Thread: Vundo Trojan x 2, Slow start-up et. al.
View Single Post
Old 04-18-2007, 12:02 PM   #4 (permalink)
jtpriddy
Registered User
 
Join Date: Apr 2007
Posts: 9
OS: XP


Re: Vundo Trojan x 2, Slow start-up et. al.
Thank you for your prompt reply. At this time, it will be a bit more difficult for me to respond, for I work on a cruise ship in the mexican riviera, but here is your Combofix log:

"Tim Priddy" - 07-04-18 13:49:26 Service Pack 2
ComboFix 07-04-18.2V - Running from: C:\Documents and Settings\Tim Priddy\Desktop\


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\fmfpgktr.dll
C:\WINDOWS\system32\jkhih.dll
C:\WINDOWS\system32\hihkj.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


2007-04-13 22:39 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-13 22:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-13 22:38 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-13 22:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-13 22:38 712,832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-13 22:38 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-13 22:38 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-13 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Panda Software
2007-04-13 20:49 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-13 00:34 <DIR> d-------- C:\Program Files\Panda Software
2007-04-13 00:04 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-04-11 22:07 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Talkback
2007-04-11 17:20 7,864,320 --a------ C:\DOCUME~1\TIMPRI~1\ntuser.dat
2007-04-10 23:17 <DIR> d-------- C:\Deckard
2007-04-10 22:26 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-10 22:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-10 16:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-10 12:00 <DIR> d-------- C:\DOCUME~1\TIMPRI~1\APPLIC~1\Lavasoft
2007-04-10 11:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-10 10:57 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-10 10:57 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-10 10:57 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-04-10 10:57 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-04-10 10:57 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-10 10:56 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-04-10 10:53 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-09 21:29 147,456 --a------ C:\WINDOWS\Uninstit.exe
2007-04-09 19:24 <DIR> d-------- C:\Program Files\SP31140
2007-04-05 13:34 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-05 06:02 786,432 --ah----- C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-04-05 06:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-04-05 06:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
2007-04-05 06:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-04-05 06:02 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-04-05 03:37 <DIR> d-------- C:\Program Files\RegCure
2007-04-04 14:29 617,197 ---hs---- C:\WINDOWS\system32\uuxyb.ini2
2007-04-03 12:56 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-03 12:50 29,752 --------- C:\WINDOWS\system32\InstHelper.dll
2007-04-03 12:42 94,720 --a------ C:\WINDOWS\system32\dneinobj.dll
2007-04-03 12:42 110,080 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2007-04-03 12:41 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
2007-04-03 12:41 193,584 --a------ C:\WINDOWS\system32\CSGina.dll
2007-03-28 05:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-19 12:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
2007-03-19 04:58 <DIR> d-------- C:\Program Files\XoftSpySE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-18 00:19 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-04-17 19:32 -------- d-------- C:\Program Files\quicken
