Win32:Trojen-gen {Other}, Win32:CTX, Win32:Mudrop-U[Trj] & Win32:Agent-XIT

Hi I just joined this forum today.

I have been getting Win32:Trojen-gen {Other}, Win32:CTX, Win32:Mudrop-U[Trj] & Win32:Agent-XIT reported in Avast! which seems to be a common thing, something like a False positive mentioned on many other forums.

Anyway I have noticed a real slowdown which hasn't happened before, I run Diskeeper and Registry Mechanic on a daily basis. Diskeeper shows Healthy on all drives. I have a Intel Core 2 Duo 2.66 with 2gigs of Kingston HyperX gamer RAM and run Windows XP Pro SP2 which is up to date with security updates etc.

I have installed Avast, Malwarebytes' Anti-Malware, winpatrol, a-squared, ewido anti-spyware, spywareblaster, SUPERAntiSpyware.


Heres my Malwarebytes' Anti-Malware log


Malwarebytes' Anti-Malware 1.19
Database version: 924
Windows 5.1.2600 Service Pack 2

12:05:18 p.m. 6/07/2008
mbam-log-7-6-2008 (12-05-18).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 109844
Time elapsed: 59 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Deckard's System Scanner v20071014.68
Run by baka on 2008-07-06 12:28:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-06 00:29:18 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-05 23:15:45 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as baka.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:10, on 6/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\baka\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Trend Micro\HijackThis\baka.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe "
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" /start
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe "
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Xnet Usage Monitor.lnk = C:\Program Files\Xnet Usage Monitor\XNetUsage.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1206663584687
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11050 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 ASUSVRC (ASUSTeK Virtual Capture Device) - c:\windows\system32\drivers\asusvrc.sys <Not Verified; ASUSTeK COMPUTER INC.; Microsoft(R) Windows NT(R) Operating System>

S3 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver>
S3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2C575ACB&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
Service: i8042prt

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F03\4&2C575ACB&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F03\4&2C575ACB&0
Service: i8042prt

Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt


-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-05 20:59:08 0 d------c- C:\Program Files\Allok Video Joiner
2008-07-05 17:55:41 0 d------c- C:\Program Files\Trend Micro
2008-07-03 20:06:16 0 d------c- C:\Documents and Settings\All Users\Application Data\Brother
2008-07-03 19:08:32 0 d------c- C:\Program Files\AVG
2008-07-02 19:30:08 0 d------c- C:\Program Files\SpywareBlaster
2008-07-02 19:27:40 0 d------c- C:\Program Files\SpywareGuard
2008-07-02 19:08:56 0 d------c- C:\Program Files\Spyware Doctor
2008-07-02 19:08:56 0 d------c- C:\Documents and Settings\baka\Application Data\PC Tools
2008-07-02 16:55:33 0 d------c- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-02 16:55:29 0 d------c- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-02 16:50:10 0 d--h---c- C:\Documents and Settings\Administrator\Templates
2008-07-02 16:50:10 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2008-07-02 16:50:10 0 dr-h---c- C:\Documents and Settings\Administrator\SendTo
2008-07-02 16:50:10 0 d--h---c- C:\Documents and Settings\Administrator\Recent
2008-07-02 16:50:10 0 d--h---c- C:\Documents and Settings\Administrator\PrintHood
2008-07-02 16:50:10 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-02 16:50:10 0 d--h---c- C:\Documents and Settings\Administrator\NetHood
2008-07-02 16:50:10 0 d------c- C:\Documents and Settings\Administrator\My Documents
2008-07-02 16:50:10 0 d--h---c- C:\Documents and Settings\Administrator\Local Settings
2008-07-02 16:50:10 0 d------c- C:\Documents and Settings\Administrator\Favorites
2008-07-02 16:50:10 0 d------c- C:\Documents and Settings\Administrator\Desktop
2008-07-02 16:50:10 0 d--hs--c- C:\Documents and Settings\Administrator\Cookies
2008-07-02 16:50:10 0 dr-h---c- C:\Documents and Settings\Administrator\Application Data
2008-07-02 16:50:10 0 d---s--c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-02 16:37:55 0 d------c- C:\Documents and Settings\baka\Application Data\Webroot
2008-07-02 16:29:20 0 d------c- C:\Documents and Settings\baka\Application Data\HouseCall 6.6
2008-07-02 16:17:27 0 d------c- C:\Program Files\Webroot
2008-07-02 16:15:46 0 d------c- C:\Documents and Settings\baka\Application Data\WinPatrol
2008-07-02 16:15:42 0 d------c- C:\Program Files\BillP Studios
2008-07-02 16:15:33 164 --a----c- C:\install.dat
2008-07-02 15:28:05 0 d------c- C:\Program Files\Enigma Software Group
2008-07-02 15:15:49 0 d------c- C:\!KillBox
2008-07-02 15:13:56 0 d------c- C:\Program Files\Panda Security
2008-07-02 14:58:55 0 d------c- C:\bintheredunthat
2008-07-02 14:41:54 0 d------c- C:\BFU
2008-07-01 23:59:45 0 d------c- C:\Program Files\Microsoft IntelliType Pro
2008-07-01 23:57:41 0 d------c- C:\Program Files\Microsoft IntelliType Pro 5.5
2008-07-01 23:54:58 0 d------c- C:\Program Files\Microsoft IntelliPoint
2008-07-01 18:13:50 53248 --a----c- C:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-07-01 15:49:55 0 d------c- C:\Program Files\Square Soft, Inc
2008-07-01 15:48:34 314880 --a----c- C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-01 15:31:21 0 d------c- C:\Documents and Settings\baka\Application Data\AptEdit
2008-07-01 15:30:49 0 d------c- C:\Program Files\Brother Technology
2008-07-01 15:20:53 0 d------c- C:\Program Files\Driver-Soft
2008-06-29 22:10:37 0 d------c- C:\Program Files\Torrent Harvester
2008-06-28 15:26:52 0 -ra----c- C:\logwmemory.bin
2008-06-28 11:40:05 24 --a----c- C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80271102}.dat
2008-06-28 11:40:05 24 --a----c- C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80271102}.dat
2008-06-26 17:06:57 0 d--hs--c- C:\Diskeeper
2008-06-26 16:02:44 0 d------c- C:\Program Files\TubeSucker
2008-06-26 15:13:01 0 d------c- C:\Program Files\PerformanceTest
2008-06-26 14:57:18 0 d------c- C:\Program Files\Ashampoo
2008-06-26 13:53:44 0 d------c- C:\Documents and Settings\baka\Shared
2008-06-26 13:53:42 0 d------c- C:\Documents and Settings\baka\Incomplete
2008-06-26 13:53:35 0 d------c- C:\Documents and Settings\baka\Application Data\FrostWire
2008-06-26 13:53:10 0 d------c- C:\Program Files\FrostWire
2008-06-26 13:15:57 0 d------c- C:\Program Files\Your Uninstaller 2008
2008-06-26 12:51:31 17920 ---hs--c- C:\Program Files\Common Files\smsse.exe
2008-06-26 11:58:41 0 d--h---c- C:\WINDOWS\PIF
2008-06-24 19:07:08 0 d------c- C:\WINDOWS\NV23562784.TMP
2008-06-19 20:02:07 0 d------c- C:\Program Files\SUPERAntiSpyware
2008-06-16 19:01:38 0 d------c- C:\Documents and Settings\baka\Application Data\StudyMinder
2008-06-16 19:01:23 0 d------c- C:\Program Files\StudyMinder_LITE
2008-06-10 13:30:10 0 d------c- C:\Documents and Settings\baka\Application Data\DSVE-GUI
2008-06-08 16:17:37 0 d------c- C:\Documents and Settings\baka\Application Data\IDM
2008-06-08 16:17:37 0 d------c- C:\Documents and Settings\baka\Application Data\DMCache
2008-06-08 16:17:33 0 d------c- C:\Program Files\Internet Download Manager
2008-06-08 14:46:23 0 d------c- C:\Program Files\StepMania
2008-06-07 12:43:33 0 d------c- C:\WINDOWS\Sun
2008-06-07 12:43:33 0 d------c- C:\Documents and Settings\baka\Application Data\Sun
2008-06-06 15:36:29 0 d------c- C:\NeoDs


