Windows Explorer keeps shutting down, restarting

I'm fairly experienced with computers, and I've never had anything like this happen before. Just about every time I close a program window, Windows Explorer shuts down then restarts. Here's my HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 3:28:51 PM, on 8/6/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bannerstyles browser optimizer - {164595ab-94bd-98ed-8fdb-88bc408afd5d} - C:\Windows\system32\ircxbqqegyg.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

BTW, I'm running Windows Vista as my OS. If you need any other information, let me know!

 

Hi litlpunk
Welcome to Windowsbbs.
It seems that this may be a infection.

You are using a out of date version of HJT, please delete it and then do this.

Please download and install HijackThis (let it install to the default location) and Run a scan then close HJT, then run Deckard's System Scanner and post the main.txt log here.
Links and instructions here.

Thanks
Geri

 

To PeteC,
Thanks for the advice, but unfortunately that didn't help

To Geri,
I installed and scanned with both and here are the results: (DSS Results in next post)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:36 PM, on 8/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cody\Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\IZArc\IZArc.exe
C:\Users\Cody\AppData\Local\Temp\ARCCAA8\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bannerstyles browser optimizer - {164595ab-94bd-98ed-8fdb-88bc408afd5d} - C:\Windows\system32\ircxbqqegyg.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe "
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [{0f20c441-f904-a03c-e51d-a427424c700e}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\ircxbqqegyg.dll" DllStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [VnrPack16] "C:\Program Files\VnrPack\VnrPack16.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cody\AppData\Local\Temp\{3E99259A-4BD4-4B82-977D-5D5014931B74}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10774 bytes

 

Deckard's System Scanner v20071014.68
Run by Cody on 2008-08-06 21:25:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-08-06 13:54:47 UTC - RP201 - Installed Ad-Aware
4: 2008-08-06 06:12:54 UTC - RP200 - Windows Update
3: 2008-08-05 22:12:31 UTC - RP199 - Scheduled Checkpoint
2: 2008-08-05 07:00:23 UTC - RP198 - Scheduled Checkpoint
1: 2008-08-04 10:27:16 UTC - RP197 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-06 21:28:11
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cody\Downloads\dss.exe
C:\Users\Cody\AppData\Local\Temp\ARCCAA8\HijackThis.exe
C:\Windows\System32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bannerstyles browser optimizer - {164595ab-94bd-98ed-8fdb-88bc408afd5d} - C:\Windows\System32\ircxbqqegyg.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe "
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [{0f20c441-f904-a03c-e51d-a427424c700e}] C:\Windows\System32\Rundll32.exe "C:\Windows\system32\ircxbqqegyg.dll" DllStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [VnrPack16] "C:\Program Files\VnrPack\VnrPack16.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cody\AppData\Local\Temp\{3E99259A-4BD4-4B82-977D-5D5014931B74}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 11793 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S3 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 52\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-06 09:55:42 0 d-------- C:\Program Files\Lavasoft
2008-08-06 09:55:41 0 d-------- C:\Users\All Users\Lavasoft
2008-08-06 09:47:45 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-06 09:32:16 0 d-------- C:\Program Files\Panda Security
2008-08-06 09:25:27 0 d-------- C:\Windows\BDOSCAN8
2008-08-05 12:40:47 0 d-------- C:\Program Files\Auslogics
2008-08-05 12:34:58 350208 --a------ C:\Windows\d3drm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-03 13:15:04 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-08-03 13:15:04 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-08-03 13:15:04 0 d-------- C:\Program Files\Xvid
2008-08-02 22:00:59 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-08-01 22:42:19 0 d-------- C:\Program Files\Yahoo!
2008-08-01 22:42:10 0 d-------- C:\Program Files\CCleaner
2008-07-31 16:08:03 442368 -ra------ C:\Windows\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-07-31 16:08:03 0 d-------- C:\Program Files\EA GAMES
2008-07-30 09:57:19 246302 --a------ C:\Windows\strmdll.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-07-30 09:48:06 0 d-------- C:\Program Files\Infogrames
2008-07-28 09:54:12 0 d-------- C:\Users\All Users\Tages
2008-07-27 23:06:03 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-07-27 23:06:03 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-07-27 23:06:03 0 d-------- C:\Program Files\OpenAL
2008-07-27 23:05:24 0 d-------- C:\Windows\system32\AGEIA
2008-07-27 23:05:23 0 d-------- C:\Program Files\AGEIA Technologies
2008-07-27 23:05:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 12:20:00 0 d-------- C:\Windows\system32\kBin02
2008-07-25 12:20:00 0 d-------- C:\Temp
2008-07-25 12:19:53 77 --a------ C:\Users\Cody\4923.bat
2008-07-25 12:18:24 0 d-------- C:\Program Files\VnrPack
2008-07-25 12:18:23 0 d-------- C:\Program Files\QdrDrive
2008-07-25 12:18:22 0 d-------- C:\Program Files\ISM
2008-07-25 12:18:21 64857 --a------ C:\Windows\system32\unsweveohci.exe
2008-07-24 09:25:44 160768 --a------ C:\Windows\system32\ircxbqqegyg.dll
