Solved Wont let me customize backround?

[Resolved] Wont let me customize backround?

Ive scanned and gone through and deleted some invisible applications from running that were blocking my task manager and regedit, ive used hijack this and RemoveRestrictionsTool and followed directions on the microsoft website to get back control of my desktop but still not working. here is my hijack this report, if anyone could take a minute to give me ANY help at all it would be greatly appreciated thanks a ton!

Logfile of HijackThis v1.99.1
Scan saved at 4:11:39 AM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\3xHybridRMT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Chris R\Desktop\RRT.exe auto
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

UPDATE!! RSIT LOG
It only opened up one log when I scanned it from 3months back here are the details:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Chris R at 2008-12-18 21:41:48
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 41 GB (54%) free of 76 GB
Total RAM: 3327 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:59 PM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\3xHybridRMT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris R\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris R.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Chris R\Desktop\RRT.exe auto
O4 - HKLM\..\RunServices: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\WINDOWS\system32\aaclientv.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O22 - SharedTaskScheduler: Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9698 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-28 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ALi5289 "=C:\Program Files\ULI5289\ALi5289.exe [2005-03-10 405504]
"CTHelper "=C:\WINDOWS\system32\CTHELPER.EXE [2006-12-12 19456]
"CTxfiHlp "=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-12-12 20480]
"UpdReg "=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ATIPTA "=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-12-07 344064]
"NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"BtcMaestro "=C:\Program Files\HP Multimedia Keyboard\KMaestro.exe [2005-02-20 245760]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup []
"ISUSScheduler "=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"COMODO Firewall Pro "=C:\Program Files\Comodo\Firewall\CPF.exe [2007-08-20 1115728]
"BluetoothAuthenticationAgent "=C:\WINDOWS\system32\bthprops.cpl [2008-04-13 110592]
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"TV Card Remote Control Device Monitor "=C:\WINDOWS\3xHybridRMT.exe [2008-03-17 466944]
"UpdateWin "=C:\WINDOWS\system32\aaclientv.exe [2008-12-12 40960]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RRT-Auto "=C:\Documents and Settings\Chris R\Desktop\RRT.exe [2008-12-18 140288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"ATI Launchpad "= []
"ATI DeviceDetect "=C:\Program Files\ATI Multimedia\main\ATIDtct.EXE [2006-10-31 57344]
"Uniblue RegistryBooster 2 "=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S []
"Aim6 "= []
"ATI Scheduler "=C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE [2006-10-31 26624]
"mount.exe "=C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe [2008-04-11 374272]
"UpdateWin "=C:\WINDOWS\system32\aaclientv.exe [2008-12-12 40960]

C:\Documents and Settings\Chris R\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IPC Configuration Utility - IPC Configuration Utility
Windows Installer Class - {020487CC-FC04-4B1E-863F-D9801796230B}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"DisableTaskMgr "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoSetActiveDesktop "=
"NoActiveDesktopChanges "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\BearShare\BearShare.exe "= "C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
"C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\60325cahp25cas.exe "= "C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\60325cahp25cas.exe:*:Enabled:Enabled "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56629c2a-e877-11da-87ff-00508d7e5d8d}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede2e0c-5527-11dd-b174-00508d7e5d8d}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe


======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 3 months======

2008-12-18 21:40:04 ----D---- C:\rsit
2008-12-18 21:40:04 ----D---- C:\Program Files\trend micro
2008-12-14 20:03:02 ----D---- C:\Program Files\Motorola Phone Tools
2008-12-12 07:25:23 ----A---- C:\WINDOWS\wdmon.exe
2008-12-12 07:25:12 ----A---- C:\WINDOWS\vlc.exe
2008-12-12 07:23:21 ----RSH---- C:\WINDOWS\system32\aaclientv.exe
2008-12-12 07:22:38 ----A---- C:\WINDOWS\odb.exe
2008-12-12 06:53:53 ----A---- C:\U.exe
2008-12-11 07:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:37:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:37:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 05:26:26 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-11-25 22:06:52 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-25 22:06:52 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-25 00:40:48 ----D---- C:\Documents and Settings\Chris R\Application Data\Sony
2008-11-25 00:37:49 ----D---- C:\Program Files\Sony
2008-11-25 00:31:55 ----D---- C:\Program Files\MSBuild
2008-11-25 00:31:48 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-25 00:22:23 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-25 00:22:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-16 17:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-16 16:49:03 ----A---- C:\DBS.TXT
2008-11-16 16:39:46 ----D---- C:\Documents and Settings\Chris R\Application Data\InstallShield
2008-11-16 16:37:41 ----D---- C:\Program Files\Avanquest update
2008-11-12 19:28:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-12 19:28:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-12 19:28:31 ----A---- C:\WINDOWS\system32\java.exe
2008-11-11 23:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 23:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 23:30:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-08 00:51:03 ----D---- C:\DVDVideoSoft
2008-11-08 00:50:31 ----D---- C:\Program Files\DVDVideoSoft
2008-11-08 00:50:31 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-11-05 23:43:08 ----D---- C:\Documents and Settings\Chris R\Application Data\Sytexis Software
2008-11-05 23:43:08 ----A---- C:\wsr.txt
2008-11-05 23:19:35 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-11-05 23:19:08 ----D---- C:\Program Files\NCH Software
2008-11-05 23:13:29 ----D---- C:\Program Files\WMR11
2008-10-31 06:20:34 ----D---- C:\Program Files\Common Files\Stardock
2008-10-31 06:20:33 ----D---- C:\Program Files\Stardock
2008-10-23 22:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 17:34:36 ----D---- C:\Documents and Settings\Chris R\Application Data\Printer Info Cache
2008-10-16 02:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 00:33:20 ----D---- C:\Program Files\iTunes
2008-10-13 00:33:20 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 18:43:14 ----D---- C:\Program Files\Google Video
2008-09-30 16:43:34 ----A---- C:\WINDOWS\system32\msxml4.dll

