06-25 19:07:49 0 d-------- C:\Program Files\Avira
2008-06-25 18:48:48 0 d-------- C:\Program Files\Symantec
2008-06-25 18:48:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-25 18:42:57 0 d-------- C:\Documents and Settings\M. Allen\Application Data\vlc
2008-06-25 18:37:46 0 d-------- C:\Program Files\VideoLAN
2008-06-25 18:35:23 0 d-------- C:\Program Files\QuickTime
2008-06-22 18:34:39 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Real
2008-06-21 18:49:00 0 d-------- C:\Program Files\ian's iBeat v.1.4 engine
2008-06-21 18:48:58 45056 --a------ C:\WINDOWS\SIUnInst.exe <Not Verified; MJSoft; SmartInstall>
2008-06-21 18:47:46 0 d-------- C:\Program Files\Piano Chord Helper
2008-06-21 18:33:08 0 d-------- C:\Program Files\WinDirStat
2008-06-20 13:16:33 0 d-------- C:\Program Files\Fortop Digital Software
2008-06-18 01:15:29 0 d-------- C:\Program Files\PCPitstop
2008-06-16 20:14:23 0 d-------- C:\Documents and Settings\M. Allen\Application Data\WinRAR
2008-06-16 18:05:21 0 d-------- C:\Program Files\Foxit Software
2008-06-16 17:56:03 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Media Player Classic
2008-06-16 17:20:40 0 d-------- C:\Program Files\Nsasoft
2008-06-15 18:55:28 0 d-------- C:\Program Files\Messenger
2008-06-14 15:36:24 0 d-------- C:\Program Files\PayPal
2008-06-14 15:36:15 0 d-------- C:\Documents and Settings\M. Allen\Application Data\InstallShield
2008-06-13 18:58:38 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Help
2008-06-13 18:21:39 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Google
2008-06-11 23:31:11 0 d-------- C:\Program Files\Hide Your IP Address
2008-06-11 13:02:15 0 d-------- C:\Documents and Settings\M. Allen\Application Data\CDBurnerXP_Soft
2008-06-11 12:55:38 180224 --a------ C:\WINDOWS\system32\wmdrmsdk.dll <Not Verified; Microsoft Corporation; MicrosoftÂ® DRM>
2008-06-11 12:48:42 0 d-------- C:\Documents and Settings\M. Allen\Application Data\GRETECH
2008-06-11 12:46:36 0 d-------- C:\Program Files\GRETECH
2008-06-11 12:20:40 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-10 20:01:34 0 d-------- C:\Program Files\7-Zip
2008-06-10 19:53:33 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Macromedia
2008-06-10 19:53:33 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Adobe
2008-06-10 19:45:57 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-10 19:45:53 0 d-------- C:\Documents and Settings\M. Allen\Application Data\Mozilla
2008-06-10 19:21:47 0 d-------- C:\Program Files\Movie Maker
2008-06-10 19:17:50 0 d-------- C:\Program Files\Windows NT
2008-06-10 17:56:49 0 d-------- C:\Program Files\X-Setup Pro
2008-06-10 17:56:33 0 d-------- C:\Documents and Settings\M. Allen\Application Data\X-Setup Pro
2008-06-09 14:43:40 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-09 13:16:25 0 d-------- C:\Program Files\VS Revo Group
2008-06-09 13:07:17 0 d-------- C:\Program Files\RegistryFix
2008-06-09 13:00:30 0 d-------- C:\Program Files\CCleaner
2008-04-28 02:52:30 2121235 --a------ C:\WINDOWS\system32\x264vfw.dll

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [07/22/2008 09:32 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/25/2008 06:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/13/2008 06:55 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [05/16/2008 06:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"NoSharedDocuments"=00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
"Iomega Active Disk"=C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Matrox Powerdesk"=C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
"Palm MulitUser Config"=C:\Program Files\Palm\Configtool.exe
"Iomega Drive Icons"=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
"Iomega Startup Options"=C:\Program Files\Iomega\Common\ImgStart.exe
"Matrox PowerDesk SE"="C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
"PivotSoftware"="C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
"DT GWY"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -GWY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-07-27 17:34:58 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.70GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 511.49 MiB / 301.13 MiB
Pagefile Memory (total/avail): 992.89 MiB / 774.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.04 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 5.64 GiB free.
D: is Fixed (NTFS) - 111.78 GiB total, 101.11 GiB free.
E: is Fixed (NTFS) - 111.79 GiB total, 108.85 GiB free.
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE1 - WDC WD1200BB-00CAA1 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - E:

\\.\PHYSICALDRIVE2 - WDC WD1200BB-00CAA1 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.78 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD400BB-32CFC0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\M. Allen\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\M. Allen
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MA5DA~1.ALL\LOCALS~1\Temp
TMP=C:\DOCUME~1\MA5DA~1.ALL\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=M. Allen
USERPROFILE=C:\Documents and Settings\M. Allen
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

M. Allen (admin)
Trina
Kevin
Kenney

-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82F248C6-D392-11D5-9EA2-0050BAE317E1}\setup.exe" -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.55 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
AbiWord 2.6.3 --> C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AiO_Scan -->
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AusLogics BoostSpeed --> "C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Defrag --> "C:\Program Files\Auslogics\AusLogics Registry Defrag\unins000.exe"
Avid Xpress DV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81D251F6-2346-4278-8950-62EBF76B0278}\setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cheatbook Database 2008 --> "C:\Program Files\Cheatbook Database 2008\Uninstal.exe"
Cleaner 5 EZ --> C:\WINDOWS\unvise32.exe C:\Program Files\Media100\Cleaner 5 EZ\uninstal.log
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
ConvertXtoDVD 3.1.0.26 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
EzTune --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4955758-B754-471D-9091-7CE2C3D9E9AA}\setup.exe" -l0x9 -removeonly
Fortop FLV Player 1.1 --> "C:\Program Files\Fortop Digital Software\Fortop FLV Player\unins000.exe"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
ian's iBeat v.1.4 engine --> C:\WINDOWS\SIUnInst.exe C:\Program Files\ian's iBeat v.1.4 engine\Uninst.log
Illusion FX Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13C15DA7-5571-4B4D-B174-3AD5670C42E3}\SETUP.EXE" -l0x9
imgSeek (remove only) --> "C:\Program Files\imgSeek\uninstall.exe"
Iomega App Services --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
IomegaWare --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
IP-Tools --> C:\Program Files\IP-Tools\UnInstal.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(tm) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 4.0.0 (Standard) --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matrox Graphics Software (remove only) --> C:\WINDOWS\system32\PDesk\PDUninst.exe
Matrox PowerDesk-SE --> MsiExec.exe /X{5C207B28-7991-4241-8B34-66E47FC09D5E}
MediaCoder 0.6.1 --> C:\Program Files\MediaCoder\uninst.exe
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
MP3 CD Converter 4.01 --> "C:\Program Files\MP3 CD Converter\unins000.exe"
Palm Desktop --> MsiExec.exe /X{9B52B30C-F65C-4244-ABCE-215E46E27AF0}
PayPal Plug-In --> C:\Program Files\InstallShield Installation Information\{73317C31-2B6E-4B88-9865-B97C1331A39D}\setup.exe -runfromtemp -l0x0009 -removeonly
Piano Chord Helper 4.2 --> "C:\Program Files\Piano Chord Helper\unins000.exe"
Pivot Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
PowerDirector Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninst
Product Key Explorer 1.8.3 --> "C:\Program Files\Nsasoft\ProductKeyExplorer\unins000.exe"
QFolder -->
QuickTime -->
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RegistryFix v6.2 --> "C:\Program Files\RegistryFix\unins000.exe"
Revo Uninstaller 1.71 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Scan -->
SDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Task Manager 1.7f --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Sentinel System Driver --> MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
SPOREâ„¢ Creature Creator Trial Edition --> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Video Converter 3.12 080330 --> "C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Vivia --> MsiExec.exe /I{EF8CCDB9-8AF2-4B45-9C27-B892CC33793A}
WebFldrs XP -->
WinDirStat 1.1.2 --> "C:\Program Files\WinDirStat\Uninstall.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XQDC X-Setup Pro 9.0.100 --> "C:\Program Files\X-Setup Pro\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type2045 / Error
Event Submitted/Written: 07/26/2008 09:58:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application vivia.exe, version 0.0.0.0, faulting module avcodec-51.dll, version 0.0.0.0, fault address 0x00002acb.
Processing media-specific event for [vivia.exe!ws!]

