Tech Support Forum - View Single Post - Pop Up Ads / Vista seems to run slower than before

Lionet · 11-05-2008, 11:43 AM

My ComboFix Log:

ComboFix 08-11-04.02 - Ally 2008-11-05 13:22:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1102 [GMT -5:00]
Running from: c:\users\Ally\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\resycled\boot.com
c:\users\Ally\Documents\My Documents.url
c:\windows\system32\UpMedia

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-04 19:12 . 2008-11-04 19:12 <DIR> d-------- c:\program files\CrossLoop
2008-11-01 14:07 . 2008-11-01 14:07 <DIR> d-------- c:\program files\Trend Micro
2008-10-28 12:06 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-26 11:18 . 2008-11-05 13:25 <DIR> d-------- c:\users\Ally\AppData\Roaming\uTorrent
2008-10-26 11:18 . 2008-10-26 11:18 <DIR> d-------- c:\program files\uTorrent
2008-10-14 16:57 . 2008-10-01 22:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-14 16:57 . 2008-08-26 20:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-14 16:56 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-14 16:56 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-14 16:56 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-14 16:56 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-14 15:45 . 2008-10-14 15:45 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\program files\iTunes
2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\program files\iPod
2008-10-12 18:59 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2008-10-12 18:59 . 2008-04-17 12:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2008-10-12 18:56 . 2008-10-12 18:57 <DIR> d-------- c:\program files\QuickTime
2008-10-10 10:38 . 2008-10-10 10:38 <DIR> d-------- c:\users\All Users\Yahoo! Games
2008-10-10 10:38 . 2008-10-10 10:38 <DIR> d-------- c:\programdata\Yahoo! Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 14:40 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-10-31 22:26 --------- d-----w c:\programdata\SecTaskMan
2008-10-31 21:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-29 22:01 --------- d-----w c:\users\Ally\AppData\Roaming\LimeWire
2008-10-29 20:15 --------- d-----w c:\program files\LimeWire
2008-10-24 18:01 --------- d-----w c:\users\Ally\AppData\Roaming\OpenOffice.org2
2008-10-21 02:59 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-15 02:12 --------- d-----w c:\programdata\Microsoft Help
2008-10-12 23:57 --------- d-----w c:\program files\Bonjour
2008-10-12 23:56 --------- d-----w c:\program files\Common Files\Apple
2008-10-10 15:37 --------- d-----w c:\program files\Yahoo! Games
2008-10-03 00:23 174 --sha-w c:\program files\desktop.ini
2008-10-03 00:12 --------- d-----w c:\program files\Windows Sidebar
2008-10-03 00:12 --------- d-----w c:\program files\Windows Photo Gallery
2008-10-03 00:12 --------- d-----w c:\program files\Windows Mail
2008-10-03 00:12 --------- d-----w c:\program files\Windows Journal
2008-10-03 00:12 --------- d-----w c:\program files\Windows Defender
2008-10-03 00:12 --------- d-----w c:\program files\Windows Collaboration
2008-10-03 00:12 --------- d-----w c:\program files\Windows Calendar
2008-10-02 23:51 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-10-02 23:51 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-10-02 23:31 --------- d-----w c:\program files\Java
2008-09-11 15:29 --------- d-----w c:\program files\Microsoft Works
2008-08-29 14:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-07-29 20:38 1,004 ----a-w c:\program files\config.ini
2008-07-23 23:36 615,424 ----a-w c:\program files\ApRadar.exe
2008-07-23 23:36 32,768 ----a-w c:\program files\FFXIMemory.dll
2008-07-23 23:36 155,648 ----a-w c:\program files\ApneaControls.dll
2008-02-11 17:38 122 ----a-w c:\users\Ally\AppData\Roaming\wklnhst.dat
2007-05-03 13:23 442,368 ----a-w c:\users\Ally\ApRadar.exe
2007-03-08 20:41 217,088 ----a-w c:\program files\ApUpdater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-26 270128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 c:\windows\sttray.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-21 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Users^Ally^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 15:21 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 04:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 16:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 12:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 16:46 709992 c:\windows\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-837059545-616770465-622163208-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4525BE82-D01E-42CC-9832-1EAB7989FBB5}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{91637847-9106-4605-B103-43AA0561E9FF}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{7B8E6716-BE71-4698-BCEA-910C6451D54C}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{1B034418-4506-4C8F-9487-8412BDDEB335}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{6C48D5CD-8C44-46CE-BFEF-D4AE68C6D78F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{66F6A381-52B4-460B-95B2-838AFCCF7F08}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{B3FC0B66-4E66-4AB6-A390-B9691379D1BE}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"UDP