======List of files/folders modified in the last 3 months======

2008-12-18 21:41:54 ----D---- C:\WINDOWS\TEMP
2008-12-18 21:40:27 ----D---- C:\WINDOWS\Prefetch
2008-12-18 21:40:04 ----D---- C:\Program Files
2008-12-18 13:17:28 ----D---- C:\WINDOWS
2008-12-18 04:11:29 ----D---- C:\HJT
2008-12-18 04:05:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 04:05:24 ----SD---- C:\WINDOWS\Tasks
2008-12-18 04:01:01 ----D---- C:\WINDOWS\system32
2008-12-18 04:00:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-18 03:00:32 ----HD---- C:\WINDOWS\inf
2008-12-18 03:00:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 03:00:27 ----D---- C:\WINDOWS\ie7updates
2008-12-18 03:00:19 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 03:30:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-17 00:05:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 23:37:12 ----SHD---- C:\WINDOWS\Installer
2008-12-16 23:37:12 ----HD---- C:\Config.Msi
2008-12-16 23:37:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-16 02:21:14 ----D---- C:\My Downloads
2008-12-14 20:03:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-14 20:03:02 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 20:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 23:44:43 ----D---- C:\Program Files\SpywareBlaster
2008-12-12 23:39:43 ----HD---- C:\$AVG8.VAULT$
2008-12-11 07:39:00 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:38:49 ----D---- C:\Program Files\Internet Explorer
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 05:32:36 ----RSD---- C:\WINDOWS\assembly
2008-12-07 03:07:08 ----A---- C:\WINDOWS\cdplayer.ini
2008-12-01 21:21:49 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-01 21:19:01 ----D---- C:\Documents and Settings\Chris R\Application Data\Aim
2008-11-25 22:06:51 ----D---- C:\WINDOWS\Help
2008-11-25 04:45:33 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-25 02:04:07 ----D---- C:\Documents and Settings\All Users\Application Data\ATI MMC
2008-11-25 00:45:18 ----D---- C:\Program Files\Sony Setup
2008-11-25 00:32:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-25 00:31:52 ----RSD---- C:\WINDOWS\Fonts
2008-11-25 00:31:52 ----D---- C:\WINDOWS\system32\en-US
2008-11-25 00:19:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 04:13:36 ----D---- C:\Program Files\Java
2008-11-17 06:40:59 ----D---- C:\Program Files\Adobe
2008-11-16 17:14:55 ----D---- C:\Program Files\AIM6
2008-11-16 17:14:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-16 17:14:01 ----A---- C:\WINDOWS\atid.ini
2008-11-16 17:13:06 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-16 16:55:37 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2008-11-16 16:54:39 ----A---- C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link.txt
2008-11-11 23:30:08 ----D---- C:\WINDOWS\WinSxS
2008-11-08 00:50:31 ----D---- C:\Program Files\Common Files
2008-11-08 00:46:22 ----D---- C:\Program Files\FlvGrabber
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 18:43:16 ----D---- C:\Documents and Settings\Chris R\Application Data\AdobeUM
2008-10-21 18:42:12 ----D---- C:\Program Files\Common Files\Adobe
2008-10-17 17:34:37 ----D---- C:\Documents and Settings\Chris R\Application Data\Image Zone Express
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-10-13 21:02:04 ----D---- C:\Program Files\Apple Software Update
2008-10-13 00:33:22 ----D---- C:\Program Files\iPod
2008-10-13 00:32:34 ----D---- C:\Program Files\QuickTime
2008-10-13 00:32:16 ----D---- C:\Program Files\Common Files\Apple
2008-10-03 04:02:42 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-28 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-07-03 26824]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 CmdMon;Comodo Application Engine; C:\WINDOWS\System32\DRIVERS\cmdmon.sys [2007-08-20 75520]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-07-03 76040]
R2 KeyMaestro;KeyMaestro; C:\WINDOWS\system32\DRIVERS\Maestro1.sys [2003-07-17 7850]
R3 3xHybrid;SAA7130 TV Card Service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2008-03-17 716160]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2007-06-13 169344]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-12-19 511288]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-06-18 514560]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-12-19 14648]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-12-19 156984]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-12-19 90936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 1160504]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-02-02 26752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-12-19 128312]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 713xTVCard;SAA7130 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2008-03-17 279552]
S2 WDMTVTuner;Universal WDM TV Tuner; C:\WINDOWS\system32\drivers\WDMTuner.sys [2008-03-17 25984]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 ATI Remote Wonder II;ATI Remote Wonder II; C:\WINDOWS\system32\drivers\ATIRWVD.SYS []
S3 atinevxx;ATI WDM Rage Theater Video NSP; C:\WINDOWS\system32\DRIVERS\atinevxx.sys [2005-02-01 165888]
S3 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atineuxx.sys [2005-02-01 56320]
S3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2005-02-01 55296]
S3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\system32\DRIVERS\atinesxx.sys [2005-02-01 74240]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 AVCSTRM;AVC Streaming Filter Driver; C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2008-04-13 13696]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 catchme;catchme; \??\C:\DOCUME~1\CHRISR~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device; C:\WINDOWS\system32\DRIVERS\mstape.sys [2008-04-13 49024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2005-02-01 15360]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PCDCODEC;ATI WDM Specialized PCD Codec; C:\WINDOWS\system32\DRIVERS\atinpdxx.sys [2005-02-01 14848]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-06-27 9856]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-02-10 22768]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-22 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 CmdAgent;Comodo Application Agent; C:\Program Files\Comodo\Firewall\cmdagent.exe [2007-08-20 361040]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

Hi bronskater,

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

thanks for taking the time, here is the combofix report:

ComboFix 08-12-18.01 - Chris R 2008-12-19 2:06:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2621 [GMT -6:00]
Running from: c:\documents and settings\Chris R\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris R\Application Data\~tmp.html
C:\u.exe
c:\windows\system32\app.exe
c:\windows\system32\Process.exe
c:\windows\system32\ps.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\taskkill.exe
c:\windows\vlc.exe
c:\windows\wdmon.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-18 23:11 . 2008-12-18 23:11 <DIR> d-------- c:\program files\Motorola
2008-12-18 21:40 . 2008-12-18 21:40 <DIR> d-------- C:\rsit
2008-12-18 21:40 . 2008-12-18 21:41 <DIR> d-------- c:\program files\trend micro
2008-12-18 03:48 . 2008-12-18 03:48 16,244 --a------ c:\windows\system32\rrt_is.wav
2008-12-18 03:48 . 2008-12-18 03:48 7,302 --a------ c:\windows\system32\rrt_vf.wav
2008-12-18 03:48 . 2008-12-18 03:48 7,148 --a------ c:\windows\system32\rrt_tv.wav
2008-12-18 03:48 . 2008-12-18 03:48 6,282 --a------ c:\windows\system32\rrt_tn.wav
2008-12-16 23:37 . 2008-08-21 18:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-12-16 23:37 . 2008-08-21 18:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-12-14 20:03 . 2008-12-18 23:11 <DIR> d-------- c:\program files\Motorola Phone Tools
2008-12-12 07:23 . 2008-12-12 07:02 40,960 -r-hs---- c:\windows\system32\aaclientv.exe
2008-12-12 07:22 . 2008-12-12 07:22 233,984 --a------ c:\windows\odb.exe
2008-12-07 05:26 . 2008-12-07 05:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-25 22:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-25 22:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-25 00:41 . 2008-12-07 05:29 156 --a------ c:\windows\Twunk001.MTX
2008-11-25 00:41 . 2008-12-07 05:29 2 --a------ c:\windows\Twain001.Mtx
2008-11-25 00:41 . 2008-11-25 00:41 0 --a------ c:\windows\Twunk002.MTX
2008-11-25 00:40 . 2008-11-25 00:50 <DIR> d-------- c:\documents and settings\Chris R\Application Data\Sony
2008-11-25 00:37 . 2008-12-07 05:26 <DIR> d-------- c:\program files\Sony
2008-11-25 00:31 . 2008-11-25 00:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-25 00:31 . 2008-11-25 00:31 <DIR> d-------- c:\program files\MSBuild
2008-11-25 00:22 . 2008-11-25 00:22 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 05:07 --------- d-----w c:\program files\Avanquest update
2008-12-17 09:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-15 02:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-13 05:44 --------- d-----w c:\program files\SpywareBlaster
2008-12-02 03:19 --------- d-----w c:\documents and settings\Chris R\Application Data\Aim
2008-11-25 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2008-11-25 06:45 --------- d-----w c:\program files\Sony Setup
2008-11-24 10:13 --------- d-----w c:\program files\Java
2008-11-24 10:07 --------- d-----w c:\program files\Google Video
2008-11-16 23:14 --------- d-----w c:\program files\AIM6
2008-11-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-16 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-16 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-16 22:39 --------- d-----w c:\documents and settings\Chris R\Application Data\InstallShield
2008-11-16 22:36 24,192 ----a-w c:\documents and settings\Chris R\usbsermptxp.sys
2008-11-16 22:36 22,768 ----a-w c:\documents and settings\Chris R\usbsermpt.sys
2008-11-08 06:50 --------- d-----w c:\program files\DVDVideoSoft
2008-11-08 06:50 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-08 06:46 --------- d-----w c:\program files\FlvGrabber
2008-11-06 09:38 --------- d-----w c:\program files\NCH Software
2008-11-06 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-06 08:24 --------- d-----w c:\program files\WMR11
2008-11-06 05:43 --------- d-----w c:\documents and settings\Chris R\Application Data\Sytexis Software
2008-10-31 12:20 --------- d-----w c:\program files\Stardock
2008-10-31 12:20 --------- d-----w c:\program files\Common Files\Stardock
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 00:43 --------- d-----w c:\documents and settings\Chris R\Application Data\AdobeUM
2008-10-22 00:42 --------- d-----w c:\program files\Common Files\Adobe
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-30 01:13 92,064 ----a-w c:\documents and settings\Chris R\mqdmmdm.sys
2008-03-30 01:13 9,232 ----a-w c:\documents and settings\Chris R\mqdmmdfl.sys
2008-03-30 01:13 79,328 ----a-w c:\documents and settings\Chris R\mqdmserd.sys
2008-03-30 01:13 66,656 ----a-w c:\documents and settings\Chris R\mqdmbus.sys
2008-03-30 01:13 6,208 ----a-w c:\documents and settings\Chris R\mqdmcmnt.sys
2008-03-30 01:13 5,936 ----a-w c:\documents and settings\Chris R\mqdmwhnt.sys
2008-03-30 01:13 4,048 ----a-w c:\documents and settings\Chris R\mqdmcr.sys
2008-07-13 05:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 57344]
"ATI Scheduler "= "c:\program files\ATI Multimedia\MAIN\ATISched.EXE" [2006-10-31 26624]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289 "= "c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BtcMaestro "= "c:\program files\HP Multimedia Keyboard\KMaestro.exe" [2005-02-20 245760]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"COMODO Firewall Pro "= "c:\program files\Comodo\Firewall\CPF.exe" [2007-08-20 1115728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TV Card Remote Control Device Monitor "= "c:\windows\3xHybridRMT.exe" [2008-03-17 466944]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTHelper "= "CTHELPER.EXE" [2006-12-12 c:\windows\system32\CtHelper.exe]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-12-12 c:\windows\system32\Ctxfihlp.exe]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

c:\documents and settings\Chris R\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-31 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= ffdshow.ax

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ c:\windows\system32\aaclientv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare\\BearShare.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26860:TCP "= 26860:TCP:BitComet 26860 TCP
"26860:UDP "= 26860:UDP:BitComet 26860 UDP
"86:TCP "= 86:TCP:BroadCam Web Server

R0 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2006-05-17 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2006-05-17 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-22 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-22 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-03 24652]
R2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 3xHybrid;SAA7130 TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-21 716160]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2006-05-17 26752]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-12-16 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-12-16 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-08-15 23680]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2008-07-21 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-07-21 25984]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-06-21 16512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56629c2a-e877-11da-87ff-00508d7e5d8d}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede2e0c-5527-11dd-b174-00508d7e5d8d}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-ATI Launchpad - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-RRT-Auto - c:\documents and settings\Chris R\Desktop\RRT.exe
SharedTaskScheduler-IPC Configuration Utility - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\iiscomplib2.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn9020.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\AmiDicomDirTreeView21.ocx
c:\windows\Downloaded Program Files\AmiViewerLite21.ocx
O16 -: {FC11A119-C2F7-46F4-9E32-937ABA26816E}
file://e:\cdviewer\CdViewer.cab
c:\windows\Downloaded Program Files\cdviewer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 02:08:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-19 2:10:02
ComboFix-quarantined-files.txt 2008-12-19 08:09:21

Pre-Run: 43,111,587,840 bytes free
Post-Run: 45,659,107,328 bytes free

242 --- E O F --- 2008-12-18 16:36:06

 

Highlight and copy the contents of the code box below.