2007-04-13 01:57 -------- d-------- C:\Program Files\quicktime
2007-04-13 01:48 -------- d-------- C:\Program Files\itunes
2007-04-13 01:41 -------- d-------- C:\Program Files\dvd region-free
2007-04-13 00:42 -------- d--h----- C:\Program Files\installshield installation information
2007-04-12 19:08 -------- d-------- C:\Program Files\sports illustrated 2007
2007-04-11 20:47 -------- d-------- C:\Program Files\google
2007-04-11 20:47 -------- d-------- C:\Program Files\free download manager
2007-04-11 18:13 -------- d-------- C:\Program Files\hijackthis 1.99.1
2007-04-10 12:10 -------- d-------- C:\DOCUME~1\TIMPRI~1\APPLIC~1\skype
2007-04-10 11:56 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-04-05 03:36 -------- d-------- C:\Program Files\install provider
2007-04-02 09:38 -------- d-------- C:\Program Files\limewire
2007-03-23 15:35 -------- d-------- C:\Program Files\divx
2007-03-22 06:52 -------- d-------- C:\Program Files\finale 2006
2007-03-20 02:49 469766 ---hs---- C:\WINDOWS\system32\uuxyb.bak2
2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 03:16 -------- d-------- C:\DOCUME~1\TIMPRI~1\APPLIC~1\free download manager
2007-03-16 14:17 -------- d-------- C:\Program Files\ipod
2007-03-16 04:02 -------- d-------- C:\Program Files\intervideo
2007-03-16 03:19 -------- d-------- C:\Program Files\hewlett-packard
2007-03-16 02:02 -------- d-------- C:\Program Files\hp
2007-03-13 07:16 -------- d-------- C:\DOCUME~1\TIMPRI~1\APPLIC~1\divx
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 06:31 -------- d-------- C:\Program Files\pure sudoku
2007-03-07 06:27 482966 ---hs---- C:\WINDOWS\system32\uuxyb.bak1
2007-03-05 10:05 -------- d-------- C:\DOCUME~1\TIMPRI~1\APPLIC~1\talkback
2007-03-02 18:59 26637 ---hs---- C:\WINDOWS\system32\wvuvvwu.dll
2007-02-27 11:14 -------- d-------- C:\Program Files\microsoft wse
2007-02-27 07:58 -------- d-------- C:\Program Files\the awakened
2007-02-25 09:05 63696 --a------ C:\DOCUME~1\TIMPRI~1\APPLIC~1\gdipfontcachev1.dat
2007-02-23 00:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 00:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 00:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 00:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 00:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 00:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 00:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 00:25 73728 --a--c--- C:\WINDOWS\system32\dpl100.dll
2007-02-23 00:25 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-02-23 00:25 593920 --a--c--- C:\WINDOWS\system32\dpugui11.dll
2007-02-23 00:25 57344 --a--c--- C:\WINDOWS\system32\dpv11.dll
2007-02-23 00:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 00:25 344064 --a--c--- C:\WINDOWS\system32\dpus11.dll
2007-02-23 00:25 294912 --a--c--- C:\WINDOWS\system32\dpu11.dll
2007-02-23 00:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 00:25 196608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2007-02-15 21:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-03 13:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-30 01:03 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-30 01:03 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 01:03 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-19 09:23 1721976 --a------ C:\WINDOWS\system32\inetclnt.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} C:\Program Files\Free Download Manager\iefdmcks.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"VF0070 STISvc"="RunDLL32.exe V0070Pin.dll,RunDLL32EP 513"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqomk

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"item"="IgfxTray"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"hkey"="HKLM"
"key"="Run"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RoxioUpdator.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{7A2BD778-407B-48B9-905C-F3A45FF5B90A}.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????????????P???? ???B???????????????B? ??????

scanning hidden files ...

C:\system.sav\CTO.TXT 4096 bytes
C:\system.sav\CTOHW.TXT 16 bytes
C:\system.sav\DAYLGSAV.reg 320 bytes
C:\system.sav\delink.log 288 bytes
C:\system.sav\highgost.flg 32 bytes
C:\system.sav\info.bom 8192 bytes
C:\system.sav\INFO.US 4096 bytes
C:\system.sav\ISLOGCHK.LOG 4096 bytes
C:\system.sav\logoff.bat 112 bytes
C:\system.sav\logoff.reg 288 bytes
C:\system.sav\PREINCHK.log 4096 bytes
C:\system.sav\REBOOT.ME 48 bytes
C:\system.sav\REGDEV.LOG 40 bytes
C:\system.sav\REGFLUSH.LOG 4096 bytes
C:\system.sav\RegionCF
C:\system.sav\RegionCF\euro.reg 216 bytes
C:\system.sav\RegionCF\SFr.reg 232 bytes
C:\system.sav\RmDev.log 4096 bytes
C:\system.sav\SYSINFO.LOG 106496 bytes
C:\system.sav\util
C:\system.sav\util\add5800devicePath.js 336 bytes
C:\system.sav\util\AOLBB.log 32 bytes
C:\system.sav\util\AOLbits.log 32 bytes
C:\system.sav\util\AppEvBk1.old 16384 bytes
C:\system.sav\util\bootldr.flg 0 bytes
C:\system.sav\util\BOOTSEC.NT4 512 bytes
C:\system.sav\util\brand.exe 57344 bytes
C:\system.sav\util\BrandIt.Log 4096 bytes
C:\system.sav\util\CHKIMAGE.exe 81920 bytes
C:\system.sav\util\CIA.CDC 24576 bytes
C:\system.sav\util\CIA.INI 32768 bytes
C:\system.sav\util\CMDOOBE.CMD 72 bytes
C:\system.sav\util\CMDSWSET.CMD 64 bytes
C:\system.sav\util\COMPMOD.bat 256 bytes
C:\system.sav\util\COMPMOD.exe 24576 bytes
C:\system.sav\util\COMPMOD.LOG 48 bytes
C:\system.sav\util\COMPMOD.TMP 168 bytes
C:\system.sav\util\cpqci.dll 73728 bytes
C:\system.sav\util\cpqsm.exe 53248 bytes
C:\system.sav\util\cvacompg.exe 77824 bytes
C:\system.sav\util\cvacompg.tmp 168 bytes
C:\system.sav\util\delcia.flg 32 bytes
C:\system.sav\util\DelDir.exe 20480 bytes
C:\system.sav\util\delmodem.bat 128 bytes
C:\system.sav\util\delmodem.ini 184 bytes
C:\system.sav\util\dmiuia.cmd 136 bytes
C:\system.sav\util\EarthLinkall.log 32 bytes
C:\system.sav\util\EarthLinkDialup.log 32 bytes
C:\system.sav\util\FAQ.log 32 bytes
C:\system.sav\util\hpqnt.dll 61440 bytes
C:\system.sav\util\hsc.log 176 bytes
C:\system.sav\util\infobomg.exe 57344 bytes
C:\system.sav\util\INSTALL.LOG 155648 bytes
C:\system.sav\util\ISLOGCHK.EXE 73728 bytes
C:\system.sav\util\ISLOGCHK.INI 112 bytes
C:\system.sav\util\make_rtr.flg 136 bytes
C:\system.sav\util\mobproc.flg 136 bytes
C:\system.sav\util\MSNPackage.log 32 bytes
C:\system.sav\util\MVEDV.LOG 208 bytes
C:\system.sav\util\NONISPCONTENTS.log 32 bytes
C:\system.sav\util\oca.reg 352 bytes
C:\system.sav\util\oca_mrk.bat 256 bytes
C:\system.sav\util\oobe.min 144 bytes
C:\system.sav\util\oobe.wpe 4096 bytes
C:\system.sav\util\osexclude.txt 184 bytes
C:\system.sav\util\PeoplePC.log 32 bytes
C:\system.sav\util\PININST.INI 192 bytes
C:\system.sav\util\PININST.LOG 352 bytes
C:\system.sav\util\POSTOOBE.CMD 4096 bytes
C:\system.sav\util\POSTOOBE.LOG 24 bytes
C:\system.sav\util\postproc.ini 560 bytes
C:\system.sav\util\powerset.log 88 bytes
C:\system.sav\util\PREINCHK.BAT 184 bytes
C:\system.sav\util\quicken.log 32 bytes
C:\system.sav\util\random.ini 40 bytes
C:\system.sav\util\REGDEV.EXE 73728 bytes
C:\system.sav\util\REGDEV.INI 560 bytes
C:\system.sav\util\RMDEV.CMD 296 bytes
C:\system.sav\util\SecEvBk1.old 24576 bytes
C:\system.sav\util\sedinst.log 168 bytes
C:\system.sav\util\SWSETDIR.exe 77824 bytes
C:\system.sav\util\SWSETUP.BTO 424 bytes
C:\system.sav\util\SWSETUP.CMD 136 bytes
C:\system.sav\util\SWSET_B.INI 4096 bytes
C:\system.sav\util\SysEvBk1.old 12288 bytes
C:\system.sav\util\TMP.INI 12288 bytes
C:\system.sav\util\touchpad.log 192 bytes
C:\system.sav\util\uiadump32.exe 16384 bytes
C:\system.sav\util\uiautil.exe 32768 bytes
C:\system.sav\util\updie.bat 104 bytes
C:\system.sav\util\WINDVD.LOG 176 bytes
C:\system.sav\util\WMI.BAT 48 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 92