-- Find3M Report ---------------------------------------------------------------

2008-07-06 12:33:22 0 d------c- C:\Documents and Settings\baka\Application Data\uTorrent
2008-07-06 12:32:25 0 d------c- C:\Documents and Settings\baka\Application Data\Free Download Manager
2008-07-06 10:46:50 8405015 --a----c- C:\WINDOWS\TempFile
2008-07-05 19:53:40 0 d------c- C:\Program Files\ewido anti-spyware 4.0
2008-07-04 20:54:29 0 d------c- C:\Program Files\a-squared Free
2008-07-03 09:20:15 0 d------c- C:\Program Files\Mozilla Thunderbird
2008-07-02 17:45:12 0 d------c- C:\Program Files\KWMUSIC
2008-07-02 12:36:04 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 17:51:05 0 d------c- C:\Program Files\Xnet Usage Monitor
2008-07-01 16:18:25 0 d------c- C:\Documents and Settings\baka\Application Data\BITS
2008-07-01 12:53:51 0 d------c- C:\Program Files\Oni
2008-07-01 12:53:50 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 11:44:26 590 --a----c- C:\WINDOWS\system32\admshare.dat
2008-06-26 18:01:09 0 d------c- C:\Program Files\Common Files
2008-06-26 15:03:49 0 d------c- C:\Documents and Settings\baka\Application Data\LimeWire
2008-06-26 13:53:15 0 d------c- C:\Program Files\LimeWire
2008-06-26 13:18:41 0 d------c- C:\Program Files\Your Uninstaller 2006
2008-06-26 13:16:02 0 d------c- C:\Documents and Settings\baka\Application Data\URSoft
2008-06-23 09:28:25 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-06-22 19:37:31 0 d------c- C:\Documents and Settings\baka\Application Data\ppstream
2008-06-22 19:32:30 0 d------c- C:\Program Files\Common Files\Autodesk Shared
2008-06-22 19:32:30 0 d------c- C:\Program Files\Autodesk
2008-06-18 18:06:39 0 d------c- C:\Documents and Settings\baka\Application Data\Autodesk
2008-06-03 19:07:37 0 d------c- C:\Program Files\AviSynth 2.5
2008-06-03 18:31:58 0 d------c- C:\Program Files\eRightSoft
2008-06-03 17:50:57 0 d------c- C:\Program Files\Witcobber
2008-06-03 17:17:40 0 d------c- C:\Program Files\Allok MPEG4 Converter
2008-06-03 17:16:53 0 d------c- C:\Program Files\Common Files\Download Manager
2008-06-03 16:07:46 0 d------c- C:\Program Files\Common Files\DVDVideoSoft
2008-06-03 16:07:42 0 d------c- C:\Program Files\DVDVideoSoft
2008-06-03 15:59:51 0 d------c- C:\Program Files\YouTube Downloader
2008-06-01 16:22:26 664 --a----c- C:\WINDOWS\system32\d3d9caps.dat
2008-06-01 15:26:36 0 d------c- C:\Program Files\RogueRemover FREE
2008-06-01 14:47:54 3750 --a----c- C:\WINDOWS\system32\tmp.reg
2008-06-01 13:38:08 0 d------c- C:\Program Files\OpenAL
2008-06-01 04:15:41 0 d------c- C:\Program Files\Java
2008-06-01 04:12:24 0 d------c- C:\Program Files\Common Files\Java
2008-05-29 09:35:36 86528 --a----c- C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-27 15:41:32 0 d------c- C:\Program Files\Common Files\DirectX
2008-05-27 14:36:36 0 d------c- C:\Program Files\WinPcap
2008-05-24 15:37:33 0 d------c- C:\Program Files\Microsoft Silverlight
2008-05-18 21:40:35 82944 --a----c- C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-18 21:40:35 82944 --a----c- C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 14:01:00 1630208 --a----c- C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a----c- C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a----c- C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a----c- C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a----c- C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a----c- C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a----c- C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a----c- C:\WINDOWS\system32\keystone.exe
2008-05-11 21:39:31 0 d------c- C:\Program Files\FlashGet Network
2008-05-06 20:24:06 0 d------c- C:\Program Files\Sierra
2008-05-06 18:51:03 0 d------c- C:\Program Files\Alcohol Soft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 13:07]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:07]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 13:07]
"RTHDCPL "= "RTHDCPL.EXE" [11/04/2007 03:28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel "= "SkyTel.EXE" [05/04/2007 05:22 C:\WINDOWS\SkyTel.exe]
"Alcmtr "= "ALCMTR.EXE" [04/05/2005 06:43 C:\WINDOWS\Alcmtr.exe]
"NvCplDaemon "= "RUNDLL32.exe" [04/08/2004 13:07 C:\WINDOWS\system32\rundll32.exe]
"nwiz "= "nwiz.exe" [16/05/2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [16/01/2008 10:54]
"NeroFilterCheck "= "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [30/03/2008 07:37]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/05/2007 03:06]
"WINDVDPatch "= "CTHELPER.EXE" [02/07/2002 17:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [11/05/2000 01:00]
"Jet Detection "= "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [29/11/2001 01:00]
"ezShieldProtector for Px "= "C:\WINDOWS\system32\ezSP_Px.exe" [20/08/2002 10:29]
"RegistryMechanic "=" " []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]
"NvMediaCenter "= "RUNDLL32.exe" [04/08/2004 13:07 C:\WINDOWS\system32\rundll32.exe]
"IntelliPoint "= "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 12:01]
"itype "= "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [04/12/2005 16:38]
"WinPatrol "= "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [26/04/2008 05:31]
"ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [10/06/2008 21:22]
"SpySweeper "= "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/03/2007 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:07]
"ASUS SmartDoctor "= "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [18/07/2007 15:20]
"µTorrent "= "C:\Program Files\uTorrent\utorrent.exe" [29/03/2008 15:48]
"uTorrent "= "C:\Program Files\uTorrent\utorrent.exe" [29/03/2008 15:48]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34]
"Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [25/02/2008 20:17]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [06/05/2008 20:14]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35]
"IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [23/06/2008 23:07]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

C:\Documents and Settings\baka\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [29/08/2003 7:05:35 p.m.]
Xnet Usage Monitor.lnk - C:\Program Files\Xnet Usage Monitor\XNetUsage.exe [1/04/2008 5:12:04 p.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks "=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "




-- Hosts -----------------------------------------------------------------------

0.0.0.0 123spywar.com
0.0.0.0 www.123spywar.com
0.0.0.0 1spyware-removal.com
0.0.0.0 www.1spyware-removal.com
0.0.0.0 1stspywar.com
0.0.0.0 www.1stspywar.com
0.0.0.0 abletostop.com
0.0.0.0 www.abletostop.com
0.0.0.0 adarmor6.com
0.0.0.0 www.adarmor6.com

3685 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-06 13:13:49 ------------


So if anyone could help me get my computer back to a working state it would very much appreciated.