Code:

reg query HKLM\system\currentcontrolset\control\lsa>lsa.txt
start notepad lsa.txt
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own and lsa.txt will open. Post it's contents here.

 

well lsa.txt popped up after i right clicked, didnt even let me paste it, here it is:

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Bounds REG_BINARY 0030000000200000
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x1
LsaPid REG_DWORD 0x2e8
SecureBoot REG_DWORD 0x1
auditbaseobjects REG_DWORD 0x0
crashonauditfail REG_DWORD 0x0
disabledomaincreds REG_DWORD 0x0
everyoneincludesanonymous REG_DWORD 0x0
fipsalgorithmpolicy REG_DWORD 0x0
forceguest REG_DWORD 0x1
fullprivilegeauditing REG_BINARY 00
limitblankpassworduse REG_DWORD 0x1
lmcompatibilitylevel REG_DWORD 0x0
nodefaultadminowner REG_DWORD 0x1
nolmhash REG_DWORD 0x0
restrictanonymous REG_DWORD 0x0
restrictanonymoussam REG_DWORD 0x1
Notification Packages REG_MULTI_SZ scecli\0\0
enabledcom REG_SZ y
UpdateWin REG_SZ C:\WINDOWS\system32\aaclientv.exe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\AccessProviders

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Audit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Data

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\GBG

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\JD

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Kerberos

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\msv1_0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\Skew1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SSO

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\SspiCache

 

oh and this popped up today, its popped up before and i chose to delete yet it popped up again http://i129.photobucket.com/albums/p238/bronskater/bullshit.jpg

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/79685-active-wont-let-me-customize-backround.html#post433167

Collect::
c:\windows\system32\aaclientv.exe
c:\windows\odb.exe
FileLook::
c:\documents and settings\Chris R\mqdmmdm.sys
c:\documents and settings\Chris R\mqdmmdfl.sys
c:\documents and settings\Chris R\mqdmserd.sys
c:\documents and settings\Chris R\mqdmbus.sys
c:\documents and settings\Chris R\mqdmcmnt.sys
c:\documents and settings\Chris R\mqdmwhnt.sys
c:\documents and settings\Chris R\mqdmcr.sys
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
 "UpdateWin "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

 

ComboFix 08-12-21.04 - Chris R 2008-12-22 19:32:09.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2681 [GMT -6:00]
Running from: c:\documents and settings\Chris R\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris R\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\odb.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-18 23:11 . 2008-12-18 23:11 <DIR> d-------- c:\program files\Motorola
2008-12-18 21:40 . 2008-12-18 21:40 <DIR> d-------- C:\rsit
2008-12-18 21:40 . 2008-12-18 21:41 <DIR> d-------- c:\program files\trend micro
2008-12-18 03:48 . 2008-12-18 03:48 16,244 --a------ c:\windows\system32\rrt_is.wav
2008-12-18 03:48 . 2008-12-18 03:48 7,302 --a------ c:\windows\system32\rrt_vf.wav
2008-12-18 03:48 . 2008-12-18 03:48 7,148 --a------ c:\windows\system32\rrt_tv.wav
2008-12-18 03:48 . 2008-12-18 03:48 6,282 --a------ c:\windows\system32\rrt_tn.wav
2008-12-16 23:37 . 2008-08-21 18:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-12-16 23:37 . 2008-08-21 18:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-12-14 20:03 . 2008-12-18 23:11 <DIR> d-------- c:\program files\Motorola Phone Tools
2008-12-07 05:26 . 2008-12-07 05:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-25 22:06 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-25 22:06 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-25 00:41 . 2008-12-07 05:29 156 --a------ c:\windows\Twunk001.MTX
2008-11-25 00:41 . 2008-12-07 05:29 2 --a------ c:\windows\Twain001.Mtx
2008-11-25 00:41 . 2008-11-25 00:41 0 --a------ c:\windows\Twunk002.MTX
2008-11-25 00:40 . 2008-11-25 00:50 <DIR> d-------- c:\documents and settings\Chris R\Application Data\Sony
2008-11-25 00:37 . 2008-12-07 05:26 <DIR> d-------- c:\program files\Sony
2008-11-25 00:31 . 2008-11-25 00:31 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-25 00:31 . 2008-11-25 00:31 <DIR> d-------- c:\program files\MSBuild
2008-11-25 00:22 . 2008-11-25 00:22 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 02:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 09:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 05:07 --------- d-----w c:\program files\Avanquest update
2008-12-15 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-13 05:44 --------- d-----w c:\program files\SpywareBlaster
2008-12-02 03:19 --------- d-----w c:\documents and settings\Chris R\Application Data\Aim
2008-11-25 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2008-11-25 06:45 --------- d-----w c:\program files\Sony Setup
2008-11-24 10:13 --------- d-----w c:\program files\Java
2008-11-24 10:07 --------- d-----w c:\program files\Google Video
2008-11-16 23:14 --------- d-----w c:\program files\AIM6
2008-11-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-16 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-16 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-16 22:39 --------- d-----w c:\documents and settings\Chris R\Application Data\InstallShield
2008-11-16 22:36 24,192 ----a-w c:\documents and settings\Chris R\usbsermptxp.sys
2008-11-16 22:36 22,768 ----a-w c:\documents and settings\Chris R\usbsermpt.sys
2008-11-08 06:50 --------- d-----w c:\program files\DVDVideoSoft
2008-11-08 06:50 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-08 06:46 --------- d-----w c:\program files\FlvGrabber
2008-11-06 09:38 --------- d-----w c:\program files\NCH Software
2008-11-06 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-06 08:24 --------- d-----w c:\program files\WMR11
2008-11-06 05:43 --------- d-----w c:\documents and settings\Chris R\Application Data\Sytexis Software
2008-10-31 12:20 --------- d-----w c:\program files\Stardock
2008-10-31 12:20 --------- d-----w c:\program files\Common Files\Stardock
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-30 01:13 92,064 ----a-w c:\documents and settings\Chris R\mqdmmdm.sys
2008-03-30 01:13 9,232 ----a-w c:\documents and settings\Chris R\mqdmmdfl.sys
2008-03-30 01:13 79,328 ----a-w c:\documents and settings\Chris R\mqdmserd.sys
2008-03-30 01:13 66,656 ----a-w c:\documents and settings\Chris R\mqdmbus.sys
2008-03-30 01:13 6,208 ----a-w c:\documents and settings\Chris R\mqdmcmnt.sys
2008-03-30 01:13 5,936 ----a-w c:\documents and settings\Chris R\mqdmwhnt.sys
2008-03-30 01:13 4,048 ----a-w c:\documents and settings\Chris R\mqdmcr.sys
2008-07-13 05:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\documents and settings\Chris R\mqdmbus.sys ----
Company: MCCI
File Description: Motorola DM Composite Driver
File Version: V4.38
Product Name: Motorola DM Composite Driver
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmbus.sys
MD5: 6656fad6569c0d388c2ec76531c9f70f


