MysteryGoat

I keep detecting virtumonde with spybot. I'm sure I picked it up from some naughty files I downloaded, trying to cut back on that. I also get random popups and I get two rundll processes that prevent firefox from loading certain sites (yahoo, google results, ect.). I've been trying for the past couple of days to remove it myself with little success. I would get rid of registry entries, dll files and it seemed to work however spybot would always detect it there and of course eventually it flared back up again. I even thought about using combofix from observing how it's used in other threads but after reading the tutorial I figured it'd be better left to someone who knows what they're doing with it. VundoFix and the secondary program who's name I can't remember doesn't even detect it. Nothing is cleaning it so any help is appreciated. Thanks.



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-25 22:45:44
PROTECTIONS: 0
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 No No D:\Documents and Settings\Zed Ryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\Cache\4292372Ed01[²ƒÇ]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.247realmedia.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.xiti.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[ad.yieldmanager.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.advertising.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.overture.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.go.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No D:\Documents and Settings\Zed Ryan\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\cookies.txt[.target.com/]
00519333 Application/Processor HackTools No 0 Yes No D:\Documents and Settings\Zed Ryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\Cache\4292372Ed01
01176994 Bck/VB.XB Virus/Trojan No 0 No No D:\Documents and Settings\Zed Ryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ubz62q68.default\Cache\C2152591d01[327882R2FWJFW\NirCmdC.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location r

3
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description r

3
;===================================================================================================================================================================================
;===================================================================================================================================================================================



Deckard's System Scanner v20071014.68
Run by Zed Ryan on 2008-05-26 11:15:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Zed Ryan.exe) --------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-26 11:16:10
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
D:\WINNT\system32\SMSS.EXE
D:\WINNT\system32\WINLOGON.EXE
D:\WINNT\system32\SERVICES.EXE
D:\WINNT\system32\LSASS.EXE
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\WINNT\Runservice.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\system32\wbem\WinMgmt.exe
D:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
D:\WINNT\explorer.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\mixer.exe
D:\Program Files\Logitech\G-series Software\LGDCore.exe
D:\Program Files\Logitech\G-series Software\LCDMon.exe
D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
D:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
D:\Deckard\dss.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amiright.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3959649D-AADD-49DD-A7F2-D9664DDBA17E} - D:\WINNT\system32\pmnli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: {fd168002-2e7c-8fd9-37c4-78a43bafc33b} - {b33cfab3-4a87-4c73-9df8-c7e2200861df} - D:\WINNT\system32\juftqumu.dll
O2 - BHO: (no name) - {EA03AF8E-4302-4D97-BBB2-F3A2593D1C13} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Launch LGDCore] "D:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "D:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [e0ac4529] rundll32.exe "D:\WINNT\system32\uboktsuk.dll",b
O4 - HKLM\..\Run: [BM239947d0] Rundll32.exe "D:\WINNT\system32\ehtnakep.dll",s
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {3334504D-0000-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/mpeg4ax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1187641015375
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} () - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{AABB9CD4-B0C9-414A-A588-F55524C78ECC}: NameServer = 68.105.28.13,68.105.29.13
O20 - Winlogon Notify: opnnnkk - D:\WINNT\system32\
O20 - Winlogon Notify: yayabcd - D:\WINNT\system32\
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Crypkey License - Unknown owner - D:\WINNT\system32\Crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\system32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - D:\WINNT\Runservice.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - D:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - D:\WINNT\system32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - D:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