Thanks

 

Welcome to WindowsBBS baka101

Wow, you've thrown a mass of tools at this machine. SmitfraudFix, alcanshortyBFU, etc. I realize you want to resolve your problem, but it's not wise to just start running all these tools. They should only be used where the targeted infections are present. Mind telling me what you used Killbox for?

For the record, I see you're using several P2P applications. I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

Additionally, these apps often run in the background when you start your computer (I see uTorrent running in your log), consuming cpu cycles and bandwidth. This could be a major contributor to your slowdown.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


When did this performance degradation begin? Can you think of a software app that was installed, or maybe a Windows Update that was applied, just prior to the slowdown? I see you have Alcohol ..... there have been a number of reports of performance issues with one of their drivers. You might try uninstalling it to see if there's any change.

You've got a couple of broken file associations. Lets fix those. Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

• Click Start>Run and paste the command in, then hit enter.
• An interface of Deckards file association fix will open.
• Click Scan.
• Check the box next to the following entries, then click Fix.
  • .reg
  • .scr
• Exit when complete.

Could you give us a bit more info on those Avast detections? Filenames and locations, etc.

 

Oh, I also meant to ask, did you install the beta Internet Explorer 8 at any time? And, where did you get the HOSTS file?

 

I always had Utorrent and never had problems with it in the past and never contributed towards system slowing down even when running in the background, it would be strange if now that it is the reason for the slowdown.

The reason for all the tools i downloaded was i checked other forums about ridding win32 problems and they used killbox etc to get rid of them. I have installed Internet Explorer through a windows update but I only use Firefox. The slow down happened about 2 weeks ago not sure where it came from.

Did you find anything in my logs to find out what was wrong with my system like a particular line of text or path where there was a problem, should I run a panda scan online or should I download a program to help me out.

I ran that line of text in the RUN command and repaired those two things thanks.

My Avast! log


6/07/2008 07:37:59 SYSTEM 1516 An error has occured while attempting to update. Please check the logs.
6/07/2008 07:14:56 SYSTEM 1516 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
3/07/2008 20:07:49 SYSTEM 1668 An error has occured while attempting to update. Please check the logs.
3/07/2008 20:07:23 SYSTEM 1668 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
3/07/2008 09:11:23 baka 4008 Sign of "Win32:Trojan-gen {Other}" has been found in "E:\System Volume Information\_restore{8E9D9BA8-4D4C-4A55-95C8-41CE5D71C9CE}\RP179\A0084125.exe\123.exe" file.
3/07/2008 01:16:40 SYSTEM 1628 An error has occured while attempting to update. Please check the logs.
3/07/2008 01:16:14 SYSTEM 1628 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.

There was to much to post so I had to trim it

Thanks

 

E:\System Volume Information\_restore .... etc points to a System Restore point.

What I did see in your logs, and the reason I asked if you had installed Internet Explorer 8 (specifically IE8), is the presence of the following file.

C:\Program Files\Common Files\smsse.exe

Your logs still show IE7, so I'm guessing that if IE8 had been installed, it would have been intentionally, then subsequently uninstalled. If that is not the case, lets unhide that file and get it analyzed. Highlight and copy the following bolded command, quotes included.

attrib -h -s "C:\Program Files\Common Files\smsse.exe "


Click Start>Run and type cmd then hit enter to open a command window.
Right click the command window then paste in the command.
Hit enter, then close the command window.

Now, please go to Virus Total and click Browse.
Navigate to C:\Program Files\Common Files, locate and select the smsse.exe file, then click Send File.
Wait for the file to be analyzed and all scan engines have reported, then copy the results and post it back here.

 

I tried uploading to virus total but it never uploaded, I left my computer all day and night yet it never uploaded had that dialogue box to not close it and I didn't

Any other suggestions, plus something strange is happening my PC is having 1minute pause ups I am doing something then it will pause for a minute and I cant do anything.

Please help me again noahdfear

Thanks

 

See if you're able to upload it to my submission channel. It shouldn't take moere than a few seconds to upload once you have browsed to, selected then clicked upload. Leave a link back to this topic please.

 

Use Killbox to delete that nasty guy. It's a delf variant.