2008-07-23 18:07:51 56832 --a------ C:\Windows\system32\Iyvu9_32.dll
2008-07-23 18:07:51 144384 --a------ C:\Windows\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2008-07-23 18:07:06 0 d-------- C:\SmartSound Software
2008-07-23 18:05:25 0 d-------- C:\Program Files\QuickTime
2008-07-23 18:05:14 0 d-------- C:\Users\All Users\InstallShield
2008-07-23 18:03:48 0 d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-23 18:03:47 0 d-------- C:\Program Files\Ulead Systems
2008-07-23 15:33:13 90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-07-23 15:31:48 0 d-------- C:\Program Files\Pinnacle
2008-07-18 12:33:01 0 d-------- C:\Program Files\GoldWave
2008-07-18 12:26:42 0 d-------- C:\MyAudio
2008-07-18 12:24:58 0 d-------- C:\Program Files\AoA Audio Extractor
2008-07-16 17:17:34 0 d-------- C:\Users\All Users\CyberLink
2008-07-16 17:15:10 0 d-------- C:\Users\All Users\SmartSound Software Inc
2008-07-16 17:15:10 0 d-------- C:\Program Files\SmartSound Software
2008-07-16 17:14:30 0 d-------- C:\Program Files\DivX
2008-07-16 17:03:21 0 d-------- C:\Users\All Users\Apple Computer
2008-07-14 23:31:12 0 d-------- C:\Users\Cody\Pictures
2008-07-14 18:46:48 0 d-------- C:\Program Files\Maxis
2008-07-13 22:26:40 0 d-a------ C:\Users\All Users\TEMP
2008-07-13 22:15:21 0 d-------- C:\Program Files\AruaROSE
2008-07-13 15:27:38 0 d-------- C:\Users\All Users\Adobe Systems
2008-07-13 15:25:13 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-12 09:27:12 33792 -ra------ C:\Windows\NPSExec.exe <Not Verified; Electronic Arts; Electronic Arts NPSExec>
2008-07-12 09:27:09 0 d-------- C:\Program Files\Electronic Arts
2008-07-12 09:24:15 0 -rahs---- C:\MSDOS.SYS
2008-07-12 09:24:15 0 -rahs---- C:\IO.SYS
2008-07-11 20:20:46 0 d-------- C:\Program Files\IZArc
2008-07-11 19:43:01 0 d-------- C:\Program Files\Alcohol Soft
2008-07-11 19:38:24 716272 --a------ C:\Windows\system32\drivers\sptd.sys
2008-07-11 10:21:37 0 --a------ C:\Windows\PowerReg.dat
2008-07-11 10:19:46 0 d-------- C:\Program Files\Infogrames Interactive
2008-07-10 21:05:19 0 d--h----- C:\$AVG8.VAULT$
2008-07-10 21:04:06 0 d-------- C:\Program Files\Common Files\InterVideo
2008-07-10 21:02:06 0 d-------- C:\Program Files\Windows Media Components
2008-07-10 20:59:19 0 d-------- C:\Users\All Users\Ulead Systems
2008-07-10 19:14:51 0 d-------- C:\Windows\Sun
2008-07-10 18:31:05 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-10 18:27:32 0 d-------- C:\Users\Cody\Incomplete
2008-07-10 18:27:02 0 d-------- C:\Users\Cody\Shared
2008-07-10 18:23:07 0 d-------- C:\Windows\system32\drivers\Avg
2008-07-10 18:23:05 0 d-------- C:\Users\All Users\avg8
2008-07-10 18:23:05 0 d-------- C:\Program Files\AVG
2008-07-10 17:21:31 335 --a------ C:\Windows\nsreg.dat
2008-07-10 17:21:29 118784 --a------ C:\Windows\SeaMonkeyUninstall.exe
2008-07-10 17:21:24 118784 --a------ C:\Windows\GREUninstall.exe
2008-07-10 17:21:22 8653 --a------ C:\Windows\mozver.dat
2008-07-10 17:21:13 0 d-------- C:\Program Files\mozilla.org
2008-07-10 11:38:42 0 d-------- C:\Downloads
2008-07-10 11:36:08 0 d-------- C:\Program Files\SystemRequirementsLab
2008-07-10 11:34:18 0 d-------- C:\Program Files\BitComet
2008-07-10 11:31:27 0 d-------- C:\Program Files\LimeWire
2008-07-10 10:58:51 0 dr------- C:\Users\Cody\Searches
2008-07-10 10:58:41 0 dr------- C:\Users\Cody\Contacts
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\Templates
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\Start Menu
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\SendTo
2008-07-10 10:58:25 0 dr------- C:\Users\Cody\Saved Games
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\Recent
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\PrintHood
2008-07-10 10:58:25 4980736 --ahs---- C:\Users\Cody\NTUSER.DAT
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\NetHood
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\My Documents
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\Local Settings
2008-07-10 10:58:25 0 dr------- C:\Users\Cody\Links
2008-07-10 10:58:25 0 dr------- C:\Users\Cody\Favorites
2008-07-10 10:58:25 0 dr------- C:\Users\Cody\Downloads
2008-07-10 10:58:25 0 dr------- C:\Users\Cody\Documents
2008-07-10 10:58:25 0 dr------- C:\Users\Cody\Desktop
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\Cookies
2008-07-10 10:58:25 0 d--hs---- C:\Users\Cody\Application Data
2008-07-10 10:58:25 0 d--h----- C:\Users\Cody\AppData
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\Templates
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\Start Menu
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\SendTo
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\Recent
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\PrintHood
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\NetHood
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\My Documents
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\Local Settings
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\Cookies
2008-07-10 10:53:57 0 d--hs---- C:\Users\Default\Application Data
2008-07-10 10:53:57 0 d--hs---- C:\Users\All Users\Templates
2008-07-10 10:53:57 0 d--hs---- C:\Users\All Users\Start Menu
2008-07-10 10:53:57 0 d--hs---- C:\Users\All Users\Favorites
2008-07-10 10:53:57 0 d--hs---- C:\Users\All Users\Documents
2008-07-10 10:53:57 0 d--hs---- C:\Users\All Users\Desktop
2008-07-10 10:53:57 0 d--hs---- C:\Users\All Users\Application Data
2008-07-10 10:53:57 0 d--hs---- C:\Documents and Settings