---- c:\documents and settings\Chris R\mqdmcmnt.sys ----
Company: MCCI
File Description: Motorola USB DIAG (Windows 2000/XP support functions)
File Version: V4.38
Product Name: Motorola USB DIAG
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmcmnt.sys
MD5: 42bb364455e7eed396d5bdf0015fa921


---- c:\documents and settings\Chris R\mqdmcr.sys ----
Company: MCCI
File Description: Motorola USB DIAG (WDM Class Registry)
File Version: V4.38
Product Name: Motorola USB DIAG
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmcr.sys
MD5: 04865ee065b0602974dc1bfbf6b19069


---- c:\documents and settings\Chris R\mqdmmdfl.sys ----
Company: MCCI
File Description: Motorola USB Modem Filter
File Version: V4.38
Product Name: Motorola USB Modem Filter
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmmdfl.sys
MD5: d940989fbcece430d27c5e5371208d7e


---- c:\documents and settings\Chris R\mqdmmdm.sys ----
Company: MCCI
File Description: Motorola USB Modem
File Version: V4.38
Product Name: Motorola USB Modem
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmmdm.sys
MD5: ffbd4ff319b989f1ae47a1006acbd592


---- c:\documents and settings\Chris R\mqdmserd.sys ----
Company: MCCI
File Description: Motorola USB Diag
File Version: V4.38
Product Name: Motorola USB Diag
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmserd.sys
MD5: c7ad107ca4479478cade0d6aa66b7aca


---- c:\documents and settings\Chris R\mqdmwhnt.sys ----
Company: MCCI
File Description: Motorola DM Composite Driver (Windows 2000/XP support functions)
File Version: V4.38
Product Name: Motorola DM Composite Driver
Copyright: Copyright (c) 1997-2006 MCCI
Original file name: mqdmwhnt.sys
MD5: d2a3318d9ded8ed161219fdf11b258bb


((((((((((((((((((((((((((((( snapshot@2008-12-19_ 2.09.01.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-13 06:33:49 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
+ 2008-12-20 08:22:16 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
- 2008-12-18 14:30:58 628,616 ----a-w c:\windows\SoftwareDistribution\Download\Install\mpas-d.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 57344]
"ATI Scheduler "= "c:\program files\ATI Multimedia\MAIN\ATISched.EXE" [2006-10-31 26624]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289 "= "c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BtcMaestro "= "c:\program files\HP Multimedia Keyboard\KMaestro.exe" [2005-02-20 245760]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"COMODO Firewall Pro "= "c:\program files\Comodo\Firewall\CPF.exe" [2007-08-20 1115728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TV Card Remote Control Device Monitor "= "c:\windows\3xHybridRMT.exe" [2008-03-17 466944]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTHelper "= "CTHELPER.EXE" [2006-12-12 c:\windows\system32\CtHelper.exe]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-12-12 c:\windows\system32\Ctxfihlp.exe]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

c:\documents and settings\Chris R\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-31 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare\\BearShare.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26860:TCP "= 26860:TCP:BitComet 26860 TCP
"26860:UDP "= 26860:UDP:BitComet 26860 UDP
"86:TCP "= 86:TCP:BroadCam Web Server

R0 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2006-05-17 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2006-05-17 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-22 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-22 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-03 24652]
R2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 3xHybrid;SAA7130 TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-21 716160]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2006-05-17 26752]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2008-07-21 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-07-21 25984]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-06-21 16512]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-12-16 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-12-16 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-08-15 23680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56629c2a-e877-11da-87ff-00508d7e5d8d}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede2e0c-5527-11dd-b174-00508d7e5d8d}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\iiscomplib2.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn9020.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\AmiDicomDirTreeView21.ocx
c:\windows\Downloaded Program Files\AmiViewerLite21.ocx
O16 -: {FC11A119-C2F7-46F4-9E32-937ABA26816E}
file://e:\cdviewer\CdViewer.cab
c:\windows\Downloaded Program Files\cdviewer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 19:34:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(748)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-22 19:35:45
ComboFix-quarantined-files.txt 2008-12-23 01:35:07
ComboFix2.txt 2008-12-19 08:10:03

Pre-Run: 46,384,758,784 bytes free
Post-Run: 46,507,933,696 bytes free

285 --- E O F --- 2008-12-22 22:51:41






Logfile of HijackThis v1.99.1
Scan saved at 7:37:08 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP Multimedia Keyboard\KMaestro.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\3xHybridRMT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BtcMaestro] "C:\Program Files\HP Multimedia Keyboard\KMaestro.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\3xHybridRMT.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227593966702
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - file://E:\CDVIEWER\CdViewer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

 

Everything seem to be working normally again?

 

everything seems fine except i keep getting these threats popping up, although i update, scan and delete, more keep popping up, here are the latest:
http://i129.photobucket.com/albums/p238/bronskater/bullshit1.jpg

http://i129.photobucket.com/albums/p238/bronskater/bullshit2.jpg

oh and i did notice that the icons in my favorites are acting weird, like for the google link it shows the myspace icon, and some others change randomly sometimes, any thoughts?

 

Those infection warnings are in System Restore points. We'll deal with those once we've completed. Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot


Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.