C:\Program Files\Common Files\smsse.exe

Now lets make sure it doesn't have any friends hiding. Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Thanks once again killbox deleted C:\Program Files\Common Files\smsse.exe and ran ComboFix here is my log


ComboFix 08-07-05.1 - baka 2008-07-07 21:40:10.1 - NTFSx86
Running from: C:\Documents and Settings\baka\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\z1

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-05 20:59 . 2008-07-05 21:27 <DIR> d----c--- C:\Program Files\Allok Video Joiner
2008-07-05 17:55 . 2008-07-05 17:55 <DIR> d----c--- C:\Program Files\Trend Micro
2008-07-03 20:06 . 2008-07-03 20:06 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Brother
2008-07-03 19:08 . 2008-07-04 20:49 <DIR> d----c--- C:\Program Files\AVG
2008-07-02 19:30 . 2008-07-03 17:14 <DIR> d----c--- C:\Program Files\SpywareBlaster
2008-07-02 19:27 . 2008-07-04 22:30 <DIR> d----c--- C:\Program Files\SpywareGuard
2008-07-02 19:08 . 2008-07-07 21:04 <DIR> d----c--- C:\Program Files\Spyware Doctor
2008-07-02 16:29 . 2008-07-02 16:37 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\HouseCall 6.6
2008-07-02 16:17 . 2008-07-02 16:17 <DIR> d----c--- C:\Program Files\Webroot
2008-07-02 16:15 . 2008-07-02 16:15 <DIR> d----c--- C:\Program Files\BillP Studios
2008-07-02 16:15 . 2008-07-02 16:15 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\WinPatrol
2008-07-02 15:28 . 2008-07-04 20:54 <DIR> d----c--- C:\Program Files\Enigma Software Group
2008-07-02 15:13 . 2008-07-02 15:14 <DIR> d----c--- C:\Program Files\Panda Security
2008-07-01 23:59 . 2008-07-01 23:59 <DIR> d----c--- C:\Program Files\Microsoft IntelliType Pro
2008-07-01 23:57 . 2008-07-01 23:57 <DIR> d----c--- C:\Program Files\Microsoft IntelliType Pro 5.5
2008-07-01 23:54 . 2008-07-01 23:55 <DIR> d----c--- C:\Program Files\Microsoft IntelliPoint
2008-07-01 15:49 . 2008-07-01 15:49 <DIR> d----c--- C:\Program Files\Square Soft, Inc
2008-07-01 15:31 . 2008-07-01 15:31 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\AptEdit
2008-07-01 15:30 . 2008-07-01 15:30 <DIR> d----c--- C:\Program Files\Brother Technology
2008-07-01 15:20 . 2008-07-01 15:20 <DIR> d----c--- C:\Program Files\Driver-Soft
2008-06-29 22:10 . 2008-06-29 22:10 <DIR> d----c--- C:\Program Files\Torrent Harvester
2008-06-26 16:02 . 2008-06-28 10:40 <DIR> d----c--- C:\Program Files\TubeSucker
2008-06-26 15:13 . 2008-06-26 15:13 <DIR> d----c--- C:\Program Files\PerformanceTest
2008-06-26 14:57 . 2008-06-26 14:57 <DIR> d----c--- C:\Program Files\Ashampoo
2008-06-26 13:53 . 2008-06-26 13:53 <DIR> d----c--- C:\Program Files\FrostWire
2008-06-26 13:53 . 2008-06-26 13:54 <DIR> d----c--- C:\Documents and Settings\baka\Shared
2008-06-26 13:53 . 2008-06-26 15:03 <DIR> d----c--- C:\Documents and Settings\baka\Incomplete
2008-06-26 13:53 . 2008-06-26 14:19 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\FrostWire
2008-06-26 13:15 . 2008-06-26 13:20 <DIR> d----c--- C:\Program Files\Your Uninstaller 2008
2008-06-19 20:02 . 2008-07-02 12:42 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-06-16 19:01 . 2008-06-16 19:01 <DIR> d----c--- C:\Program Files\StudyMinder_LITE
2008-06-16 19:01 . 2008-06-16 19:07 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\StudyMinder
2008-06-10 13:30 . 2008-06-10 13:30 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\DSVE-GUI
2008-06-08 16:17 . 2008-06-26 15:03 <DIR> d----c--- C:\Program Files\Internet Download Manager
2008-06-08 16:17 . 2008-06-19 16:05 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\IDM
2008-06-08 16:17 . 2008-07-07 21:18 <DIR> d----c--- C:\Documents and Settings\baka\Application Data\DMCache
2008-06-08 14:46 . 2008-06-11 17:46 <DIR> d----c--- C:\Program Files\StepMania