--
End of file - 6362 bytes

-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 10:45:31 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_4dc.dat
2008-05-25 20:44:10 2624 --a------ D:\WINNT\system32\bmsoonlc.exe
2008-05-25 20:41:12 94272 --a------ D:\WINNT\system32\uboktsuk.dll
2008-05-25 20:38:24 105024 --a------ D:\WINNT\system32\juftqumu.dll
2008-05-25 20:38:10 102976 --a------ D:\WINNT\system32\ehtnakep.dll
2008-05-25 17:01:26 0 d-------- D:\Program Files\Panda Security
2008-05-25 15:27:51 0 d-------- D:\VundoFix Backups
2008-05-25 01:51:56 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_494.dat
2008-05-25 01:41:15 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_480.dat
2008-05-25 00:32:01 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_450.dat
2008-05-24 22:20:05 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_404.dat
2008-05-24 19:59:17 0 d-------- D:\HiJackThis
2008-05-24 19:34:53 105024 --a------ D:\WINNT\system32\jlxgftei.dll
2008-05-24 19:34:52 2624 --a------ D:\WINNT\system32\gbiqvsqg.exe
2008-05-24 17:27:28 0 d-------- D:\Documents and Settings\Zed Ryan\Application Data\Bitdefender
2008-05-24 17:26:25 0 d-------- D:\Program Files\BitDefender
2008-05-24 17:26:25 0 d-------- D:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-24 17:23:41 0 d-------- D:\Program Files\Common Files\BitDefender
2008-05-23 22:47:38 2624 --a------ D:\WINNT\system32\xhmgkldj.exe
2008-05-23 22:44:38 95808 --a------ D:\WINNT\system32\okapnovn.dll
2008-05-23 22:41:34 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_1d4.dat
2008-05-23 18:35:25 2624 --a------ D:\WINNT\system32\vnclymca.exe
2008-05-22 18:20:04 2624 --a------ D:\WINNT\system32\wvjtupuv.exe
2008-05-21 19:27:23 4915200 --a------ D:\WINNT\system32\qt-mt333.dll
2008-05-21 19:27:22 2045 --ah----- D:\WINNT\system32\whlb32g.dll
2008-05-21 19:27:18 733184 --a------ D:\WINNT\system32\qedwipes.dll
2008-05-21 19:27:06 1019904 --a------ D:\WINNT\system32\nvwimg.dll
2008-05-21 19:27:06 12288 --a------ D:\WINNT\system32\DivXWMPExtType.dll
2008-05-21 16:30:27 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_420.dat
2008-05-21 12:46:40 2624 --a------ D:\WINNT\system32\jjljepin.exe
2008-05-21 12:45:46 909923 --ahs---- D:\WINNT\system32\ilnmp.ini2
2008-05-21 12:45:40 280064 --a------ D:\WINNT\system32\pmnli.dll
2008-05-16 18:28:47 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_1bc.dat
2008-05-16 18:17:38 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_3c4.dat
2008-05-15 21:57:22 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_374.dat
2008-05-13 11:30:18 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_41c.dat
2008-05-10 19:34:29 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_340.dat
2008-05-10 02:46:04 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_45c.dat
2008-05-09 18:55:44 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_474.dat
2008-05-02 19:04:40 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_438.dat
2008-04-27 23:18:19 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_18c.dat
2008-04-27 21:56:34 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_3d0.dat
2008-04-27 19:36:03 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_390.dat
2008-04-27 16:46:46 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_3f4.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-26 10:43:12 1473 --ahs---- D:\WINNT\system32\mmf.sys
2008-05-25 15:14:33 1370386 ---h----- D:\WINNT\ShellIconCache
2008-05-25 09:29:19 0 d-------- D:\Documents and Settings\Zed Ryan\Application Data\Azureus
2008-05-24 17:24:17 0 d-------- D:\Documents and Settings\Zed Ryan\Application Data\Lavasoft
2008-05-24 17:23:41 0 d-a------ D:\Program Files\Common Files
2008-05-21 13:19:46 530 --a----c- D:\delete.bat
2008-05-21 12:00:55 0 d-------- D:\Documents and Settings\Zed Ryan\Application Data\DivX
2008-05-21 00:37:49 0 d-------- D:\Program Files\DivX
2008-05-15 22:41:15 0 d-a------ D:\Program Files\ICQ
2008-04-26 17:55:57 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-04-21 23:07:53 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_308.dat
2008-04-21 22:27:44 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_3c0.dat
2008-04-14 10:05:42 0 d-------- D:\Program Files\PeerGuardian2
2008-03-08 10:17:55 248571 --ahs---- D:\WINNT\system32\pstwa.ini2
2008-03-07 22:26:40 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_424.dat
2008-03-07 22:12:39 4212 --ah----- D:\WINNT\system32\zllictbl.dat
2008-03-06 18:19:20 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_3e0.dat
2008-03-05 21:18:17 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_418.dat
2008-03-05 19:56:49 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_298.dat
2008-03-04 23:52:19 2550 --a------ D:\WINNT\unins000.dat
2008-03-04 23:50:05 691545 --a------ D:\WINNT\unins000.exe
2008-03-02 12:59:49 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_25c.dat
2008-02-27 17:04:36 16384 --a-----t D:\WINNT\system32\Perflib_Perfdata_248.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3959649D-AADD-49DD-A7F2-D9664DDBA17E}]
05/21/08 12:45p 280064 --a------ D:\WINNT\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b33cfab3-4a87-4c73-9df8-c7e2200861df}]
05/25/08 08:38p 105024 --a------ D:\WINNT\system32\juftqumu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA03AF8E-4302-4D97-BBB2-F3A2593D1C13}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 01:05p D:\WINNT\system32\mobsync.exe]
"C-Media Mixer"="Mixer.exe" [10/15/02 06:00p D:\WINNT\mixer.exe]
"@"="" []
"Launch LGDCore"="D:\Program Files\Logitech\G-series Software\LGDCore.exe" [03/06/06 09:31a]
"Launch LCDMon"="D:\Program Files\Logitech\G-series Software\LCDMon.exe" [03/06/06 09:14a]
"NvCplDaemon"="D:\WINNT\system32\NvCpl.dll" [10/22/06 12:22p]
"nwiz"="nwiz.exe" [10/22/06 12:22p D:\WINNT\system32\nwiz.exe]
"BitDefender Antiphishing Helper"="D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [10/09/07 03:46p]
"BDAgent"="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [02/16/08 05:45p]
"e0ac4529"="D:\WINNT\system32\uboktsuk.dll" [05/25/08 08:41p]
"BM239947d0"="D:\WINNT\system32\ehtnakep.dll" [05/25/08 08:38p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=D:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnnkk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayabcd]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 D:\WINNT\system32\pmnli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"D:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Diskeeper"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan




-- End of Deckard's System Scanner: finished at 2008-05-26 11:17:19 ------------

MysteryGoat

Well it looks like I got rid of it using SUPERAntiVirus. Doesn't show up in spybot or bitdefender either. I would appreciate someone looking at my log for me at their earliest convenience. Just let me know so I can post the most up-to-date log.