 

ok i did the atf cleaner and here's the kasperksy report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 28, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 28, 2008 06:47:37
Records in database: 1523503
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 85883
Threat name: 4
Infected objects: 80
Suspicious objects: 0
Duration of the scan: 01:20:08


File name / Threat name / Threats count
C:\Documents and Settings\Chris R\Application Data\Sun\Java\Deployment\cache\6.0\25\1d9a4d9-5bd41c6e Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Chris R\My Documents\Download\freeripmp3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br 1
C:\QooBox\Quarantine\C\U.exe.vir Infected: Trojan-Downloader.Win32.FraudLoad.vecb 1
C:\QooBox\Quarantine\C\WINDOWS\vlc.exe.vir Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\QooBox\Quarantine\C\WINDOWS\wdmon.exe.vir Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0094223.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0097269.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0097372.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0584585.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0688634.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0735207.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0946641.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp0949799.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1223410.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1377944.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1603248.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1757762.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1828248.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1961355.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp1967167.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp2030482.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp2250429.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp2309141.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp2509189.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp2998253.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3127450.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3272638.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3521744.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3527657.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3527696.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3534793.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3675268.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3678317.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp3789204.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp4012274.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp4266520.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp4345261.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp4466119.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp4552290.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp4651792.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5087438.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5287046.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5294283.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5481723.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5487774.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5797840.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp5932028.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6016078.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6170560.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6216748.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6360262.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6621428.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6719395.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6764444.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp6782664.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7040213.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7047164.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7137393.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7195164.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7402378.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7457239.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7599459.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7734009.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp7909582.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp8069619.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp8075817.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp8153258.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp8472833.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp8678473.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp8785099.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9159859.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9237360.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9355489.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9459437.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9472904.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9563020.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9569971.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9759603.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9821047.log Infected: Trojan-Clicker.Win32.Osewlone.i 1
C:\WINDOWS\tmp9897783.log Infected: Trojan-Clicker.Win32.Osewlone.i 1

The selected area was scanned.

 

Once again, disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\tmp0094223.log
C:\WINDOWS\tmp0097269.log
C:\WINDOWS\tmp0097372.log
C:\WINDOWS\tmp0584585.log
C:\WINDOWS\tmp0688634.log
C:\WINDOWS\tmp0735207.log
C:\WINDOWS\tmp0946641.log
C:\WINDOWS\tmp0949799.log
C:\WINDOWS\tmp1223410.log
C:\WINDOWS\tmp1377944.log
C:\WINDOWS\tmp1603248.log
C:\WINDOWS\tmp1757762.log
C:\WINDOWS\tmp1828248.log
C:\WINDOWS\tmp1961355.log
C:\WINDOWS\tmp1967167.log
C:\WINDOWS\tmp2030482.log
C:\WINDOWS\tmp2250429.log
C:\WINDOWS\tmp2309141.log
C:\WINDOWS\tmp2509189.log
C:\WINDOWS\tmp2998253.log
C:\WINDOWS\tmp3127450.log
C:\WINDOWS\tmp3272638.log
C:\WINDOWS\tmp3521744.log
C:\WINDOWS\tmp3527657.log
C:\WINDOWS\tmp3527696.log
C:\WINDOWS\tmp3534793.log
C:\WINDOWS\tmp3675268.log
C:\WINDOWS\tmp3678317.log
C:\WINDOWS\tmp3789204.log
C:\WINDOWS\tmp4012274.log
C:\WINDOWS\tmp4266520.log
C:\WINDOWS\tmp4345261.log
C:\WINDOWS\tmp4466119.log
C:\WINDOWS\tmp4552290.log
C:\WINDOWS\tmp4651792.log
C:\WINDOWS\tmp5087438.log
C:\WINDOWS\tmp5287046.log
C:\WINDOWS\tmp5294283.log
C:\WINDOWS\tmp5481723.log
C:\WINDOWS\tmp5487774.log
C:\WINDOWS\tmp5797840.log
C:\WINDOWS\tmp5932028.log
C:\WINDOWS\tmp6016078.log
C:\WINDOWS\tmp6170560.log
C:\WINDOWS\tmp6216748.log
C:\WINDOWS\tmp6360262.log
C:\WINDOWS\tmp6621428.log
C:\WINDOWS\tmp6719395.log
C:\WINDOWS\tmp6764444.log
C:\WINDOWS\tmp6782664.log
C:\WINDOWS\tmp7040213.log
C:\WINDOWS\tmp7047164.log
C:\WINDOWS\tmp7137393.log
C:\WINDOWS\tmp7195164.log
C:\WINDOWS\tmp7402378.log
C:\WINDOWS\tmp7457239.log
C:\WINDOWS\tmp7599459.log
C:\WINDOWS\tmp7734009.log
C:\WINDOWS\tmp7909582.log
C:\WINDOWS\tmp8069619.log
C:\WINDOWS\tmp8075817.log
C:\WINDOWS\tmp8153258.log
C:\WINDOWS\tmp8472833.log
C:\WINDOWS\tmp8678473.log
C:\WINDOWS\tmp8785099.log
C:\WINDOWS\tmp9159859.log
C:\WINDOWS\tmp9237360.log
C:\WINDOWS\tmp9355489.log
C:\WINDOWS\tmp9459437.log
C:\WINDOWS\tmp9472904.log
C:\WINDOWS\tmp9563020.log
C:\WINDOWS\tmp9569971.log
C:\WINDOWS\tmp9759603.log
C:\WINDOWS\tmp9821047.log
C:\WINDOWS\tmp9897783.log

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

 