Event Record #/Type2042 / Error
Event Submitted/Written: 07/26/2008 09:56:24 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Vivia -- 1: ALLUSERS property is not 1 - this MSM cannot be used for a per-user or fallback-to-per-user install 2:

Event Record #/Type2040 / Error
Event Submitted/Written: 07/26/2008 09:34:19 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type2033 / Warning
Event Submitted/Written: 07/26/2008 08:23:54 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\System Volume Information\_restore{71365B75-A399-4A6A-A9AC-9433BCDC4948}\RP2\A0002015.exe

Event Record #/Type2032 / Warning
Event Submitted/Written: 07/26/2008 08:22:13 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Trash.GenC:\QooBox\Quarantine\C\Documents and Settings\M. Allen\Application Data\inst.exe.vir

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type27240 / Error
Event Submitted/Written: 07/27/2008 05:16:02 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Workstation service terminated with the following error:
%%2

Event Record #/Type27238 / Error
Event Submitted/Written: 07/27/2008 05:16:02 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%2

Event Record #/Type27237 / Error
Event Submitted/Written: 07/27/2008 05:16:00 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Workstation service terminated with the following error:
%%2

Event Record #/Type27235 / Error
Event Submitted/Written: 07/27/2008 05:16:00 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%2

Event Record #/Type27230 / Error
Event Submitted/Written: 07/27/2008 05:13:20 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Workstation service terminated with the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-07-27 17:34:58 ------------

guestolo · « **Reply #9 on:** July 27, 2008, 06:30:07 PM »

Can you do the following

Uninstall RegistryFix v6.2 from add and remove programs

Find and delete the following file
C:\WINDOWS\imsins.BAK <-this file

and this folder
C:\Program Files\RegistryFix

Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

go to Start >> Run and copy/paste the following in Red to the run box:
[color=\"#FF0000\"]"%userprofile%\desktop\dss.exe" /daft[/color]
Then press Enter

* Click on the Scan button.
* Select everything it is displaying there
* Click the Fix button.
* Then rescan with DAFT again - it should say now that "All associations are OK"
* Close DAFT if you receive that message. This means that it is fixed now.

Download and save to desktop
Dial-a-fix-v0.60.0.24.zip
by djlizard
Extract the contents to it's own folder on desktop
If that direct link doesn't work, you can download it from here also
http://www.majorgeeks.com/download4899.html

Open the extracted Dial-a-fix folder and double click on Dial-a-fix.exe
In the main Window click on
Empty Temp folders
and
Fix Windows Updates
NOTE: other selections will get selected by default, leave them checked please
Also tick "IE/OE/Shell/wmp"

Then click on GO
Let this complete, when done click on Exit

Reboot the computer

Back in Windows

Go to START>>Control Panel>>Automatic updates
Ensure your Auto updates are not set to disabled, choose another selection

use the Internet Explorer browser (or FireFox with IETab), and do an online scan with [color=\"blue\"]Kaspersky Online Scanner[/color]

I suggest you temporarily disable Avira before running this scan, so it won't interfere
right click the Avira icon by the clock and untick "AntiVir Guard enable"

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
- Scan using the following Anti-Virus database:
  [color=\"#6666CC\"]Extended[/color]
Scan Options:
[color=\"#6666CC\"]Scan Archives[/color]

[color=\"#6666CC\"]Scan Mail Bases[/color]
[/list]
[/list]

Click OK and, under select a target to scan, select My Computer

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Also post a fresh hijackthis log, keep me informed how things are running please

lloydguy · « **Reply #10 on:** August 02, 2008, 01:59:38 PM »

when I uninstalled registryfix the problem went away

guestolo · « **Reply #11 on:** August 03, 2008, 05:56:51 PM »

No need to run Dial-a-fix
But you should do all the other instructions

TheTechGuide Forum

News:

Author Topic: I may have a backdoor trojan (Read 2043 times)

lloydguy

I may have a backdoor trojan

guestolo

I may have a backdoor trojan

lloydguy

I may have a backdoor trojan

guestolo

I may have a backdoor trojan

lloydguy

I may have a backdoor trojan

guestolo

I may have a backdoor trojan

lloydguy

I may have a backdoor trojan

guestolo

I may have a backdoor trojan

lloydguy

I may have a backdoor trojan

guestolo

I may have a backdoor trojan

lloydguy

I may have a backdoor trojan

guestolo

I may have a backdoor trojan