-- Find3M Report ---------------------------------------------------------------

2008-08-06 12:56:16 0 d-------- C:\Users\Cody\AppData\Roaming\Spare Backup
2008-08-05 16:32:10 0 d-------- C:\Program Files\Microsoft Games
2008-08-05 12:40:55 0 d-------- C:\Users\Cody\AppData\Roaming\Auslogics
2008-08-05 12:36:16 0 d-------- C:\Users\Cody\AppData\Roaming\LimeWire
2008-07-30 13:44:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 19:54:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 23:05:07 0 d-------- C:\Program Files\Common Files
2008-07-27 16:49:57 0 d-------- C:\Users\Cody\AppData\Roaming\Hamachi
2008-07-23 18:07:51 0 d-------- C:\Program Files\Intel
2008-07-23 18:03:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-16 17:17:29 0 d-------- C:\Users\Cody\AppData\Roaming\DivX
2008-07-16 17:17:24 0 d-------- C:\Users\Cody\AppData\Roaming\CyberLink
2008-07-16 17:17:18 0 d-------- C:\Program Files\CyberLink
2008-07-16 14:37:18 0 d-------- C:\Users\Cody\AppData\Roaming\Adobe
2008-07-14 16:05:04 0 d-------- C:\Users\Cody\AppData\Roaming\Macromedia
2008-07-13 21:12:35 0 d-------- C:\Users\Cody\AppData\Roaming\WildTangent
2008-07-10 22:18:21 0 d-------- C:\Users\Cody\AppData\Roaming\COWON
2008-07-10 21:10:19 0 d-------- C:\Users\Cody\AppData\Roaming\Ulead Systems
2008-07-10 19:14:50 0 d-------- C:\Users\Cody\AppData\Roaming\Mozilla
2008-07-10 17:02:22 0 d-------- C:\Users\Cody\AppData\Roaming\Atari
2008-07-10 17:00:00 0 d-------- C:\Users\Cody\AppData\Roaming\Leadertech
2008-07-10 12:20:47 174 --ahs---- C:\Program Files\desktop.ini
2008-07-10 12:18:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-10 12:18:06 0 d-------- C:\Program Files\Google
2008-07-10 12:18:06 0 d-------- C:\Program Files\BigFix
2008-07-10 12:16:59 0 d-------- C:\Program Files\Windows Sidebar
2008-07-10 12:16:59 0 d-------- C:\Program Files\Windows Mail
2008-07-10 11:48:35 0 d-------- C:\Users\Cody\AppData\Roaming\Roxio
2008-07-10 11:36:08 0 d-------- C:\Users\Cody\AppData\Roaming\SystemRequirementsLab
2008-07-10 11:16:04 0 d-------- C:\Users\Cody\AppData\Roaming\Google
2008-07-10 10:59:13 0 d-------- C:\Users\Cody\AppData\Roaming\Symantec
2008-07-10 10:58:43 0 d-------- C:\Users\Cody\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{164595ab-94bd-98ed-8fdb-88bc408afd5d}]
07/24/2008 09:25 AM 160768 --a------ C:\Windows\system32\ircxbqqegyg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/25/2008 07:32 PM]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [06/06/2007 02:52 PM]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [06/06/2007 02:52 PM]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [06/06/2007 02:52 PM]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [07/12/2007 07:36 PM]
"SigmatelSysTrayApp "= "sttray.exe" [01/30/2007 04:36 PM C:\Windows\sttray.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/26/2007 08:38 PM]
"Camera Assistant Software "= "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [06/29/2007 07:12 PM]
"Spare Backup "= "C:\Program Files\Spare Backup\SpareBackup.exe" [09/13/2007 07:22 PM]
"NapsterShell "= "C:\Program Files\Napster\napster.exe" []
"mswinlogon "= "C:\Winnt\mswinlogon.exe" []
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/10/2008 06:23 PM]
"UVS11 Preload "= "C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" []
"UVS10 Preload "= "C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [03/07/2006 12:52 AM]
"{0f20c441-f904-a03c-e51d-a427424c700e} "= "C:\Windows\system32\ircxbqqegyg.dll" [07/24/2008 09:25 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [07/10/2008 11:26 AM]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [03/20/2008 12:39 PM]
"VnrPack16 "= "C:\Program Files\VnrPack\VnrPack16.exe" []
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher "=%WINDIR%\SMINST\launcher.exe

C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableLUA "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cb570c-4fa2-11dd-8a66-00e0b8e4bc43}]
AutoRun\command- F:\setup.exe /autorun
dxsetup\command- F:\directx\dxsetup.exe
Register\command- F:\goodies\runshell.exe http://www.microsoft.com/games/product_registration/motocross2/
setup\command- F:\setup.exe /autorun
Web\command- F:\goodies\runshell.exe http://www.microsoft.com/games/motocross2
Zone\command- F:\goodies\ZoneA650.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cb571d-4fa2-11dd-8a66-00e0b8e4bc43}]
AutoRun\command- I:\Setup.exe

*Newly Created Service* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8972 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-06 21:29:35 ------------

 

Hi
OK lets see if Malwarebytes' Anti-Malware will cover this.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a fresh HijackThis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.

Please post the MBAM log and a new dss log.

Thanks
Geri

 

So far that has helped! Thanks so much! If you see anything else in these logs, let me know

Malwarebytes' Anti-Malware 1.24
Database version: 1031
Windows 6.0.6000

1:23:31 PM 8/7/2008
mbam-log-8-7-2008 (13-23-31).txt

Scan type: Quick Scan
Objects scanned: 36977
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{0f20c441-f904-a03c-e51d-a427424c700e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Windows\System32\kBin02 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\VnrPack (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Users\Cody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\ircxbqqegyg.dll (Trojan.FakeAlert) -> Delete on reboot.
--------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:59 PM, on 8/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: bannerstyles browser optimizer - {164595ab-94bd-98ed-8fdb-88bc408afd5d} - C:\Windows\system32\ircxbqqegyg.dll (file missing)
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe "
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe "
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [mswinlogon] C:\Winnt\mswinlogon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [VnrPack16] "C:\Program Files\VnrPack\VnrPack16.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cody\AppData\Local\Temp\{3E99259A-4BD4-4B82-977D-5D5014931B74}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10625 bytes

 

Hi litlpunk
OK please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Sorry it took so long to respond, but before I ran ComboFix, my desktop background disappeared and I couldn't change it and all my thumbnails picture thumbnails were gone. But after running ComboFix, everything is back to normal. As far as I can see at least.