Query User{64D3E69A-05B5-409C-AE59-B558FCC925B3}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"TCP Query User{709995F6-905F-4CC6-BA66-95F8D836DCC2}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{DD7B15E5-665D-450A-82D3-2835BF6D6B2A}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{4EDD8B9F-CE88-4418-9ABE-2B4A0E1CF83E}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"UDP Query User{FF56311D-C7D0-4F6C-8CEB-B2AFD615BDBC}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"{C3FAE276-B457-450C-AB86-2916E2464E14}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{10B333CC-71B8-4BBC-A295-A5F8542216EF}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{7D4DAC30-121C-4660-9B15-8C41A849B4E3}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{52598A37-7000-45D0-BC1C-10C2305F0935}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{E426FA6A-1D16-449F-81DA-8842CA53F32A}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{A84BA074-94A3-4A4C-8088-25A746489CB7}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{FE1C412D-5DA3-45C8-BC63-8BDEE629B3CA}c:\\program files\\yahoo! games\\rock and roll jeopardy!\\rock & roll jeopardy!.exe"= UDP:c:\program files\yahoo! games\rock and roll jeopardy!\rock & roll jeopardy!.exe:Rock & Roll JEOPARDY!
"UDP Query User{2C053A59-44B2-4B77-9E3E-B8E3E05CF3E4}c:\\program files\\yahoo! games\\rock and roll jeopardy!\\rock & roll jeopardy!.exe"= TCP:c:\program files\yahoo! games\rock and roll jeopardy!\rock & roll jeopardy!.exe:Rock & Roll JEOPARDY!
"TCP Query User{94AF029F-CB61-4A04-939E-6B5FC57A2B0E}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{DAC18F2C-FEB5-4B64-8CFF-486487C67233}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{9C8A6992-68D2-4090-A8E2-ABF29E1B5233}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{B78D621A-877F-4359-9965-EC7D225F30B1}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{A90219DC-82E0-4559-802E-350F8F837EA9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D7D429EC-1F0D-4324-AF91-A3AD4B1ED136}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C544AA85-E85F-4819-A263-66C898C73C9E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A17B1401-F4A6-4D79-946B-20259BB5B74F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{B1CD4C24-D7A5-4870-AB14-FEC4190EB991}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8618261C-FEF9-4546-8CE6-D0BFD053F642}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C214B0C9-331C-450A-923E-B671D16544C3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{570BF0AD-3993-497D-B77D-E1D23464A175}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9ECB2525-B34D-4D20-B90F-EB3D899E9E41}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5AE910C4-3638-4E9B-BDC7-472D3C465626}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{01722F1C-90BC-4298-8316-B5725CD7CD3B}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{D9DC8163-2D95-4BA1-92CE-2EE66484FA11}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"{3FF97F9A-D386-415A-B587-F98E20DF21B9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{94A6E40A-CAD3-42AE-8D92-3125A62CCA8F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7A92FA1A-8F1C-4C86-8AC4-BD01CC19F0DA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B9796DE7-355C-4525-AEF7-414E41B1AECF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C3FDBA85-916A-41EC-ABF3-77A80085F5D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0D0BB0BD-4DA8-449C-B88A-65AE970A186C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{43D3860E-2A5C-4711-AD49-3A4512ED58B5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4903ED70-89D1-4859-8C11-CB160D82E0C0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F1455237-187D-45D0-8B23-E195618BA0C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{7FA12038-7BD6-4BAF-9F29-248D4783B175}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B976F9F7-034E-4BF3-B189-81EAAE7E5FA8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{83BF3E55-1D01-4107-BDE2-2A4CDB51F485}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{DA4AB036-71E9-47F7-BA84-D4FC24468C4B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{2DA802FE-FF53-4C73-8B2F-6CD094905D36}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"UDP Query User{5DA94E35-DABD-4A4D-A3F9-BB2B9E90C146}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing
"TCP Query User{3295AD20-4831-4392-89C5-C27EAD390397}c:\\users\\ally\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\ally\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octosh...:octoshape.exe
"UDP Query User{CCB745BE-CC7E-4149-9CF5-CB4026735FD3}c:\\users\\ally\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\ally\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octosh...:octoshape.exe