ComboFix 08-12-21.04 - Chris R 2008-12-28 20:56:56.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2482 [GMT -6:00]
Running from: c:\documents and settings\Chris R\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris R\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\tmp0094223.log
c:\windows\tmp0097269.log
c:\windows\tmp0097372.log
c:\windows\tmp0584585.log
c:\windows\tmp0688634.log
c:\windows\tmp0735207.log
c:\windows\tmp0946641.log
c:\windows\tmp0949799.log
c:\windows\tmp1223410.log
c:\windows\tmp1377944.log
c:\windows\tmp1603248.log
c:\windows\tmp1757762.log
c:\windows\tmp1828248.log
c:\windows\tmp1961355.log
c:\windows\tmp1967167.log
c:\windows\tmp2030482.log
c:\windows\tmp2250429.log
c:\windows\tmp2309141.log
c:\windows\tmp2509189.log
c:\windows\tmp2998253.log
c:\windows\tmp3127450.log
c:\windows\tmp3272638.log
c:\windows\tmp3521744.log
c:\windows\tmp3527657.log
c:\windows\tmp3527696.log
c:\windows\tmp3534793.log
c:\windows\tmp3675268.log
c:\windows\tmp3678317.log
c:\windows\tmp3789204.log
c:\windows\tmp4012274.log
c:\windows\tmp4266520.log
c:\windows\tmp4345261.log
c:\windows\tmp4466119.log
c:\windows\tmp4552290.log
c:\windows\tmp4651792.log
c:\windows\tmp5087438.log
c:\windows\tmp5287046.log
c:\windows\tmp5294283.log
c:\windows\tmp5481723.log
c:\windows\tmp5487774.log
c:\windows\tmp5797840.log
c:\windows\tmp5932028.log
c:\windows\tmp6016078.log
c:\windows\tmp6170560.log
c:\windows\tmp6216748.log
c:\windows\tmp6360262.log
c:\windows\tmp6621428.log
c:\windows\tmp6719395.log
c:\windows\tmp6764444.log
c:\windows\tmp6782664.log
c:\windows\tmp7040213.log
c:\windows\tmp7047164.log
c:\windows\tmp7137393.log
c:\windows\tmp7195164.log
c:\windows\tmp7402378.log
c:\windows\tmp7457239.log
c:\windows\tmp7599459.log
c:\windows\tmp7734009.log
c:\windows\tmp7909582.log
c:\windows\tmp8069619.log
c:\windows\tmp8075817.log
c:\windows\tmp8153258.log
c:\windows\tmp8472833.log
c:\windows\tmp8678473.log
c:\windows\tmp8785099.log
c:\windows\tmp9159859.log
c:\windows\tmp9237360.log
c:\windows\tmp9355489.log
c:\windows\tmp9459437.log
c:\windows\tmp9472904.log
c:\windows\tmp9563020.log
c:\windows\tmp9569971.log
c:\windows\tmp9759603.log
c:\windows\tmp9821047.log
c:\windows\tmp9897783.log
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\tmp0094223.log
c:\windows\tmp0097269.log
c:\windows\tmp0097372.log
c:\windows\tmp0584585.log
c:\windows\tmp0688634.log
c:\windows\tmp0735207.log
c:\windows\tmp0946641.log
c:\windows\tmp0949799.log
c:\windows\tmp1223410.log
c:\windows\tmp1377944.log
c:\windows\tmp1603248.log
c:\windows\tmp1757762.log
c:\windows\tmp1828248.log
c:\windows\tmp1961355.log
c:\windows\tmp1967167.log
c:\windows\tmp2030482.log
c:\windows\tmp2250429.log
c:\windows\tmp2309141.log
c:\windows\tmp2509189.log
c:\windows\tmp2998253.log
c:\windows\tmp3127450.log
c:\windows\tmp3272638.log
c:\windows\tmp3521744.log
c:\windows\tmp3527657.log
c:\windows\tmp3527696.log
c:\windows\tmp3534793.log
c:\windows\tmp3675268.log
c:\windows\tmp3678317.log
c:\windows\tmp3789204.log
c:\windows\tmp4012274.log
c:\windows\tmp4266520.log
c:\windows\tmp4345261.log
c:\windows\tmp4466119.log
c:\windows\tmp4552290.log
c:\windows\tmp4651792.log
c:\windows\tmp5087438.log
c:\windows\tmp5287046.log
c:\windows\tmp5294283.log
c:\windows\tmp5481723.log
c:\windows\tmp5487774.log
c:\windows\tmp5797840.log
c:\windows\tmp5932028.log
c:\windows\tmp6016078.log
c:\windows\tmp6170560.log
c:\windows\tmp6216748.log
c:\windows\tmp6360262.log
c:\windows\tmp6621428.log
c:\windows\tmp6719395.log
c:\windows\tmp6764444.log
c:\windows\tmp6782664.log
c:\windows\tmp7040213.log
c:\windows\tmp7047164.log
c:\windows\tmp7137393.log
c:\windows\tmp7195164.log
c:\windows\tmp7402378.log
c:\windows\tmp7457239.log
c:\windows\tmp7599459.log
c:\windows\tmp7734009.log
c:\windows\tmp7909582.log
c:\windows\tmp8069619.log
c:\windows\tmp8075817.log
c:\windows\tmp8153258.log
c:\windows\tmp8472833.log
c:\windows\tmp8678473.log
c:\windows\tmp8785099.log
c:\windows\tmp9159859.log
c:\windows\tmp9237360.log
c:\windows\tmp9355489.log
c:\windows\tmp9459437.log
c:\windows\tmp9472904.log
c:\windows\tmp9563020.log
c:\windows\tmp9569971.log
c:\windows\tmp9759603.log
c:\windows\tmp9821047.log
c:\windows\tmp9897783.log

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-18 23:11 . 2008-12-18 23:11 <DIR> d-------- c:\program files\Motorola
2008-12-18 21:40 . 2008-12-18 21:40 <DIR> d-------- C:\rsit
2008-12-18 21:40 . 2008-12-18 21:41 <DIR> d-------- c:\program files\trend micro
2008-12-18 03:48 . 2008-12-18 03:48 16,244 --a------ c:\windows\system32\rrt_is.wav
2008-12-18 03:48 . 2008-12-18 03:48 7,302 --a------ c:\windows\system32\rrt_vf.wav
2008-12-18 03:48 . 2008-12-18 03:48 7,148 --a------ c:\windows\system32\rrt_tv.wav
2008-12-18 03:48 . 2008-12-18 03:48 6,282 --a------ c:\windows\system32\rrt_tn.wav
2008-12-16 23:37 . 2008-08-21 18:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-12-16 23:37 . 2008-08-21 18:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-12-14 20:03 . 2008-12-18 23:11 <DIR> d-------- c:\program files\Motorola Phone Tools
2008-12-07 05:26 . 2008-12-07 05:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 02:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 09:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 05:07 --------- d-----w c:\program files\Avanquest update
2008-12-15 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-12-13 05:44 --------- d-----w c:\program files\SpywareBlaster
2008-12-07 11:26 --------- d-----w c:\program files\Sony
2008-12-02 03:19 --------- d-----w c:\documents and settings\Chris R\Application Data\Aim
2008-11-25 08:04 --------- d-----w c:\documents and settings\All Users\Application Data\ATI MMC
2008-11-25 06:50 --------- d-----w c:\documents and settings\Chris R\Application Data\Sony
2008-11-25 06:45 --------- d-----w c:\program files\Sony Setup
2008-11-25 06:31 --------- d-----w c:\program files\MSBuild
2008-11-25 06:22 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-24 10:13 --------- d-----w c:\program files\Java
2008-11-24 10:07 --------- d-----w c:\program files\Google Video
2008-11-16 23:14 --------- d-----w c:\program files\AIM6
2008-11-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-16 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-16 23:13 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-16 22:39 --------- d-----w c:\documents and settings\Chris R\Application Data\InstallShield
2008-11-16 22:36 24,192 ----a-w c:\documents and settings\Chris R\usbsermptxp.sys
2008-11-16 22:36 22,768 ----a-w c:\documents and settings\Chris R\usbsermpt.sys
2008-11-08 06:50 --------- d-----w c:\program files\DVDVideoSoft
2008-11-08 06:50 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-08 06:46 --------- d-----w c:\program files\FlvGrabber
2008-11-06 09:38 --------- d-----w c:\program files\NCH Software
2008-11-06 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Software
2008-11-06 08:24 --------- d-----w c:\program files\WMR11
2008-11-06 05:43 --------- d-----w c:\documents and settings\Chris R\Application Data\Sytexis Software
2008-10-31 12:20 --------- d-----w c:\program files\Stardock
2008-10-31 12:20 --------- d-----w c:\program files\Common Files\Stardock
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-30 01:13 92,064 ----a-w c:\documents and settings\Chris R\mqdmmdm.sys
2008-03-30 01:13 9,232 ----a-w c:\documents and settings\Chris R\mqdmmdfl.sys
2008-03-30 01:13 79,328 ----a-w c:\documents and settings\Chris R\mqdmserd.sys
2008-03-30 01:13 66,656 ----a-w c:\documents and settings\Chris R\mqdmbus.sys
2008-03-30 01:13 6,208 ----a-w c:\documents and settings\Chris R\mqdmcmnt.sys
2008-03-30 01:13 5,936 ----a-w c:\documents and settings\Chris R\mqdmwhnt.sys
2008-03-30 01:13 4,048 ----a-w c:\documents and settings\Chris R\mqdmcr.sys
2008-07-13 05:56 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071320080714\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-19_ 2.09.01.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-13 06:33:49 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
+ 2008-12-20 08:22:16 102,400 ----a-r c:\windows\Installer\{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}\iTunesIco.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"ATI DeviceDetect "= "c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2006-10-31 57344]
"ATI Scheduler "= "c:\program files\ATI Multimedia\MAIN\ATISched.EXE" [2006-10-31 26624]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289 "= "c:\program files\ULI5289\ALi5289.exe" [2005-03-10 405504]
"UpdReg "= "c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BtcMaestro "= "c:\program files\HP Multimedia Keyboard\KMaestro.exe" [2005-02-20 245760]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"COMODO Firewall Pro "= "c:\program files\Comodo\Firewall\CPF.exe" [2007-08-20 1115728]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TV Card Remote Control Device Monitor "= "c:\windows\3xHybridRMT.exe" [2008-03-17 466944]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTHelper "= "CTHELPER.EXE" [2006-12-12 c:\windows\system32\CtHelper.exe]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-12-12 c:\windows\system32\Ctxfihlp.exe]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

c:\documents and settings\Chris R\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-31 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds "= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BearShare\\BearShare.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26860:TCP "= 26860:TCP:BitComet 26860 TCP
"26860:UDP "= 26860:UDP:BitComet 26860 UDP
"86:TCP "= 86:TCP:BroadCam Web Server

R0 m5289;m5289;c:\windows\system32\DRIVERS\m5289.sys [2006-05-17 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\DRIVERS\agpkx.sys [2006-05-17 45056]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-06-22 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-06-22 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-03 24652]
R2 WinDefend;Windows Defender; "c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 3xHybrid;SAA7130 TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-07-21 716160]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2006-05-17 26752]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-12-16 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-12-16 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-08-15 23680]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\DRIVERS\SAA713x.sys [2008-07-21 279552]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [2008-07-21 25984]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-06-21 16512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56629c2a-e877-11da-87ff-00508d7e5d8d}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede2e0c-5527-11dd-b174-00508d7e5d8d}]
\Shell\AutoRun\command - wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank

c:\windows\Downloaded Program Files\IR87.txt - c:\windows\Downloaded Program Files\IR6.txt
c:\windows\Downloaded Program Files\IR159.txt
c:\windows\Downloaded Program Files\IR149.txt
c:\windows\Downloaded Program Files\IR148.txt
c:\windows\Downloaded Program Files\IR144.txt
c:\windows\Downloaded Program Files\IR14.txt
c:\windows\Downloaded Program Files\IR138.txt
c:\windows\Downloaded Program Files\IR13.txt
c:\windows\Downloaded Program Files\IR127.txt
c:\windows\Downloaded Program Files\IR126.txt
c:\windows\Downloaded Program Files\IR110.txt
c:\windows\Downloaded Program Files\IR109.txt
c:\windows\Downloaded Program Files\IR101.txt
c:\windows\Downloaded Program Files\IR100.txt
c:\windows\Downloaded Program Files\dict.dat
c:\windows\Downloaded Program Files\unicows.dll
c:\windows\Downloaded Program Files\iiscomplib2.dll
c:\windows\Downloaded Program Files\picn6320.dll
c:\windows\Downloaded Program Files\picn9120.dll
c:\windows\Downloaded Program Files\picn9020.dll
c:\windows\Downloaded Program Files\picn20.dll
c:\windows\Downloaded Program Files\AmiDicomDirTreeView21.ocx
c:\windows\Downloaded Program Files\AmiViewerLite21.ocx
O16 -: {FC11A119-C2F7-46F4-9E32-937ABA26816E}
file://e:\cdviewer\CdViewer.cab
c:\windows\Downloaded Program Files\cdviewer.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 20:58:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2008-12-28 20:59:51
ComboFix-quarantined-files.txt 2008-12-29 02:59:15
ComboFix2.txt 2008-12-23 01:35:46
ComboFix3.txt 2008-12-19 08:10:03

Pre-Run: 45,948,682,240 bytes free
Post-Run: 46,179,487,744 bytes free

370 --- E O F --- 2008-12-26 07:25:58

 

Looks good. Provided everything is working as it should, nothing left to do but cleanup. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
Delete RSIT.exe and the C:\rsit folder.
You can delete any other logs that were created/saved too.
Empty the recycle bin when done.

 

all done, everything seems to be working great, thanks a million, I really appreciate it!!!

 

Glad to hear that. You're very welcome. Geri has posted some very helpful information and recommendations regarding future protection in the following link.

http://www.windowsbbs.com/showthread.php?t=67958

Surf safe!