ComboFix 08-08-10.04 - Cody 2008-08-11 8:23:24.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1844 [GMT -4:00]
Running from: C:\Users\Cody\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Cody\AppData\Roaming\macromedia\Flash Player\#SharedObjects\WLA2MWXL\interclick.com
C:\Users\Cody\AppData\Roaming\macromedia\Flash Player\#SharedObjects\WLA2MWXL\interclick.com\ud.sol
C:\Users\Cody\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Cody\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\MSINET.oca
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-10 16:01 . 2008-08-10 16:01 51,355 --a------ C:\Windows\System32\muzika.xm
2008-08-10 15:56 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-08-10 15:50 . 2008-08-10 15:50 <DIR> d-------- C:\Program Files\IObit
2008-08-07 13:28 . 2008-08-09 19:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 13:16 . 2008-08-07 13:16 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Malwarebytes
2008-08-07 13:16 . 2008-08-09 19:43 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-07 13:16 . 2008-08-09 19:43 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-07 13:16 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 13:16 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-07 13:16 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\Deckard
2008-08-06 09:55 . 2008-08-06 10:03 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-06 09:55 . 2008-08-06 10:03 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-06 09:55 . 2008-08-06 09:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-06 09:47 . 2008-08-11 03:01 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-06 09:47 . 2008-08-11 03:01 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-06 09:47 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-06 09:33 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-06 09:32 . 2008-08-06 09:32 <DIR> d-------- C:\Program Files\Panda Security
2008-08-06 09:25 . 2008-08-11 03:01 <DIR> d-------- C:\Windows\BDOSCAN8
2008-08-05 12:40 . 2008-08-05 12:40 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Auslogics
2008-08-05 12:40 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Auslogics
2008-08-05 12:34 . 2008-08-05 12:34 350,208 --a------ C:\Windows\d3drm.dll
2008-08-03 13:15 . 2008-08-03 13:15 <DIR> d-------- C:\Program Files\Xvid
2008-08-03 13:15 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-08-03 13:15 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-03 13:15 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-08-02 22:00 . 2008-08-02 22:00 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-02 22:00 . 2008-08-02 22:00 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-08-01 22:42 . 2008-08-01 22:42 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-01 22:42 . 2008-08-01 22:42 <DIR> d-------- C:\Program Files\CCleaner
2008-07-31 16:08 . 2008-07-31 16:08 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-31 16:08 . 2004-08-17 23:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-07-30 09:57 . 2008-07-30 09:57 246,302 --a------ C:\Windows\strmdll.dll
2008-07-30 09:56 . 2004-09-22 18:45 253,688 --a------ C:\Windows\drmclien.dll
2008-07-30 09:48 . 2008-07-30 09:48 <DIR> d-------- C:\Program Files\Infogrames
2008-07-28 09:54 . 2008-07-28 09:54 <DIR> d-------- C:\Users\All Users\Tages
2008-07-28 09:54 . 2008-07-28 09:54 <DIR> d-------- C:\ProgramData\Tages
2008-07-28 09:53 . 2008-07-28 09:53 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-07-28 09:53 . 2008-07-28 09:53 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-07-27 23:06 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\OpenAL
2008-07-27 23:05 . 2008-07-27 23:05 <DIR> d-------- C:\Windows\System32\AGEIA
2008-07-27 23:05 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 23:05 . 2008-07-27 23:05 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-27 16:14 . 2008-07-27 16:14 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-07-25 12:20 . 2008-07-25 12:20 <DIR> d-------- C:\Temp\epr1
2008-07-25 12:20 . 2008-07-27 15:42 <DIR> d-------- C:\Temp
2008-07-25 12:19 . 2008-07-25 12:19 77 --a------ C:\Users\Cody\4923.bat
2008-07-25 12:18 . 2008-07-25 18:30 64,857 --a------ C:\Windows\System32\unsweveohci.exe
2008-07-25 10:55 . 2008-07-27 16:49 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Hamachi
2008-07-24 16:22 . 2008-07-24 16:22 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-24 16:22 . 2008-07-24 16:22 1,409 --a------ C:\Windows\QTFont.for
2008-07-23 18:07 . 2008-07-23 18:07 <DIR> d-------- C:\SmartSound Software
2008-07-23 18:07 . 1998-11-18 16:33 144,384 --a------ C:\Windows\System32\Iacenc.dll
2008-07-23 18:07 . 1997-06-13 08:56 56,832 --a------ C:\Windows\System32\Iyvu9_32.dll
2008-07-23 18:05 . 2008-07-23 18:05 <DIR> d-------- C:\Users\All Users\InstallShield
2008-07-23 18:05 . 2008-07-23 18:05 <DIR> d-------- C:\ProgramData\InstallShield
2008-07-23 18:05 . 2008-07-24 16:23 <DIR> d-------- C:\Program Files\QuickTime
2008-07-23 18:05 . 2008-08-11 08:12 327 --a------ C:\Windows\Ulead32.ini
2008-07-23 18:03 . 2008-07-23 18:03 <DIR> d-------- C:\Program Files\Ulead Systems
2008-07-23 18:03 . 2008-07-23 18:03 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-23 15:33 . 2003-03-15 22:15 90,112 --a------ C:\Windows\unvise32.exe
2008-07-23 15:31 . 2008-07-23 15:31 <DIR> d-------- C:\Program Files\Pinnacle
2008-07-18 12:33 . 2008-07-18 12:33 <DIR> d-------- C:\Program Files\GoldWave
2008-07-18 12:26 . 2008-07-18 12:27 <DIR> d-------- C:\MyAudio
2008-07-18 12:24 . 2008-07-18 12:26 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-07-16 17:17 . 2008-07-18 10:36 <DIR> d-------- C:\Users\Public\CyberLink
2008-07-16 17:17 . 2008-07-16 17:17 <DIR> d-------- C:\Users\Cody\AppData\Roaming\DivX
2008-07-16 17:17 . 2008-07-16 17:17 <DIR> d-------- C:\Users\Cody\AppData\Roaming\CyberLink
2008-07-16 17:17 . 2008-07-18 10:36 <DIR> d-------- C:\Users\All Users\CyberLink
2008-07-16 17:17 . 2008-07-18 10:36 <DIR> d-------- C:\ProgramData\CyberLink
2008-07-16 17:15 . 2008-07-24 13:58 <DIR> d-------- C:\Users\All Users\SmartSound Software Inc
2008-07-16 17:15 . 2008-07-24 13:58 <DIR> d-------- C:\ProgramData\SmartSound Software Inc
2008-07-16 17:15 . 2008-07-16 17:15 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Users\AppData\AppData
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Program Files\DivX
2008-07-16 17:03 . 2008-07-16 17:03 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 17:03 . 2008-07-16 17:03 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-14 23:31 . 2008-08-05 15:24 <DIR> d-------- C:\Users\Cody\Pictures
2008-07-14 18:46 . 2008-07-18 10:38 <DIR> d-------- C:\Program Files\Maxis
2008-07-13 22:26 . 2008-07-02 16:02 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-13 22:26 . 2008-07-02 16:02 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-13 22:15 . 2008-07-02 15:55 <DIR> d-------- C:\Program Files\AruaROSE
2008-07-13 21:12 . 2008-07-13 21:12 <DIR> d-------- C:\Users\Cody\AppData\Roaming\WildTangent
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-07-13 15:25 . 2008-07-13 15:25 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-12 09:27 . 2008-07-12 09:27 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-12 09:27 . 1997-01-22 22:26 565,760 -ra------ C:\Windows\System32\MSVCP50.DLL
2008-07-12 09:27 . 1999-04-02 16:37 33,792 -ra------ C:\Windows\NPSExec.exe
2008-07-11 20:20 . 2008-07-11 20:20 <DIR> d-------- C:\Program Files\IZArc
2008-07-11 19:43 . 2008-07-11 19:43 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-11 19:38 . 2008-07-11 19:38 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-07-11 18:16 . 2008-07-11 18:16 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-07-11 10:21 . 2008-07-11 10:21 0 --a------ C:\Windows\PowerReg.dat
2008-07-11 10:19 . 2008-07-11 10:19 <DIR> d-------- C:\Program Files\Infogrames Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 12:12 --------- d-----w C:\Users\Cody\AppData\Roaming\Spare Backup
2008-08-11 07:01 --------- d-----w C:\Program Files\Windows Defender
2008-08-11 07:01 --------- d-----w C:\Program Files\Microsoft Works
2008-08-11 01:54 620,088 ----a-w C:\Windows\System32\ci.dll
2008-08-05 20:32 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 16:36 --------- d-----w C:\Users\Cody\AppData\Roaming\LimeWire
2008-07-30 17:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-28 23:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 03:06 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-07-28 03:06 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-07-23 22:07 --------- d-----w C:\Program Files\Intel
2008-07-23 22:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-16 21:17 --------- d-----w C:\Program Files\CyberLink
2008-07-14 01:12 --------- d-----w C:\ProgramData\WildTangent
2008-07-11 02:26 --------- d-----w C:\ProgramData\Ulead Systems
2008-07-11 02:18 --------- d-----w C:\Users\Cody\AppData\Roaming\COWON
2008-07-11 02:10 --------- d-----w C:\Program Files\BitComet
2008-07-11 01:10 --------- d-----w C:\Users\Cody\AppData\Roaming\Ulead Systems
2008-07-11 01:04 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-07-11 01:02 --------- d-----w C:\Program Files\Windows Media Components