R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-08-14 2593280]
S2 Windows Tribute Service;Windows Tribute Service;c:\windows\system32\kdkge.exe [ ]
S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-02-20 87288]
S3 UMPass;Microsoft UMPass Driver;c:\windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa8253e-17ce-11dd-b2b0-001c2399b138}]
\shell\AutoRun\command - G:\Autorun.exe /run
\shell\Shell00\Command - G:\Autorun.exe /run
\shell\Shell01\Command - G:\Autorun.exe /action
\shell\Shell02\Command - G:\Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c39115c1-0b2d-11dd-b117-001c2399b138}]
\shell\AutoRun\command - F:\SETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\User_Feed_Synchronization-{29AA11B2-594C-47F7-BCB0-C22DF6A1BF61}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\s53gr00m.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?source=gama
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npagent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\SceneCaster\Version 3.11.16\NPSceneCaster.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - c:\users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\s53gr00m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 13:26:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-05 13:28:26
ComboFix-quarantined-files.txt 2008-11-05 18:28:23

Pre-Run: 21,073,391,616 bytes free
Post-Run: 21,037,342,720 bytes free

235 --- E O F --- 2008-10-29 02:00:37

My HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:36 PM, on 11/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkge.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8244 bytes

Thank you for your help. I did recieve a blue screen after running ComboFix but all is fine at the moment. Haven't waited long enough to see about pop ups.