********************************************************************

Completion time: 07-04-18 13:56:36
C:\ComboFix-quarantined-files.txt ... 07-04-18 13:56

Deckard's System Scan:

Deckard's System Scanner v20070328.36
Run by Tim Priddy on 2007-04-18 at 14:00:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Tim Priddy.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:01:01 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim Priddy\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1.1\TIMPRI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: ZonedOut.lnk = C:\Documents and Settings\Tim Priddy\Desktop\Misc\ZonedOut\ZonedOut.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/126p/html/gtdownlr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170275904732
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://192.168.0.102:81/plugin/h263ctrl.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: byxuu - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqqomk - ssqqomk.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Venturi2 Client (Venturi2) - Venturi Wireless - C:\Program Files\Venturi2\Client\ventc.exe


-- Files created between 2007-03-18 and 2007-04-18 -----------------------------

2007-04-13 22:39:03 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-13 22:38:58 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-13 22:38:53 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-13 22:38:45 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-13 22:38:45 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-13 22:38:30 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-13 22:38:30 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-13 22:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Panda Software<PANDAS~1>
2007-04-13 20:49:51 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-04-13 00:34:00 0 d-------- C:\Program Files\Panda Software<PANDAS~1>
2007-04-13 00:04:32 0 d-------- C:\Program Files\Common Files\Panda Software<PANDAS~1>
2007-04-11 22:07:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2007-04-11 17:20:00 7864320 --a------ C:\Documents and Settings\Tim Priddy\ntuser.dat
2007-04-10 22:26:58 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3>
2007-04-10 22:14:24 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2>
2007-04-10 16:47:40 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-10 12:00:19 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Lavasoft
2007-04-10 11:58:55 0 d-------- C:\Program Files\Lavasoft
2007-04-10 10:57:37 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-10 10:57:37 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-10 10:57:37 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-10 10:57:37 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-10 10:57:36 59984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-10 10:56:43 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-04-10 10:53:56 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-09 21:29:38 147456 --a------ C:\WINDOWS\Uninstit.exe
2007-04-09 19:24:08 0 d-------- C:\Program Files\SP31140
2007-04-05 13:34:39 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-05 06:02:03 786432 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-04-05 06:02:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer<APPLEC~1>
2007-04-05 03:37:38 0 d-------- C:\Program Files\RegCure
2007-04-04 14:29:47 617197 ---hs---- C:\WINDOWS\system32\uuxyb.ini2<UUXYB~1.INI>
2007-04-03 12:56:18 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-04-03 12:50:21 29752 -----n--- C:\WINDOWS\system32\InstHelper.dll<INSTHE~1.DLL>
2007-04-03 12:48:58 8 --a------ C:\WINDOWS\system32\success
2007-04-03 12:42:13 110080 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2007-04-03 12:42:13 94720 --a------ C:\WINDOWS\system32\dneinobj.dll
2007-04-03 12:41:43 5315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
2007-04-03 12:41:27 193584 --a------ C:\WINDOWS\system32\CSGina.dll
2007-03-28 05:09:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-19 12:15:21 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware<PARETO~1>
2007-03-19 04:58:39 0 d-------- C:\Program Files\XoftSpySE<XOFTSP~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-18 14:00:42 0 d-------- C:\Program Files\HijackThis 1.99.1<HIJACK~1.1>
2007-04-18 00:19:51 12 --a------ C:\WINDOWS\bthservsdp.dat<BTHSER~1.DAT>
2007-04-17 19:32:28 0 d-------- C:\Program Files\Quicken