2008-07-10 22:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-10 22:23 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-10 22:23 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-10 22:23 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-07-10 22:23 --------- d-----w C:\ProgramData\avg8
2008-07-10 22:23 --------- d-----w C:\Program Files\AVG
2008-07-10 21:21 118,784 ----a-w C:\Windows\SeaMonkeyUninstall.exe
2008-07-10 21:21 118,784 ----a-w C:\Windows\GREUninstall.exe
2008-07-10 21:21 --------- d-----w C:\Program Files\mozilla.org
2008-07-10 21:02 --------- d-----w C:\Users\Cody\AppData\Roaming\Atari
2008-07-10 21:00 --------- d-----w C:\Users\Cody\AppData\Roaming\Leadertech
2008-07-10 16:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 16:20 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 16:18 --------- d-----w C:\Program Files\Google
2008-07-10 16:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-10 16:18 --------- d-----w C:\Program Files\BigFix
2008-07-10 16:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-10 16:16 --------- d-----w C:\Program Files\Windows Mail
2008-07-10 15:54 --------- d-----w C:\ProgramData\Symantec
2008-07-10 15:49 --------- d-----w C:\ProgramData\Napster
2008-07-10 15:48 --------- d-----w C:\Users\Cody\AppData\Roaming\Roxio
2008-07-10 15:39 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-10 15:39 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-07-10 15:36 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-07-10 15:36 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-07-10 15:36 --------- d-----w C:\Users\Cody\AppData\Roaming\SystemRequirementsLab
2008-07-10 15:36 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-10 15:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-10 15:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-10 15:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-10 15:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-10 15:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-07-10 15:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-10 15:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-10 15:34 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-07-10 15:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-07-10 15:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-07-10 15:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-07-10 15:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-07-10 15:33 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-07-10 15:33 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-10 15:33 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-10 15:33 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-07-10 15:33 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-10 15:31 --------- d-----w C:\Program Files\LimeWire
2008-07-10 15:28 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-10 15:27 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-10 15:27 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-10 15:27 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-10 15:27 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-10 15:26 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-07-10 15:26 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-07-10 15:26 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-10 15:26 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-10 15:26 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-10 15:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-10 15:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-10 15:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-10 15:25 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-10 15:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-10 15:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-10 15:25 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-10 15:24 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-10 15:24 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-10 15:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-07-10 15:23 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-10 15:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-07-10 15:23 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
2008-07-10 15:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-07-10 15:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-07-10 15:22 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-07-10 15:22 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-10 15:22 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-10 15:22 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-07-10 15:20 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-10 15:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-10 15:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-07-10 15:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-07-10 15:18 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 15:01 80,896 ----a-w C:\Windows\System32\wudriver.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-10 11:26 1232896]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 12:39 216520]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [2007-06-06 14:52 142104]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [2007-06-06 14:52 154392]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [2007-06-06 14:52 138008]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 19:36 178712]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 20:38 865840]
"Camera Assistant Software "= "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-29 19:12 638976]
"Spare Backup "= "C:\Program Files\Spare Backup\SpareBackup.exe" [2007-09-13 19:22 5252936]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 18:23 1232152]
"UVS10 Preload "= "C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RegistryMechanic "= "C:\Program Files\Registry Mechanic\RMTray.exe" [2007-08-20 11:58 701736]
"SigmatelSysTrayApp "= "sttray.exe" [2007-01-30 16:36 303104 C:\Windows\sttray.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.dvacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{48915A2F-0179-42A2-98B9-5F1A74838222} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E236A792-7DA9-4E02-AB60-4A1C7E8CE5CD} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9A5162A5-4174-4612-B50B-5FD642D794E2} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{4F43105F-3EE8-4399-935E-4F36C3144D6F}C:\\program files\\bitcomet\\bitcomet.exe "= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{77EABE1B-4DED-4114-BB2E-5A902011DC46}C:\\program files\\bitcomet\\bitcomet.exe "= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"{710674F5-586E-4D51-B4CB-22B66152561E} "= UDP:21694:BitCometBeta 21694 TCP
"{94563029-149A-41CE-B594-DD06E19F4325} "= TCP:21694:BitCometBeta 21694 UDP
"{6C65A5BF-01D4-40AE-8A26-43AD44DE899F} "= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{59C88005-D54E-4B0C-872E-6538AD3404FF} "= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{1F62130C-F8CC-484C-9ECE-C57507A64DB1} "= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{B7561A62-7014-42EE-A429-039EB8B88F8F} "= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{44F4817A-DFC0-4A6E-A257-165EED6D5332} "= C:\Program Files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{64521568-E290-401C-8BE3-E26CCA3AB495}C:\\downloads\\star.wars.battlefront.2(pc - rip) + freemultiplayer\\swbf2hash.part01\\star wars battlefront 2 compressed\\gamedata\\battlefrontii.exe "= UDP:C:\downloads\star.wars.battlefront.2(pc - rip) + freemultiplayer\swbf2hash.part01\star wars battlefront 2 compressed\gamedata\battlefrontii.exe:BattlefrontII
"UDP Query User{564CF22B-3432-49ED-8CAE-DCE7689C09E5}C:\\downloads\\star.wars.battlefront.2(pc - rip) + freemultiplayer\\swbf2hash.part01\\star wars battlefront 2 compressed\\gamedata\\battlefrontii.exe "= TCP:C:\downloads\star.wars.battlefront.2(pc - rip) + freemultiplayer\swbf2hash.part01\star wars battlefront 2 compressed\gamedata\battlefrontii.exe:BattlefrontII
"TCP Query User{99E53ED5-32D6-42BA-9552-4161BAD70A62}C:\\program files\\mozilla firefox\\firefox.exe "= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8C284832-C41C-4E4B-A67A-49D9E8C38AA7}C:\\program files\\mozilla firefox\\firefox.exe "= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-10 18:23]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 18:23]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 18:23]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-10 18:23]
R3 MRVW147;Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x);C:\Windows\system32\DRIVERS\MRVW147.sys [2007-08-17 04:42]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-16 00:47]
S3 GameConsoleService;GameConsoleService;C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [2007-08-29 17:58]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cb570c-4fa2-11dd-8a66-00e0b8e4bc43}]
\shell\AutoRun\command - F:\setup.exe /autorun
\shell\dxsetup\command - F:\directx\dxsetup.exe
\shell\Register\command - F:\goodies\runshell.exe http://www.microsoft.com/games/product_registration/motocross2/
\shell\setup\command - F:\setup.exe /autorun
\shell\Web\command - F:\goodies\runshell.exe http://www.microsoft.com/games/motocross2
\shell\Zone\command - F:\goodies\ZoneA650.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cb571d-4fa2-11dd-8a66-00e0b8e4bc43}]
\shell\AutoRun\command - I:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