11-05-2008, 11:43 AM	#3 (permalink)
Lionet Registered User Join Date: Nov 2006 Posts: 18 OS: WinXP	Re: Pop Up Ads / Vista seems to run slower than before My ComboFix Log: ComboFix 08-11-04.02 - Ally 2008-11-05 13:22:32.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1102 [GMT -5:00] Running from: c:\users\Ally\Downloads\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\resycled c:\resycled\boot.com c:\users\Ally\Documents\My Documents.url c:\windows\system32\UpMedia . ((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))) . 2008-11-04 19:12 . 2008-11-04 19:12 <DIR> d-------- c:\program files\CrossLoop 2008-11-01 14:07 . 2008-11-01 14:07 <DIR> d-------- c:\program files\Trend Micro 2008-10-28 12:06 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-26 11:18 . 2008-11-05 13:25 <DIR> d-------- c:\users\Ally\AppData\Roaming\uTorrent 2008-10-26 11:18 . 2008-10-26 11:18 <DIR> d-------- c:\program files\uTorrent 2008-10-14 16:57 . 2008-10-01 22:49 827,392 --a------ c:\windows\System32\wininet.dll 2008-10-14 16:57 . 2008-08-26 20:06 288,768 --a------ c:\windows\System32\drivers\srv.sys 2008-10-14 16:56 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-14 16:56 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-14 16:56 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys 2008-10-14 16:56 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-10-14 15:45 . 2008-10-14 15:45 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d----c--- c:\windows\System32\DRVSTORE 2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\program files\iTunes 2008-10-12 18:59 . 2008-10-12 18:59 <DIR> d-------- c:\program files\iPod 2008-10-12 18:59 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-10-12 18:59 . 2008-04-17 12:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-10-12 18:56 . 2008-10-12 18:57 <DIR> d-------- c:\program files\QuickTime 2008-10-10 10:38 . 2008-10-10 10:38 <DIR> d-------- c:\users\All Users\Yahoo! Games 2008-10-10 10:38 . 2008-10-10 10:38 <DIR> d-------- c:\programdata\Yahoo! Games . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 14:40 --------- d-----w c:\programdata\Spybot - Search & Destroy 2008-10-31 22:26 --------- d-----w c:\programdata\SecTaskMan 2008-10-31 21:38 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-29 22:01 --------- d-----w c:\users\Ally\AppData\Roaming\LimeWire 2008-10-29 20:15 --------- d-----w c:\program files\LimeWire 2008-10-24 18:01 --------- d-----w c:\users\Ally\AppData\Roaming\OpenOffice.org2 2008-10-21 02:59 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-15 02:12 --------- d-----w c:\programdata\Microsoft Help 2008-10-12 23:57 --------- d-----w c:\program files\Bonjour 2008-10-12 23:56 --------- d-----w c:\program files\Common Files\Apple 2008-10-10 15:37 --------- d-----w c:\program files\Yahoo! Games 2008-10-03 00:23 174 --sha-w c:\program files\desktop.ini 2008-10-03 00:12 --------- d-----w c:\program files\Windows Sidebar 2008-10-03 00:12 --------- d-----w c:\program files\Windows Photo Gallery 2008-10-03 00:12 --------- d-----w c:\program files\Windows Mail 2008-10-03 00:12 --------- d-----w c:\program files\Windows Journal 2008-10-03 00:12 --------- d-----w c:\program files\Windows Defender 2008-10-03 00:12 --------- d-----w c:\program files\Windows Collaboration 2008-10-03 00:12 --------- d-----w c:\program files\Windows Calendar 2008-10-02 23:51 82,432 ----a-w c:\windows\System32\axaltocm.dll 2008-10-02 23:51 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2008-10-02 23:31 --------- d-----w c:\program files\Java 2008-09-11 15:29 --------- d-----w c:\program files\Microsoft Works 2008-08-29 14:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-08-29 13:53 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-07-29 20:38 1,004 ----a-w c:\program files\config.ini 2008-07-23 23:36 615,424 ----a-w c:\program files\ApRadar.exe 2008-07-23 23:36 32,768 ----a-w c:\program files\FFXIMemory.dll 2008-07-23 23:36 155,648 ----a-w c:\program files\ApneaControls.dll 2008-02-11 17:38 122 ----a-w c:\users\Ally\AppData\Roaming\wklnhst.dat 2007-05-03 13:23 442,368 ----a-w c:\users\Ally\ApRadar.exe 2007-03-08 20:41 217,088 ----a-w c:\program files\ApUpdater.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-26 270128] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SigmatelSysTrayApp"="sttray.exe" [2007-03-06 c:\windows\sttray.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-21 50688] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\startupfolder\C:^Users^Ally^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Ally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-03-25 15:21 50528 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 04:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] --a------ 2007-05-17 16:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] --a------ 2006-11-05 12:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] --a------ 2007-04-10 16:46 709992 c:\windows\vVX1000.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-837059545-616770465-622163208-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4525BE82-D01E-42CC-9832-1EAB7989FBB5}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema "{91637847-9106-4605-B103-43AA0561E9FF}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program "{7B8E6716-BE71-4698-BCEA-910C6451D54C}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine "{1B034418-4506-4C8F-9487-8412BDDEB335}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server "{6C48D5CD-8C44-46CE-BFEF-D4AE68C6D78F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{66F6A381-52B4-460B-95B2-838AFCCF7F08}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{B3FC0B66-4E66-4AB6-A390-B9691379D1BE}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer "UDP Query User{64D3E69A-05B5-409C-AE59-B558FCC925B3}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer "TCP Query User{709995F6-905F-4CC6-BA66-95F8D836DCC2}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM "UDP Query User{DD7B15E5-665D-450A-82D3-2835BF6D6B2A}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM "TCP Query User{4EDD8B9F-CE88-4418-9ABE-2B4A0E1CF83E}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer "UDP Query User{FF56311D-C7D0-4F6C-8CEB-B2AFD615BDBC}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer "{C3FAE276-B457-450C-AB86-2916E2464E14}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{10B333CC-71B8-4BBC-A295-A5F8542216EF}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{7D4DAC30-121C-4660-9B15-8C41A849B4E3}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{52598A37-7000-45D0-BC1C-10C2305F0935}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "TCP Query User{E426FA6A-1D16-449F-81DA-8842CA53F32A}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM "UDP Query User{A84BA074-94A3-4A4C-8088-25A746489CB7}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM "TCP Query User{FE1C412D-5DA3-45C8-BC63-8BDEE629B3CA}c:\\program files\\yahoo! games\\rock and roll jeopardy!