2007-04-13 22:37:59 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-13 01:57:50 0 d-------- C:\Program Files\QuickTime<QUICKT~3>
2007-04-13 01:48:39 0 d-------- C:\Program Files\iTunes
2007-04-13 01:41:18 0 d-------- C:\Program Files\DVD Region-Free<DVDREG~1>
2007-04-13 00:42:46 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-12 19:08:54 0 d-------- C:\Program Files\Sports Illustrated 2007<SPORTS~1>
2007-04-11 20:47:29 0 d-------- C:\Program Files\Google
2007-04-11 20:47:27 0 d-------- C:\Program Files\Free Download Manager<FREEDO~1>
2007-04-10 12:10:57 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Skype
2007-04-10 11:56:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-05 03:36:09 0 d-------- C:\Program Files\Install Provider<INSTAL~2>
2007-04-02 09:38:38 0 d-------- C:\Program Files\LimeWire
2007-03-28 05:01:57 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\AdobeUM
2007-03-23 15:35:47 0 d-------- C:\Program Files\DivX
2007-03-22 06:52:52 0 d-------- C:\Program Files\Finale 2006<FINALE~1>
2007-03-20 02:49:40 469766 ---hs---- C:\WINDOWS\system32\uuxyb.bak2<UUXYB~2.BAK>
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-17 03:16:37 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Free Download Manager<FREEDO~1>
2007-03-16 14:17:17 0 d-------- C:\Program Files\iPod
2007-03-16 14:00:40 0 d-------- C:\Program Files\Apple Software Update<APPLES~2>
2007-03-16 04:02:18 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-03-16 03:19:58 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-03-16 02:02:48 0 d-------- C:\Program Files\HP
2007-03-13 07:16:33 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\DivX
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 06:31:57 0 d-------- C:\Program Files\Pure Sudoku<PURESU~1>
2007-03-07 06:27:20 482966 ---hs---- C:\WINDOWS\system32\uuxyb.bak1<UUXYB~1.BAK>
2007-03-05 10:05:28 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\Talkback
2007-03-02 18:59:06 26637 ---hs---- C:\WINDOWS\system32\wvuvvwu.dll
2007-02-28 03:23:07 0 d-------- C:\Documents and Settings\Tim Priddy\Application Data\CNN
2007-02-27 11:14:10 0 d-------- C:\Program Files\Microsoft WSE<MI6E20~1>
2007-02-27 07:58:54 0 d-------- C:\Program Files\The Awakened<THEAWA~1>
2007-02-25 09:05:46 63696 --a------ C:\Documents and Settings\Tim Priddy\Application Data\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2007-02-23 00:29:58 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-02-23 00:29:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 00:29:49 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 00:29:49 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 00:25:24 196608 --a----c- C:\WINDOWS\system32\dtu100.dll
2007-02-23 00:25:24 73728 --a----c- C:\WINDOWS\system32\dpl100.dll
2007-02-23 00:25:23 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 00:25:22 57344 --a----c- C:\WINDOWS\system32\dpv11.dll
2007-02-23 00:25:22 344064 --a----c- C:\WINDOWS\system32\dpus11.dll
2007-02-23 00:25:22 593920 --a----c- C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 00:25:22 294912 --a----c- C:\WINDOWS\system32\dpu11.dll
2007-02-23 00:25:22 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 00:25:19 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-02-23 00:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-02-23 00:25:19 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-02-23 00:25:19 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-02-15 21:40:35 124472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-02-03 13:16:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-01-30 01:03:34 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-01-30 01:03:34 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-01-30 01:03:34 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-01-19 09:23:54 1721976 --a------ C:\WINDOWS\system32\inetclnt.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Power2GoExpress"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon05"="C:\\WINDOWS\\system32\\hphmon05.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"VF0070 STISvc"="RunDLL32.exe V0070Pin.dll,RunDLL32EP 513"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"item"="IgfxTray"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"hkey"="HKLM"
"key"="Run"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqomk

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-18 at 14:01:26 ---------

Again, thank you for all you do to help those of us that do not have the expertise to help ourselves!!

Sincerely,

Tim Priddy
jtpriddy is offline