BHO-{164595ab-94bd-98ed-8fdb-88bc408afd5d} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Cody\AppData\Roaming\Mozilla\Firefox\Profiles\7w7b3mvq.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://cm.my.yahoo.com/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 08:27:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-11 8:29:15
ComboFix-quarantined-files.txt 2008-08-11 12:29:11

Pre-Run: 120,320,815,104 bytes free
Post-Run: 120,294,416,384 bytes free

321 --- E O F --- 2008-07-31 18:11:36

 

Hi
OK we need a few files scanned, so please do this.

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • C:\Windows\System32\vp6vfw.dll
    C:\Windows\unvise32.exe
    C:\Windows\System32\Iacenc.dll
    C:\Windows\System32\ci.dll
• Click on the submit button
  
• Please post the results in your next reply.

Now please do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\Windows\System32\muzika.xm
C:\Users\Cody\4923.bat
C:\Windows\System32\unsweveohci.exe
C:\Windows\QTFont.qfn
C:\Windows\QTFont.for

Folder::
C:\Temp\epr1 

Please post the Combofix log and the Jotti results.

Thanks
Geri

 

Ok the online scan found nothing on any of the files. And here's the Log for ComboFix:

ComboFix 08-08-12.01 - Cody 2008-08-12 17:14:36.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.1.1033.18.1735 [GMT -4:00]
Running from: C:\Users\Cody\Downloads\ComboFix.exe
Command switches used :: C:\Users\Cody\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Cody\4923.bat
C:\Windows\QTFont.for
C:\Windows\QTFont.qfn
C:\Windows\System32\muzika.xm
C:\Windows\System32\unsweveohci.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\epr1
C:\Users\Cody\4923.bat
C:\Windows\QTFont.for
C:\Windows\QTFont.qfn
C:\Windows\System32\muzika.xm
C:\Windows\System32\unsweveohci.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-10 15:56 . 2004-08-04 08:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-08-10 15:50 . 2008-08-10 15:50 <DIR> d-------- C:\Program Files\IObit
2008-08-07 13:28 . 2008-08-09 19:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 13:16 . 2008-08-07 13:16 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Malwarebytes
2008-08-07 13:16 . 2008-08-09 19:43 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-07 13:16 . 2008-08-09 19:43 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-07 13:16 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 13:16 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-07 13:16 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-06 21:25 . 2008-08-06 21:25 <DIR> d-------- C:\Deckard
2008-08-06 09:55 . 2008-08-06 10:03 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-06 09:55 . 2008-08-06 10:03 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-06 09:55 . 2008-08-06 09:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-06 09:47 . 2008-08-11 03:01 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-06 09:47 . 2008-08-11 03:01 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-06 09:47 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-06 09:33 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-06 09:32 . 2008-08-06 09:32 <DIR> d-------- C:\Program Files\Panda Security
2008-08-06 09:25 . 2008-08-11 03:01 <DIR> d-------- C:\Windows\BDOSCAN8
2008-08-05 12:40 . 2008-08-05 12:40 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Auslogics
2008-08-05 12:40 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Auslogics
2008-08-05 12:34 . 2008-08-05 12:34 350,208 --a------ C:\Windows\d3drm.dll
2008-08-03 13:15 . 2008-08-03 13:15 <DIR> d-------- C:\Program Files\Xvid
2008-08-03 13:15 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-08-03 13:15 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-03 13:15 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-08-02 22:00 . 2008-08-02 22:00 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-08-02 22:00 . 2008-08-02 22:00 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-08-01 22:42 . 2008-08-01 22:42 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-01 22:42 . 2008-08-01 22:42 <DIR> d-------- C:\Program Files\CCleaner
2008-07-31 16:08 . 2008-07-31 16:08 <DIR> d-------- C:\Program Files\EA GAMES
2008-07-31 16:08 . 2004-08-17 23:14 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-07-30 09:57 . 2008-07-30 09:57 246,302 --a------ C:\Windows\strmdll.dll
2008-07-30 09:56 . 2004-09-22 18:45 253,688 --a------ C:\Windows\drmclien.dll
2008-07-30 09:48 . 2008-07-30 09:48 <DIR> d-------- C:\Program Files\Infogrames
2008-07-28 09:54 . 2008-07-28 09:54 <DIR> d-------- C:\Users\All Users\Tages
2008-07-28 09:54 . 2008-07-28 09:54 <DIR> d-------- C:\ProgramData\Tages
2008-07-28 09:53 . 2008-07-28 09:53 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-07-28 09:53 . 2008-07-28 09:53 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-07-27 23:06 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\OpenAL
2008-07-27 23:05 . 2008-07-27 23:05 <DIR> d-------- C:\Windows\System32\AGEIA
2008-07-27 23:05 . 2008-08-11 03:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 23:05 . 2008-07-27 23:05 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-27 16:14 . 2008-07-27 16:14 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-07-25 12:20 . 2008-08-12 17:14 <DIR> d-------- C:\Temp
2008-07-25 10:55 . 2008-07-27 16:49 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Hamachi
2008-07-23 18:07 . 2008-07-23 18:07 <DIR> d-------- C:\SmartSound Software
2008-07-23 18:07 . 1998-11-18 16:33 144,384 --a------ C:\Windows\System32\Iacenc.dll
2008-07-23 18:07 . 1997-06-13 08:56 56,832 --a------ C:\Windows\System32\Iyvu9_32.dll
2008-07-23 18:05 . 2008-07-23 18:05 <DIR> d-------- C:\Users\All Users\InstallShield
2008-07-23 18:05 . 2008-07-23 18:05 <DIR> d-------- C:\ProgramData\InstallShield
2008-07-23 18:05 . 2008-07-24 16:23 <DIR> d-------- C:\Program Files\QuickTime
2008-07-23 18:05 . 2008-08-11 08:12 327 --a------ C:\Windows\Ulead32.ini
2008-07-23 18:03 . 2008-07-23 18:03 <DIR> d-------- C:\Program Files\Ulead Systems
2008-07-23 18:03 . 2008-07-23 18:03 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-23 15:33 . 2003-03-15 22:15 90,112 --a------ C:\Windows\unvise32.exe
2008-07-23 15:31 . 2008-07-23 15:31 <DIR> d-------- C:\Program Files\Pinnacle
2008-07-18 12:33 . 2008-07-18 12:33 <DIR> d-------- C:\Program Files\GoldWave
2008-07-18 12:26 . 2008-07-18 12:27 <DIR> d-------- C:\MyAudio
2008-07-18 12:24 . 2008-07-18 12:26 <DIR> d-------- C:\Program Files\AoA Audio Extractor
2008-07-16 17:17 . 2008-07-18 10:36 <DIR> d-------- C:\Users\Public\CyberLink
2008-07-16 17:17 . 2008-07-16 17:17 <DIR> d-------- C:\Users\Cody\AppData\Roaming\DivX
2008-07-16 17:17 . 2008-07-16 17:17 <DIR> d-------- C:\Users\Cody\AppData\Roaming\CyberLink
2008-07-16 17:17 . 2008-07-18 10:36 <DIR> d-------- C:\Users\All Users\CyberLink
2008-07-16 17:17 . 2008-07-18 10:36 <DIR> d-------- C:\ProgramData\CyberLink