\\rock & roll jeopardy!.exe"= UDP:c:\program files\yahoo! games\rock and roll jeopardy!\rock & roll jeopardy!.exe:Rock & Roll JEOPARDY! "UDP Query User{2C053A59-44B2-4B77-9E3E-B8E3E05CF3E4}c:\\program files\\yahoo! games\\rock and roll jeopardy!\\rock & roll jeopardy!.exe"= TCP:c:\program files\yahoo! games\rock and roll jeopardy!\rock & roll jeopardy!.exe:Rock & Roll JEOPARDY! "TCP Query User{94AF029F-CB61-4A04-939E-6B5FC57A2B0E}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{DAC18F2C-FEB5-4B64-8CFF-486487C67233}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui "TCP Query User{9C8A6992-68D2-4090-A8E2-ABF29E1B5233}c:\\program files\\bittornado\\btdownloadgui.exe"= UDP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui "UDP Query User{B78D621A-877F-4359-9965-EC7D225F30B1}c:\\program files\\bittornado\\btdownloadgui.exe"= TCP:c:\program files\bittornado\btdownloadgui.exe:btdownloadgui "{A90219DC-82E0-4559-802E-350F8F837EA9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D7D429EC-1F0D-4324-AF91-A3AD4B1ED136}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C544AA85-E85F-4819-A263-66C898C73C9E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{A17B1401-F4A6-4D79-946B-20259BB5B74F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{B1CD4C24-D7A5-4870-AB14-FEC4190EB991}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{8618261C-FEF9-4546-8CE6-D0BFD053F642}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{C214B0C9-331C-450A-923E-B671D16544C3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{570BF0AD-3993-497D-B77D-E1D23464A175}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{9ECB2525-B34D-4D20-B90F-EB3D899E9E41}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{5AE910C4-3638-4E9B-BDC7-472D3C465626}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{01722F1C-90BC-4298-8316-B5725CD7CD3B}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian "UDP Query User{D9DC8163-2D95-4BA1-92CE-2EE66484FA11}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian "{3FF97F9A-D386-415A-B587-F98E20DF21B9}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{94A6E40A-CAD3-42AE-8D92-3125A62CCA8F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{7A92FA1A-8F1C-4C86-8AC4-BD01CC19F0DA}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{B9796DE7-355C-4525-AEF7-414E41B1AECF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{C3FDBA85-916A-41EC-ABF3-77A80085F5D6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0D0BB0BD-4DA8-449C-B88A-65AE970A186C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{43D3860E-2A5C-4711-AD49-3A4512ED58B5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4903ED70-89D1-4859-8C11-CB160D82E0C0}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{F1455237-187D-45D0-8B23-E195618BA0C1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{7FA12038-7BD6-4BAF-9F29-248D4783B175}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{B976F9F7-034E-4BF3-B189-81EAAE7E5FA8}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{83BF3E55-1D01-4107-BDE2-2A4CDB51F485}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{DA4AB036-71E9-47F7-BA84-D4FC24468C4B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{2DA802FE-FF53-4C73-8B2F-6CD094905D36}c:\\program files\\crossloop\\crossloopconnect.exe"= UDP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing "UDP Query User{5DA94E35-DABD-4A4D-A3F9-BB2B9E90C146}c:\\program files\\crossloop\\crossloopconnect.exe"= TCP:c:\program files\crossloop\crossloopconnect.exe:CrossLoop - Simple Secure Screen Sharing "TCP Query User{3295AD20-4831-4392-89C5-C27EAD390397}c:\\users\\ally\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\ally\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octosh...:octoshape.exe "UDP Query User{CCB745BE-CC7E-4149-9CF5-CB4026735FD3}c:\\users\\ally\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\ally\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octosh...:octoshape.exe R0 AtiPcie;ATI PCI Express (3GIO) Filter;c:\windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-29 97928] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704] R2 MSCamSvc;MSCamSvc;c:\program files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-08-14 2593280] S2 Windows Tribute Service;Windows Tribute Service;c:\windows\system32\kdkge.exe [ ] S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe [2008-02-20 87288] S3 UMPass;Microsoft UMPass Driver;c:\windows\system32\DRIVERS\umpass.sys [2008-01-19 7680] S3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa8253e-17ce-11dd-b2b0-001c2399b138}] \shell\AutoRun\command - G:\Autorun.exe /run \shell\Shell00\Command - G:\Autorun.exe /run \shell\Shell01\Command - G:\Autorun.exe /action \shell\Shell02\Command - G:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c39115c1-0b2d-11dd-b117-001c2399b138}] \shell\AutoRun\command - F:\SETUP.EXE Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-05 c:\windows\Tasks\User_Feed_Synchronization-{29AA11B2-594C-47F7-BCB0-C22DF6A1BF61}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 02:33] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\s53gr00m.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?source=gama FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npagent.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - c:\program files\SceneCaster\Version 3.11.16\NPSceneCaster.dll FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll FF -: plugin - c:\users\Ally\AppData\Roaming\Mozilla\Firefox\Profiles\s53gr00m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 13:26:35 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-11-05 13:28:26 ComboFix-quarantined-files.txt 2008-11-05 18:28:23 Pre-Run: 21,073,391,616 bytes free Post-Run: 21,037,342,720 bytes free 235 --- E O F --- 2008-10-29 02:00:37 My HJT Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:41:36 PM, on 11/5/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdkge.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8244 bytes Thank you for your help. I did recieve a blue screen after running ComboFix but all is fine at the moment. Haven't waited long enough to see about pop ups.