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 11:55 --------- dc----w C:\Documents and Settings\baka\Application Data\Free Download Manager
2008-07-07 09:16 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 06:55 --------- dc----w C:\Documents and Settings\baka\Application Data\uTorrent
2008-07-07 04:34 --------- dc----w C:\Program Files\Mozilla Thunderbird
2008-07-06 06:38 --------- dc----w C:\Program Files\Oni
2008-07-06 06:33 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 04:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-07-06 04:58 --------- dc----w C:\Program Files\ASUS
2008-07-06 04:14 --------- dc----w C:\Program Files\Konami
2008-07-05 07:53 --------- dc----w C:\Program Files\ewido anti-spyware 4.0
2008-07-04 08:54 --------- dc----w C:\Program Files\a-squared Free
2008-07-02 05:45 --------- dc----w C:\Program Files\KWMUSIC
2008-07-02 04:15 164 -c--a-w C:\install.dat
2008-07-01 05:51 --------- dc----w C:\Program Files\Xnet Usage Monitor
2008-07-01 04:18 --------- dc----w C:\Documents and Settings\baka\Application Data\BITS
2008-07-01 00:53 --------- dc----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-29 05:26 360,064 -c--a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-06-29 05:26 360,064 -c--a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-06-28 03:26 0 -c--a-r C:\logwmemory.bin
2008-06-28 02:16 34,296 -c--a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-28 02:16 17,144 -c--a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-26 03:03 --------- dc----w C:\Documents and Settings\baka\Application Data\LimeWire
2008-06-26 01:53 --------- dc----w C:\Program Files\LimeWire
2008-06-26 01:18 --------- dc----w C:\Program Files\Your Uninstaller 2006
2008-06-26 01:16 --------- dc----w C:\Documents and Settings\baka\Application Data\URSoft
2008-06-22 07:37 --------- dc----w C:\Documents and Settings\baka\Application Data\ppstream
2008-06-22 07:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-06-22 07:32 --------- dc----w C:\Program Files\Common Files\Autodesk Shared
2008-06-22 07:32 --------- dc----w C:\Program Files\Autodesk
2008-06-18 06:06 --------- dc----w C:\Documents and Settings\baka\Application Data\Autodesk
2008-06-13 13:10 272,128 -c----w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 07:07 --------- dc----w C:\Program Files\AviSynth 2.5
2008-06-03 06:31 --------- dc----w C:\Program Files\eRightSoft
2008-06-03 05:50 --------- dc----w C:\Program Files\Witcobber
2008-06-03 05:17 --------- dc----w C:\Program Files\Allok MPEG4 Converter
2008-06-03 05:16 --------- dc----w C:\Program Files\Common Files\Download Manager
2008-06-03 04:07 --------- dc----w C:\Program Files\DVDVideoSoft
2008-06-03 04:07 --------- dc----w C:\Program Files\Common Files\DVDVideoSoft
2008-06-03 03:59 --------- dc----w C:\Program Files\YouTube Downloader
2008-06-01 04:55 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-01 03:26 --------- dc----w C:\Program Files\RogueRemover FREE
2008-06-01 02:47 3,750 -c--a-w C:\WINDOWS\system32\tmp.reg
2008-06-01 01:38 444,952 -c--a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-01 01:38 --------- dc----w C:\Program Files\OpenAL
2008-05-31 16:15 --------- dc----w C:\Program Files\Java
2008-05-31 16:12 --------- dc----w C:\Program Files\Common Files\Java
2008-05-31 05:07 --------- dc----w C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-28 21:35 86,528 -c--a-w C:\WINDOWS\system32\VACFix.exe
2008-05-27 03:41 --------- dc----w C:\Program Files\Common Files\DirectX
2008-05-27 02:36 --------- dc----w C:\Program Files\WinPcap
2008-05-24 03:37 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-05-18 09:40 82,944 -c--a-w C:\WINDOWS\system32\IEDFix.exe
2008-05-18 09:40 82,944 -c--a-w C:\WINDOWS\system32\404Fix.exe
2008-05-15 23:48 446,464 -c--a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-05-11 09:39 --------- dc----w C:\Program Files\FlashGet Network
2008-05-08 12:28 202,752 -c--a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 04:35 53,248 -c--a-w C:\WINDOWS\system32\CSVer.dll
2008-04-28 00:29 805,400 -c--a-r C:\WINDOWS\system32\tmp312.tmp
2008-04-28 00:29 805,400 -c--a-r C:\WINDOWS\system32\tmp311.tmp
2008-04-23 04:16 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 14:16 59,488 -c--a-w C:\WINDOWS\system32\GenSvcInst.exe
2008-04-22 14:16 145,504 -c--a-w C:\WINDOWS\system32\bgsvcgen.exe
2006-05-03 09:06 163,328 -csha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 -csha-r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 -csha-w C:\WINDOWS\system32\Smab0.dll
.

------- Sigcheck -------

2007-10-31 04:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 13:07 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-06-29 17:26 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-06-29 17:26 360064 8283a4d489b207991efdc8328733d0bc C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:07 15360]
"µTorrent "= "C:\Program Files\uTorrent\utorrent.exe" [2008-03-29 15:48 219952]
"uTorrent "= "C:\Program Files\uTorrent\utorrent.exe" [2008-03-29 15:48 219952]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"Free Download Manager "= "C:\Program Files\Free Download Manager\fdm.exe" [2008-02-25 20:17 2465839]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-05-06 20:14 4608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
"IDMan "= "C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-23 23:07 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:07 208952]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:07 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:07 455168]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2008-01-16 10:54 37376]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-30 07:37 79224]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection "= "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"ezShieldProtector for Px "= "C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"IntelliPoint "= "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"itype "= "C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 16:38 437008]
"Ai Nap "= "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 12:55 1413120]
"CPU Power Monitor "= "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 10:17 627200]
"Cpu Level Up help "= "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 20:03 881152]
"ASUS Energy Saving "= "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 10:42 1352704]
"MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 13:07 158208]
"RTHDCPL "= "RTHDCPL.EXE" [2007-04-11 03:28 16126464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel "= "SkyTel.EXE" [2007-04-05 05:22 1822720 C:\WINDOWS\SkyTel.exe]
"nwiz "= "nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]
"WINDVDPatch "= "CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:07 15360]

C:\Documents and Settings\baka\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= i420vfw.dll
"vidc.asv2 "= asusasv2.dll
"vidc.yv12 "= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^baka^Start Menu^Programs^Startup^Xnet Usage Monitor.lnk]
path=C:\Documents and Settings\baka\Start Menu\Programs\Startup\Xnet Usage Monitor.lnk
backup=C:\WINDOWS\pss\Xnet Usage Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a--c--- 2007-07-18 15:20 1114112 C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a--c--- 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a--c--- 2008-05-28 10:33 1506544 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe "=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe "=
"C:\\Program Files\\FlashGet Network\\Flashget\\LiveUpdateEx.exe "=
"C:\\Program Files\\KWMUSIC\\KwMV.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=


*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-WinPatrol - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 23:45:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 0:35:16
ComboFix-quarantined-files.txt 2008-07-07 12:32:51

Pre-Run: 95,857,905,664 bytes free
Post-Run: 95,837,786,112 bytes free

223 --- E O F --- 2008-06-22 04:51:24

 

And requested HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:51:13, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe "
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe "
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe "
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe "
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1206663584687
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9547 bytes

 

My system restore is disabled should I re-enable it, anything else you want me to download or do to get my computer to a good work state.

Thanks

 

Hi baka,

Yes, see if you can re-enable System Restore and let me know.

Things are looking good. Lets get an online scan done. Please scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log to this topic.
Let me know about any issues you are having.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 08, 2008 2:06:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/07/2008
Kaspersky Anti-Virus database records: 923697
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87435
Number of viruses found: 6
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 02:27:20

Infected Object Name / Virus Name / Last Action
C:\!KillBox\smsse.exe Infected: Backdoor.Win32.Delf.imd skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\cert8.db Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\history.dat Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\key3.db Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\parent.lock Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\search.sqlite Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\baka\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\History\History.IE5\MSHist012008070820080709\index.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\Free Download Manager\ticB6.tmp Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\Perflib_Perfdata_2bb0.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\~DF53B9.tmp Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\~DFCD39.tmp Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\baka\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\baka\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080707-183146.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\System Volume Information\_restore{8E9D9BA8-4D4C-4A55-95C8-41CE5D71C9CE}\RP12\change.log Object is locked skipped
C:\System Volume Information\_restore{8E9D9BA8-4D4C-4A55-95C8-41CE5D71C9CE}\RP7\A0003045.exe Infected: Trojan-Downloader.Win32.CodecPack.a skipped
C:\System Volume Information\_restore{8E9D9BA8-4D4C-4A55-95C8-41CE5D71C9CE}\RP7\A0004037.exe Infected: Trojan-GameThief.Win32.OnLineGames.saoh skipped
C:\System Volume Information\_restore{8E9D9BA8-4D4C-4A55-95C8-41CE5D71C9CE}\RP7\A0004078.exe Infected: Backdoor.Win32.Delf.imd skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{547AD3FD-5DF7-4BD3-90B4-6DA1DF8F93E3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_90.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.EXE/data0000.cab/AVGAS-~1.EXE Infected: Backdoor.Win32.Agobot.aoz skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.EXE/data0000.cab Infected: Backdoor.Win32.Agobot.aoz skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.EXE Rsrc-Package: infected - 2 skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.zip/AVG AntiSpyware 7.5 Professional !!.EXE/data0000.cab/AVGAS-~1.EXE Infected: Backdoor.Win32.Agobot.aoz skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.zip/AVG AntiSpyware 7.5 Professional !!.EXE/data0000.cab Infected: Backdoor.Win32.Agobot.aoz skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.zip/AVG AntiSpyware 7.5 Professional !!.EXE Infected: Backdoor.Win32.Agobot.aoz skipped
E:\SOFTWARE\AVG AntiSpyware 7.5 Professional !!.zip ZIP: infected - 3 skipped
E:\SOFTWARE\Internet.Download.Manager.5.12.Build.11.Incl.Patch-UnREal\Patch\internet.download.manager.5.xx.retail-patch.exe Infected: Trojan-GameThief.Win32.OnLineGames.saoh skipped
E:\SOFTWARE\Youtube Google Video Grabber Retail\Setup.exe Infected: Trojan.Win32.Monder.ahw skipped
E:\System Volume Information\_restore{8E9D9BA8-4D4C-4A55-95C8-41CE5D71C9CE}\RP12\change.log Object is locked skipped

Scan process completed.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:59, on 8/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SpywareGuard\sgmain.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe "
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe "
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe "
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe "
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe "
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe "
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe "
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [IDMan] "C:\Program Files\Internet Download Manager\IDMan.exe" /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: UseFlashGet - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1206663584687
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 9777 bytes

 

I re-enabled system restore, my computer still is lagging unfortunately.

Thanks

 

Did you by chance get the packages in the E:\SOFTWARE folder via uTorrent, another P2P app or a crack site? Several are infected.

AVG AntiSpyware 7.5 Professional !!.EXE
AVG AntiSpyware 7.5 Professional !!.zip
Internet.Download.Manager.5.12.Build.11.Incl.Patch-UnREal
Youtube Google Video Grabber Retail

If you installed any of these I recommend you make haste to uninstall them, and delete those setup packages.

You also need to delete the following file.

C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt

And the C:\!KillBox folder, as well as Killbox.exe
Delete the next 2 tmp files.

C:\WINDOWS\system32\tmp312.tmp
C:\WINDOWS\system32\tmp311.tmp


Once finished, empty the recycle bin.

Your new system restore point is now infected with the above files as well, so once you've removed those, continue as follows. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

Make sure that a new system restore point has indeed been created, and if not, turn system restore off, reboot and turn it back on.

Now lets do some more house cleaning and see if we can get the system up to par. We'll start with a Disk Cleanup. Click Start>Run and type the following line (or copy/paste it) then hit Enter

cleanmgr /sageset:1

A disk cleanup dialog will open. Select all boxes (you can skip Compress old files if there's a large number of them, as it might take up to a couple of hours to complete) then click OK.
Now click Start>Run and type this command then hit Enter

cleanmgr /sagerun:1

Be patient and don't try to multitask while disk cleanup runs.
Once disk cleanup has finished, download ATF Cleaner by Atribune and save it to your Desktop. (I realize this might seem redundant, but it's not)

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

Now open My Computer and right click Local Disk C: then select Properties.
Select the Tools tab then click Check Now in the Error Checking section
Select both boxes on the popup, then click Start
You should receive a message that disk check cannot be performed and offered to run it at the next restart. Click Yes.
Now reboot.

A disk Check will run after restart, before you ever get to the logon screen.
Once finished and again logged on, go back to the Tools tab and run Defragmentation
I recommend you not run any other applications while defragmenting, and disabling the screen saver and Power Saving options is recommended as well. Other disk activity during defrag slows the process considerably.
Figure on a 2 or 3 beer wait for defrag

Now, P2P - I'm not passing judgment on file-sharing as a concept. However, I will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

Additionally, these apps often run in the background when you start your computer (I see uTorrent running in your log), consuming cpu cycles and bandwidth. This could be a major contributor to your slowdown.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.


Once you're done, run another online scan with Kaspersky and post the results here. Let me know how the computer is behaving.

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 08, 2008 9:36:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/07/2008
Kaspersky Anti-Virus database records: 924835
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 83242
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:50:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\cert8.db Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\history.dat Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\key3.db Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\parent.lock Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\search.sqlite Object is locked skipped
C:\Documents and Settings\baka\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\baka\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Application Data\Mozilla\Firefox\Profiles\jbw2zfym.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\baka\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\Free Download Manager\tic22.tmp Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\Perflib_Perfdata_9e4.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\~DF936D.tmp Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temp\~DFE31B.tmp Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\baka\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\baka\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\baka\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080708-180646.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{547AD3FD-5DF7-4BD3-90B4-6DA1DF8F93E3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_600.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


As you can see it is clean, thank you very much my computer is back to the speed it was before this all happened. Question is there a place I can go to find out how to read hijack logs to establish which is not supposed to be there etc, or self diagnose any future problems that may arise, I thought of having avast scanning the completed torrent in future once the download is complete, and I am a avid torrent downloader so I cant curb this.

Thanks once again you really give my computer a great bill of health.

 

That's great baka! Good job!

Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!

There are plenty of HijackThis tutorials around, easily found via google. They will give you the basic, and when coupled with google you can get a pretty good idea of what's right and what's not. Folks like myself and Geri that do this all of the time spend a great deal of time studying, testing and collaborating with others in an attempt to keep up with the ever spreading malware explosion.

Scanning may not be good enough. Many new things every day, and somebody has got to get infected with it, then submit it to the antivirus companies before they can add it to their database. Additionally, many malwares are not detected by antivirus at all, because they don't fall into the virus classification, despite behaving like one. Bottom line is, if you continue using p2p apps, you will always be more susceptible to getting infected. You might also find that at some point, people like myself will give up trying to help users that continue to open their doors to the flood gates of p2p once they've been warned of, and experienced, the dangers of it.