2008-07-16 17:15 . 2008-07-24 13:58 <DIR> d-------- C:\Users\All Users\SmartSound Software Inc
2008-07-16 17:15 . 2008-07-24 13:58 <DIR> d-------- C:\ProgramData\SmartSound Software Inc
2008-07-16 17:15 . 2008-07-16 17:15 <DIR> d-------- C:\Program Files\SmartSound Software
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Users\AppData\AppData
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Program Files\DivX
2008-07-16 17:03 . 2008-07-16 17:03 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 17:03 . 2008-07-16 17:03 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-14 23:31 . 2008-08-05 15:24 <DIR> d-------- C:\Users\Cody\Pictures
2008-07-14 18:46 . 2008-07-18 10:38 <DIR> d-------- C:\Program Files\Maxis
2008-07-13 22:26 . 2008-07-02 16:02 <DIR> d-a------ C:\Users\All Users\TEMP
2008-07-13 22:26 . 2008-07-02 16:02 <DIR> d-a------ C:\ProgramData\TEMP
2008-07-13 22:15 . 2008-07-02 15:55 <DIR> d-------- C:\Program Files\AruaROSE
2008-07-13 21:12 . 2008-07-13 21:12 <DIR> d-------- C:\Users\Cody\AppData\Roaming\WildTangent
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-07-13 15:27 . 2008-07-13 15:27 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-07-13 15:25 . 2008-07-13 15:25 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-12 09:27 . 2008-07-12 09:27 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-12 09:27 . 1997-01-22 22:26 565,760 -ra------ C:\Windows\System32\MSVCP50.DLL
2008-07-12 09:27 . 1999-04-02 16:37 33,792 -ra------ C:\Windows\NPSExec.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 12:12 --------- d-----w C:\Users\Cody\AppData\Roaming\Spare Backup
2008-08-11 07:01 --------- d-----w C:\Program Files\Windows Defender
2008-08-11 07:01 --------- d-----w C:\Program Files\Microsoft Works
2008-08-11 01:54 620,088 ----a-w C:\Windows\System32\ci.dll
2008-08-05 20:32 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 16:36 --------- d-----w C:\Users\Cody\AppData\Roaming\LimeWire
2008-07-30 17:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-28 23:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 03:06 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-07-28 03:06 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-07-23 22:07 --------- d-----w C:\Program Files\Intel
2008-07-23 22:03 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-16 21:17 --------- d-----w C:\Program Files\CyberLink
2008-07-14 01:12 --------- d-----w C:\ProgramData\WildTangent
2008-07-12 00:20 --------- d-----w C:\Program Files\IZArc
2008-07-11 23:43 --------- d-----w C:\Program Files\Alcohol Soft
2008-07-11 23:38 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-07-11 14:19 --------- d-----w C:\Program Files\Infogrames Interactive
2008-07-11 02:26 --------- d-----w C:\ProgramData\Ulead Systems
2008-07-11 02:18 --------- d-----w C:\Users\Cody\AppData\Roaming\COWON
2008-07-11 02:10 --------- d-----w C:\Program Files\BitComet
2008-07-11 01:10 --------- d-----w C:\Users\Cody\AppData\Roaming\Ulead Systems
2008-07-11 01:04 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-07-11 01:02 --------- d-----w C:\Program Files\Windows Media Components
2008-07-10 22:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-10 22:23 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-07-10 22:23 69,128 ----a-w C:\Windows\system32\drivers\avgwfpx.sys
2008-07-10 22:23 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-07-10 22:23 --------- d-----w C:\ProgramData\avg8
2008-07-10 22:23 --------- d-----w C:\Program Files\AVG
2008-07-10 21:21 118,784 ----a-w C:\Windows\SeaMonkeyUninstall.exe
2008-07-10 21:21 118,784 ----a-w C:\Windows\GREUninstall.exe
2008-07-10 21:21 --------- d-----w C:\Program Files\mozilla.org
2008-07-10 21:02 --------- d-----w C:\Users\Cody\AppData\Roaming\Atari
2008-07-10 21:00 --------- d-----w C:\Users\Cody\AppData\Roaming\Leadertech
2008-07-10 16:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 16:20 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 16:18 --------- d-----w C:\Program Files\Google
2008-07-10 16:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-10 16:18 --------- d-----w C:\Program Files\BigFix
2008-07-10 16:16 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-10 16:16 --------- d-----w C:\Program Files\Windows Mail
2008-07-10 15:54 --------- d-----w C:\ProgramData\Symantec
2008-07-10 15:49 --------- d-----w C:\ProgramData\Napster
2008-07-10 15:48 --------- d-----w C:\Users\Cody\AppData\Roaming\Roxio
2008-07-10 15:39 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-10 15:39 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-07-10 15:36 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-07-10 15:36 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-07-10 15:36 --------- d-----w C:\Users\Cody\AppData\Roaming\SystemRequirementsLab
2008-07-10 15:36 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-10 15:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-10 15:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-10 15:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-10 15:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-10 15:34 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-07-10 15:34 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-07-10 15:34 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-07-10 15:34 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-07-10 15:34 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-07-10 15:34 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-07-10 15:34 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-07-10 15:34 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-07-10 15:33 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-07-10 15:33 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-10 15:33 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-10 15:33 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-07-10 15:33 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-10 15:31 --------- d-----w C:\Program Files\LimeWire
2008-07-10 15:28 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-10 15:27 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-10 15:27 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-10 15:27 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-10 15:27 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-10 15:26 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-07-10 15:26 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-07-10 15:26 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-10 15:26 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-10 15:26 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-10 15:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-10 15:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-10 15:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-10 15:25 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-10 15:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-10 15:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-10 15:25 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-10 15:24 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-10 15:24 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-10 15:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-07-10 15:23 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-10 15:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-07-10 15:23 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
2008-07-10 15:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-07-10 15:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-07-10 15:22 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-07-10 15:22 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-10 15:22 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-10 15:22 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-07-10 15:20 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-10 15:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-11_ 8.28.29.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-11 03:03:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-12 02:38:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-11 03:03:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-12 02:38:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-11 03:03:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-12 02:38:22 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-11 12:23:09 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-12 21:14:31 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-10 11:26 1232896]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 12:39 216520]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "C:\Windows\system32\igfxtray.exe" [2007-06-06 14:52 142104]
"HotKeysCmds "= "C:\Windows\system32\hkcmd.exe" [2007-06-06 14:52 154392]
"Persistence "= "C:\Windows\system32\igfxpers.exe" [2007-06-06 14:52 138008]
"IAAnotif "= "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 19:36 178712]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 20:38 865840]
"Camera Assistant Software "= "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" [2007-06-29 19:12 638976]
"Spare Backup "= "C:\Program Files\Spare Backup\SpareBackup.exe" [2007-09-13 19:22 5252936]
"AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 18:23 1232152]
"UVS10 Preload "= "C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52 36864]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RegistryMechanic "= "C:\Program Files\Registry Mechanic\RMTray.exe" [2007-08-20 11:58 701736]
"SigmatelSysTrayApp "= "sttray.exe" [2007-01-30 16:36 303104 C:\Windows\sttray.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc "= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.dvacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm "= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{48915A2F-0179-42A2-98B9-5F1A74838222} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E236A792-7DA9-4E02-AB60-4A1C7E8CE5CD} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9A5162A5-4174-4612-B50B-5FD642D794E2} "= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{4F43105F-3EE8-4399-935E-4F36C3144D6F}C:\\program files\\bitcomet\\bitcomet.exe "= UDP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"UDP Query User{77EABE1B-4DED-4114-BB2E-5A902011DC46}C:\\program files\\bitcomet\\bitcomet.exe "= TCP:C:\program files\bitcomet\bitcomet.exe:BitCometBeta - a BitTorrent Client
"{710674F5-586E-4D51-B4CB-22B66152561E} "= UDP:21694:BitCometBeta 21694 TCP
"{94563029-149A-41CE-B594-DD06E19F4325} "= TCP:21694:BitCometBeta 21694 UDP
"{6C65A5BF-01D4-40AE-8A26-43AD44DE899F} "= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{59C88005-D54E-4B0C-872E-6538AD3404FF} "= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{1F62130C-F8CC-484C-9ECE-C57507A64DB1} "= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{B7561A62-7014-42EE-A429-039EB8B88F8F} "= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{44F4817A-DFC0-4A6E-A257-165EED6D5332} "= C:\Program Files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{64521568-E290-401C-8BE3-E26CCA3AB495}C:\\downloads\\star.wars.battlefront.2(pc - rip) + freemultiplayer\\swbf2hash.part01\\star wars battlefront 2 compressed\\gamedata\\battlefrontii.exe "= UDP:C:\downloads\star.wars.battlefront.2(pc - rip) + freemultiplayer\swbf2hash.part01\star wars battlefront 2 compressed\gamedata\battlefrontii.exe:BattlefrontII
"UDP Query User{564CF22B-3432-49ED-8CAE-DCE7689C09E5}C:\\downloads\\star.wars.battlefront.2(pc - rip) + freemultiplayer\\swbf2hash.part01\\star wars battlefront 2 compressed\\gamedata\\battlefrontii.exe "= TCP:C:\downloads\star.wars.battlefront.2(pc - rip) + freemultiplayer\swbf2hash.part01\star wars battlefront 2 compressed\gamedata\battlefrontii.exe:BattlefrontII
"TCP Query User{99E53ED5-32D6-42BA-9552-4161BAD70A62}C:\\program files\\mozilla firefox\\firefox.exe "= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8C284832-C41C-4E4B-A67A-49D9E8C38AA7}C:\\program files\\mozilla firefox\\firefox.exe "= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1 "= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-10 18:23]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 18:23]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 18:23]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-10 18:23]
R3 MRVW147;Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x);C:\Windows\system32\DRIVERS\MRVW147.sys [2007-08-17 04:42]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-16 00:47]
S3 GameConsoleService;GameConsoleService;C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [2007-08-29 17:58]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cb570c-4fa2-11dd-8a66-00e0b8e4bc43}]
\shell\AutoRun\command - F:\setup.exe /autorun
\shell\dxsetup\command - F:\directx\dxsetup.exe
\shell\Register\command - F:\goodies\runshell.exe http://www.microsoft.com/games/product_registration/motocross2/
\shell\setup\command - F:\setup.exe /autorun
\shell\Web\command - F:\goodies\runshell.exe http://www.microsoft.com/games/motocross2
\shell\Zone\command - F:\goodies\ZoneA650.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cb571d-4fa2-11dd-8a66-00e0b8e4bc43}]
\shell\AutoRun\command - I:\Setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 17:16:46
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 17:18:07
ComboFix-quarantined-files.txt 2008-08-12 21:18:04
ComboFix2.txt 2008-08-11 12:29:16

Pre-Run: 121,777,618,944 bytes free
Post-Run: 121,750,962,176 bytes free

319 --- E O F --- 2008-07-31 18:11:36

 

Hi litlpunk
OK that's good.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now lets get a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri