some erroring DLL's and drivers, will not access external HDD

[adam245]

so, my computer changed the format of my external from FAT32 to RAW and now, when connected, doesn't show that it even exists. also... IE is defintely taken over by my123.com (though I had totally forgotten about this since I mostly use firefox) and was going to fix that earlier today, but i read on here to not run any other programs or follow other forums to fix that, since you guys can most certainly fix that as well. didn't want to overcomplicate an already complicated process.

lruiquij.sys
ndtkvm44.sys
qncogf76.sys
skqudjbj.sys
ukumzplk.sys
cjptciai.dll
cmicnfg.cpl
qncogf76.dll
tjtlyokj.dll
ndtkvm44.dll
kqthpthi.dll

all of those files show up as viruses on the various scans i've done, though they only show up on some scanners (Ad-Aware SE, Ad-Aware Pro, Kaspersky's Online Scanner, AVG Anti-Virus).

did all 5 steps and the PANDA scan might have fixed some of them, however, certainly not all of them.

here's the main log from DSS with extra.txt and the PANDA scan attached.

Deckard's System Scanner v20071014.68
Run by Adam on 2008-05-09 18:14:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2008-05-09 22:14:47 UTC - RP1369 - Deckard's System Scanner Restore Point
96: 2008-05-09 18:46:37 UTC - RP1368 - Removed Power Tab Editor 1.7
95: 2008-05-09 01:50:04 UTC - RP1367 - pre error file delete
94: 2008-05-09 00:12:00 UTC - RP1366 - Removed Google Earth.
93: 2008-05-09 00:11:38 UTC - RP1365 - Removed HighMAT Extension to Microsoft Windows XP CD Writing Wizard


-- First Restore Point --
1: 2008-02-27 08:57:30 UTC - RP1273 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-09 18:16:09
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Documents and Settings\Adam\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/isapi/redir...0&plcid=0x0409
R1 - HKLM\Software\Microsoft\Internet Explorer,Start Page = http://www.my123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/en-us/srchasst/srchcust.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/sg726acm.cab
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/voxacm.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} () - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarew...ab/awswaxf.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gad.../LocalExec.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09950ce6...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.co...207.6295717593
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} () - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


--
End of file - 12417 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 lruiquij (lruiqui) - c:\windows\system32\drivers\lruiquij.sys
R0 ndtkvm44 (ndtkvm4) - c:\windows\system32\drivers\ndtkvm44.sys
R0 qncogf76 (qncogf7) - c:\windows\system32\drivers\qncogf76.sys
R0 sisidex - c:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - c:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R0 skqudjbj (skqudjb) - c:\windows\system32\drivers\skqudjbj.sys
R0 ukumzplk (ukumzpl) - c:\windows\system32\drivers\ukumzplk.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.0.1>
R2 PDIHWCTL - c:\windows\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 EWAVE - c:\windows\system32\drivers\ew.sys (file missing)
S3 FILESPY - c:\windows\system32\drivers\filespy.sys (file missing)
S3 NSTATION - c:\windows\system32\drivers\nstation.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
S3 vcddev (VCD VNC Virtual Network Adapter) - c:\windows\system32\drivers\vcdvnic.sys <Not Verified; VNN B.J.; VNN Client Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 DTSRVC (Portrait Displays Display Tune Service) - c:\program files\portrait displays\magictune\dtsrvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: C-Media AC97 Audio Device
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_18911019&REV_A0\3&61AAA01&0&17
Manufacturer: C-Media
Name: C-Media AC97 Audio Device
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_18911019&REV_A0\3&61AAA01&0&17
Service: cmuda


-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 07:34:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 17:41:10 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 17:40:28 0 d-------- C:\Program Files\SpywareBlaster
2008-05-09 15:32:23 0 d-------- C:\Program Files\Panda Security
2008-05-08 20:09:30 0 d-------- C:\WINDOWS\LastGood
2008-05-08 18:53:52 0 d-------- C:\Documents and Settings\Adam\Contacts
2008-05-08 16:48:55 0 dr-h----- C:\Documents and Settings\Adam\Recent
2008-05-08 01:43:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 20:11:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 20:11:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-07 16:38:51 0 d-------- C:\Program Files\Western Digital


-- Find3M Report ---------------------------------------------------------------

2008-05-09 15:32:25 8671 --a------ C:\WINDOWS\mozver.dat
2008-05-09 14:42:22 0 d-------- C:\Program Files\WildTangent
2008-05-08 20:14:05 0 d-------- C:\Documents and Settings\Adam\Application Data\Aim
2008-05-08 20:13:18 0 d-------- C:\Program Files\Antares Audio Technologies
2008-05-08 20:12:48 161 --a------ C:\Delme.bat
2008-05-08 20:04:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 20:03:21 0 d-------- C:\Program Files\Common Files
2008-05-08 20:02:50 0 d-------- C:\Documents and Settings\Adam\Application Data\Adobe
2008-05-08 17:43:02 0 d-------- C:\Program Files\Ahead
2008-05-08 17:42:25 0 d-------- C:\Documents and Settings\Adam\Application Data\Viewpoint
2008-05-08 16:49:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 03:01:45 0 d-------- C:\Documents and Settings\Adam\Application Data\AdobeUM
2008-05-08 01:43:33 0 d-------- C:\Program Files\Lavasoft
2008-05-07 16:35:07 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-07 03:10:19 0 d-------- C:\Program Files\Soulseek
2008-05-03 11:25:45 0 d-------- C:\Documents and Settings\Adam\Application Data\AVG7
2008-04-15 21:46:12 0 d-------- C:\Program Files\Finale 2007
2008-04-15 06:04:35 0 d-------- C:\Documents and Settings\Adam\Application Data\BitTorrent
2008-03-21 14:22:40 0 d-------- C:\Documents and Settings\Adam\Application Data\Real
2008-03-12 23:44:49 0 d-------- C:\Program Files\Creative
2008-03-12 23:44:00 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-12 23:44:00 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-03-12 23:42:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-12 22:03:35 0 d-------- C:\Documents and Settings\Adam\Application Data\Creative


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [02/03/2004 10:37 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [02/03/2004 10:37 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [01/09/2001 12:01 PM]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/25/2008 08:40 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 10:57 AM]
"WD Button Manager"="WDBtnMgr.exe" [12/31/2006 07:04 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"CTHelper"="CTHELPER.EXE" [08/11/2006 03:56 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/11/2006 02:56 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Washer"="C:\Program Files\Washer\washer.exe" [08/08/2004 07:01 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:55 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/07/2007 07:01 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Washer\washidx.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
MagicTune.lnk - C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe [9/29/2003 11:18:34 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [8/10/2004 11:43:30 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a70ff0dd-25f0-11d7-892e-806d6172696f}]
AutoRun\command- D:\setup.exe

*Newly Created Service* - GTNDIS5
*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2008-05-09 18:16:46 ------------



i got referred here from the Hard Drive Support forum to fix my computer before I can start working on fixing the HDD. thanks in advance for any help you can provide.

[adam245]

sorry... couldn't find a way to edit my last post... forgot to stay. my speakers have been crackling too, thought i thought that might have just been my soundcard acting strangely. meant to include that.

[adam245]

bumping up my post

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later.

---------------------------------------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you. Post that log in your next reply, at the end of this fix.

---------------------------------------------------------------------------------------------

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Post that log in your next reply.

---------------------------------------------------------------------------------------------

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

---------------------------------------------------------------------------------------------

Please post the logs from:

ComboFix (C:\ComboFix.txt)
SDFix (C:\SDFix\report.txt)
DSS (main.txt ; extra.txt)


If you have any questions along the way, STOP and ask them before proceeding.

[adam245]

sorry the reply took so long i've been kinda busy lately.

combo fix

ComboFix 08-05-15.3 - Adam 2008-05-18 21:39:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -4:00]
Running from: C:\Documents and Settings\Adam\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\drivers\lruiquij.sys
C:\WINDOWS\system32\drivers\ndtkvm44.sys
C:\WINDOWS\system32\drivers\qncogf76.sys
C:\WINDOWS\system32\drivers\skqudjbj.sys
C:\WINDOWS\system32\drivers\ukumzplk.sys
C:\WINDOWS\system32\ndtkvm44.dll
C:\WINDOWS\system32\qncogf76.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LRUIQUIJ
-------\Legacy_NDTKVM44
-------\Legacy_QNCOGF76
-------\Legacy_SKQUDJBJ
-------\Legacy_UKUMZPLK
-------\Service_lruiquij
-------\Service_ndtkvm44
-------\Service_qncogf76
-------\Service_skqudjbj
-------\Service_ukumzplk


((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 21:22 . 2008-05-13 02:57 <DIR> d-------- C:\SDFix
2008-05-09 18:14 . 2008-05-09 18:14 <DIR> d-------- C:\Deckard
2008-05-09 17:41 . 2008-05-18 21:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 17:40 . 2008-05-09 17:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-09 15:32 . 2008-05-09 15:32 <DIR> d-------- C:\Program Files\Panda Security
2008-05-08 18:57 . 2008-05-08 18:57 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-05-08 18:53 . 2008-05-08 18:53 <DIR> d-------- C:\Documents and Settings\Adam\Contacts
2008-05-08 16:59 . 2008-05-18 21:42 4,958,588 --a------ C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.BAK
2008-05-08 02:36 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-08 02:35 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-08 02:34 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-08 02:33 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-08 02:32 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-08 02:31 . 2004-08-04 03:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-05-08 02:30 . 2004-08-04 03:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-08 02:29 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-08 02:28 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-08 02:27 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-08 02:26 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-05-08 02:25 . 2004-08-04 08:00 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls
2008-05-08 02:25 . 2004-08-04 08:00 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls
2008-05-08 01:43 . 2008-05-08 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 20:11 . 2008-05-07 20:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-07 20:11 . 2008-05-07 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 17:14 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-07 17:13 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-07 16:38 . 2008-05-07 16:47 <DIR> d-------- C:\Program Files\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-18 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-14 08:28 --------- d-----w C:\Program Files\Soulseek
2008-05-09 18:42 --------- d-----w C:\Program Files\WildTangent
2008-05-09 00:14 --------- d-----w C:\Documents and Settings\Adam\Application Data\Aim
2008-05-09 00:13 --------- d-----w C:\Program Files\Antares Audio Technologies
2008-05-09 00:12 161 ----a-w C:\Delme.bat
2008-05-09 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 21:43 --------- d-----w C:\Program Files\Ahead
2008-05-08 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-08 21:42 --------- d-----w C:\Documents and Settings\Adam\Application Data\Viewpoint
2008-05-08 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\MakeMusic
2008-05-08 20:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 07:01 --------- d-----w C:\Documents and Settings\Adam\Application Data\AdobeUM
2008-05-08 05:43 --------- d-----w C:\Program Files\Lavasoft
2008-05-07 20:35 --------- d-----w C:\Program Files\Western Digital Technologies
2008-05-03 15:25 --------- d-----w C:\Documents and Settings\Adam\Application Data\AVG7
2008-04-16 01:46 --------- d-----w C:\Program Files\Finale 2007
2008-04-15 10:04 --------- d-----w C:\Documents and Settings\Adam\Application Data\BitTorrent
2005-10-14 08:27 81 ----a-w C:\Documents and Settings\Adam\hs.dat
2004-09-17 03:52 155 ---ha-w C:\Documents and Settings\Adam\hpothb07.dat
2007-03-01 21:46 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Washer"="C:\Program Files\Washer\washer.exe" [2004-08-08 19:01 432640]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 19:01 43008]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-03 22:37 2899968]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-02-03 22:37 46080]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07 49263]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 12:01 44544]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-25 08:40 579584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016]
"WD Button Manager"="WDBtnMgr.exe" [2006-12-31 19:04 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-09 00:13 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:40 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
MagicTune.lnk - C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe [2003-09-29 23:18:34 125952]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2004-08-10 11:43:30 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Starcraft\\starcraft.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\wisptis.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36:TCP"= 36:TCP:itunes
"80:TCP"= 80:TCP:KLite port
"1080:TCP"= 1080:TCP:Klite2
"113:TCP"= 113:TCP:ddc
"1214:TCP"= 1214:TCP:Klite3
"7000:TCP"= 7000:TCP:Klite4
"135:TCP"= 135:TCP:kliteagain

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)

R2 PDIHWCTL;PDIHWCTL;C:\WINDOWS\system32\drivers\PDIHWCTL.sys [2003-01-29 15:08]
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []
S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys []
S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys []
S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys []
S3 vcddev;VCD VNC Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vcdvnic.sys [2006-03-09 02:04]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 11:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 21:45:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-05-18 21:54:26 - machine was rebooted [Adam]
ComboFix-quarantined-files.txt 2008-05-19 01:54:23

Pre-Run: 35,678,416,896 bytes free
Post-Run: 35,842,371,584 bytes free

206 --- E O F --- 2008-05-16 07:02:04

SDFix


SDFix: Version 1.182
Run by Adam on Sun 05/18/2008 at 10:12 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 22:20:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:b77b507f
"s2"=dword:d3cd1d75
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:26,fc,c9,fa,66,d6,77,de,e8,40,5b,98,c8,53,84,49,c9,84,a2,55,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5d,60,41,4a,75,44,3c,7d,c4,81,d2,4a,c9,b6,9a,2a,b1,65,ed,e7,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5e,0c,8b,5c,87,10,81,80,9a,a9,31,c1,1e,fe,7a,39,90,..
"khjeh"=hex:e4,a9,9c,cf,5a,0b,e3,08,33,97,fa,a0,28,69,11,70,d5,c4,b9,7b,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,84,89,43,90,27,49,0e,33,f9,9c,72,91,65,99,e7,a2,73,96,bf,c3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:26,fc,c9,fa,66,d6,77,de,e8,40,5b,98,c8,53,84,49,c9,84,a2,55,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5d,60,41,4a,75,44,3c,7d,c4,81,d2,4a,c9,b6,9a,2a,b1,65,ed,e7,cb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,5e,0c,8b,5c,87,10,81,80,9a,a9,31,c1,1e,fe,7a,39,90,..
"khjeh"=hex:e4,a9,9c,cf,5a,0b,e3,08,33,97,fa,a0,28,69,11,70,d5,c4,b9,7b,a2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b1,84,89,43,90,27,49,0e,33,f9,9c,72,91,65,99,e7,a2,73,96,bf,c3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Starcraft\\starcraft.exe"="C:\\Program Files\\Starcraft\\starcraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\wisptis.exe"="C:\\WINDOWS\\system32\\wisptis.exe:*:Disabled:Microsoft Tablet PC Component"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 23 Feb 2008 211 A.SHR --- "C:\BOOT.BAK"
Thu 1 Mar 2007 11,270 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 14 Aug 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 21 Jul 2002 418,816 ...HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002 390,144 ...HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002 574,464 ...HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002 430,592 ...HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002 390,656 ...HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002 399,872 ...HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002 388,608 ...HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Fri 19 Jul 2002 388,096 ...HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Fri 12 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT2.tmp"
Tue 8 Nov 2005 444 ...HR --- "C:\Documents and Settings\Adam\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 31 Jul 2000 1,357 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\eNaCKkVArijm\svzcgIKtog67f.tmp"
Thu 30 Sep 2004 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!


DSS


Main


Deckard's System Scanner v20071014.68
Run by Adam on 2008-05-18 22:30:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Adam.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:33 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adam\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adam.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarew...ab/awswaxf.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gad.../LocalExec.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09950ce6...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10142 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 22:30:45 0 d-------- C:\Program Files\Trend Micro
2008-05-18 22:07:51 0 d-------- C:\WINDOWS\ERUNT
2008-05-18 21:34:28 68096 --a------ C:\WINDOWS\zip.exe
2008-05-18 21:34:28 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-18 21:34:28 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-18 21:34:28 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-18 21:34:28 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-18 21:34:28 98816 --a------ C:\WINDOWS\sed.exe
2008-05-18 21:34:28 80412 --a------ C:\WINDOWS\grep.exe
2008-05-18 21:34:28 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-18 21:32:28 0 d-------- C:\WINDOWS\setup.pss
2008-05-18 21:32:28 0 dr-hs---- C:\cmdcons
2008-05-18 21:32:16 0 d-------- C:\WINDOWS\setupupd
2008-05-09 17:41:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 17:40:28 0 d-------- C:\Program Files\SpywareBlaster
2008-05-09 15:32:23 0 d-------- C:\Program Files\Panda Security
2008-05-08 18:53:52 0 d-------- C:\Documents and Settings\Adam\Contacts
2008-05-08 16:48:55 0 dr-h----- C:\Documents and Settings\Adam\Recent
2008-05-08 01:43:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 20:11:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-07 20:11:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-07 16:38:51 0 d-------- C:\Program Files\Western Digital


-- Find3M Report ---------------------------------------------------------------

2008-05-14 04:28:20 0 d-------- C:\Program Files\Soulseek
2008-05-09 15:32:25 8671 --a------ C:\WINDOWS\mozver.dat
2008-05-09 14:42:22 0 d-------- C:\Program Files\WildTangent
2008-05-08 20:14:05 0 d-------- C:\Documents and Settings\Adam\Application Data\Aim
2008-05-08 20:13:18 0 d-------- C:\Program Files\Antares Audio Technologies
2008-05-08 20:12:48 161 --a------ C:\Delme.bat
2008-05-08 20:04:44 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 20:03:21 0 d-------- C:\Program Files\Common Files
2008-05-08 20:02:50 0 d-------- C:\Documents and Settings\Adam\Application Data\Adobe
2008-05-08 17:43:02 0 d-------- C:\Program Files\Ahead
2008-05-08 17:42:25 0 d-------- C:\Documents and Settings\Adam\Application Data\Viewpoint
2008-05-08 16:49:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 03:01:45 0 d-------- C:\Documents and Settings\Adam\Application Data\AdobeUM
2008-05-08 01:43:33 0 d-------- C:\Program Files\Lavasoft
2008-05-07 16:35:07 0 d-------- C:\Program Files\Western Digital Technologies
2008-05-03 11:25:45 0 d-------- C:\Documents and Settings\Adam\Application Data\AVG7
2008-04-15 21:46:12 0 d-------- C:\Program Files\Finale 2007
2008-04-15 06:04:35 0 d-------- C:\Documents and Settings\Adam\Application Data\BitTorrent
2008-03-21 14:22:40 0 d-------- C:\Documents and Settings\Adam\Application Data\Real
2008-03-12 23:44:00 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-03-12 23:44:00 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [02/03/2004 10:37 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [02/03/2004 10:37 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [11/09/2006 04:07 PM]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [01/09/2001 12:01 PM]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [07/12/2002 06:15 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/25/2008 08:40 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/10/2005 10:57 AM]
"WD Button Manager"="WDBtnMgr.exe" [12/31/2006 07:04 PM C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 03:18 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"CTHelper"="CTHELPER.EXE" [08/11/2006 03:56 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [08/11/2006 02:56 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"Cmaudio"="cmicnfg.cpl" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/09/2004 12:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Washer"="C:\Program Files\Washer\washer.exe" [08/08/2004 07:01 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:55 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15 PM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/07/2007 07:01 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservicesonce]
"washindex"=C:\Program Files\Washer\washidx.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMIDI"=MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
MagicTune.lnk - C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe [9/29/2003 11:18:34 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [8/10/2004 11:43:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-18 22:31:50 ------------


Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3400+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1023.48 MiB / 467.62 MiB
Pagefile Memory (total/avail): 2461.05 MiB / 1899.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.68 GiB total, 33.75 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.68 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.524 v7.5.524 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\JExam\\Program.exe"="C:\\Program Files\\JExam\\Program.exe:*:Enabled:LaunchAnywhere GUI"
"C:\\Program Files\\Starcraft\\starcraft.exe"="C:\\Program Files\\Starcraft\\starcraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Kazaa Lite\\Kazaa.kpp"="C:\\Program Files\\Kazaa Lite\\Kazaa.kpp:*:Enabled:Kazaa Lite"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\myTunes Redux\\mDNSResponder.exe"="C:\\Program Files\\myTunes Redux\\mDNSResponder.exe:*:Enabled:mDNSResponder"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"="C:\\Program Files\\BitTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\WINDOWS\\system32\\wisptis.exe"="C:\\WINDOWS\\system32\\wisptis.exe:*:Disabled:Microsoft Tablet PC Component"
"C:\\Program Files\\Warez P2P Client\\warez.exe"="C:\\Program Files\\Warez P2P Client\\warez.exe:*:Enabled:warez"
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Adam\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADAM-VAWMCJDXK3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Adam
LOGONSERVER=\\ADAM-VAWMCJDXK3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Java\jre1.5.0_06\bin\client\;C:\Program Files\Java\j2re1.4.2_06\bin\client\;C:\Program Files\ImageConverter Plus;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Adam\LOCALS~1\Temp
TMP=C:\DOCUME~1\Adam\LOCALS~1\Temp
USERDOMAIN=ADAM-VAWMCJDXK3
USERNAME=Adam
USERPROFILE=C:\Documents and Settings\Adam
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Adam (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Antares Auto-Tune 5 VST --> MsiExec.exe /X{33D628D2-DE17-4DBC-9E7D-9A4B4649EF81}
Antares Auto-Tune v4.39 --> C:\PROGRA~1\ANTARE~1\AUTO-T~1\AIRLOG~1\AT4\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AUTO-T~1\AIRLOG~1\AT4\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Finale 2006 --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale 2006\uninstal.log
Finale 2007 --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale 2007\uninstal.log
Finale Performance Assessment --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale Performance Assessment\uninstal.log
FL Studio 6 --> C:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Garritan Ambiance Installer --> C:\Program Files\Finale 2007\uninstallAmbience.exe
Garritan Jazz Big Band --> C:\PROGRA~1\GARRIT~1\UNWISE.EXE C:\PROGRA~1\GARRIT~1\INSTALL.LOG
Garritan Personal Orchestra KP2 --> C:\PROGRA~1\Garritan\GPOKP2~1\\UNWISE.EXE C:\PROGRA~1\Garritan\GPOKP2~1\\INSTALL.LOG
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
GoldWave v5.12 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.12" "C:\Program Files\GoldWave\unstall.log"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
MacGAMUT 2003 --> C:\Program Files\InstallShield Installation Information\{4B14287A-0E22-477D-9884-08094E8859B2}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
MagicTune --> "C:\Program Files\Portrait Displays\MagicTune\Uninstall.exe" "C:\Program Files\Portrait Displays\MagicTune\install.log"
MeWiG 0.010 --> C:\Program Files\MeWiG\uninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Global IME for Office XP (Korean) --> MsiExec.exe /X{A9CA9E18-F14C-4875-83A5-2CC40340FA95}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
myTunes Redux 1.0 --> "C:\Program Files\myTunes Redux\unins000.exe"
Native Instruments Finale GPO --> C:\PROGRA~1\NATIVE~1\FINALE~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\FINALE~1\INSTALL.LOG
Native Instruments Finale GPO 2.0 --> C:\PROGRA~1\FINALE~1.0\UNWISE.EXE C:\PROGRA~1\FINALE~1.0\INSTALL.LOG
Natural Color --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NI Service Center --> C:\PROGRA~1\NATIVE~1\NISERV~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\NISERV~1\INSTALL.LOG
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\Progra~1\SiSLan\Uninst.exe
SiSRaidPackage --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Visionneuse Journal Windows Microsoft --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
VST Bridge 1.0 --> "C:\Program Files\Plug-ins\VST Bridge\unins000.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Firewire HID Driver --> MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
Window Washer --> C:\WINDOWS\unwash.exe
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type24530 / Success
Event Submitted/Written: 05/08/2008 07:49:13 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type24506 / Success
Event Submitted/Written: 05/08/2008 06:54:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type24485 / Error
Event Submitted/Written: 05/08/2008 02:32:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application bittorrent.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type24475 / Success
Event Submitted/Written: 05/07/2008 06:04:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type24457 / Success
Event Submitted/Written: 05/07/2008 04:57:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type35078 / Warning
Event Submitted/Written: 05/09/2008 05:29:19 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35077 / Warning
Event Submitted/Written: 05/09/2008 02:31:15 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35047 / Warning
Event Submitted/Written: 05/08/2008 06:58:23 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35046 / Warning
Event Submitted/Written: 05/08/2008 03:04:09 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35040 / Warning
Event Submitted/Written: 05/07/2008 01:39:54 PM
Event ID/Source: 1009 / Dhcp
Event Description:
A network error occurred when trying to send a message. The error code is: %%10004.



-- End of Deckard's System Scanner: finished at 2008-05-09 18:16:46 ------------



it didn't give me a new extra.txt... was it supposed to?

[tetonbob]

Hi, no it wasn't supposed to give you an extra.txt that time.

That's cleaned up most of the trash on the machine, there is more work to do.

P2P - I see you have P2P software ( BitTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you choose to uninstall BitTorrent, delete these folders as well:

C:\Program Files\BitTorrent
C:\Documents and Settings\Adam\Application Data\BitTorrent

---------------------------------------------------------------------------------------------

cmicnfg.cpl is a legit file for c-media sound, onboard for many motherboards.

http://www.castlecops.com/s614-Rundl...MICtrlWnd.html

Your startup appears to be orphaned.

If you're getting missing dll messages for this dll file, reinstall the sound card drivers. The Hardware folks will be better able to help you with that.

ONLY IF you no longer want to or need to use the c-media sound card drivers, fix this entry with HijackThis:

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

Close HijackThis now.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
• Click the "Download" button to the right.
• Select the Windows platform from the dropdown menu.
• Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
• Click on the link to download Windows Offline Installation and save the file to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

How is the machine behaving?

[adam245]

machine is acting alright. haven't tried hooking up the HDD again to see if it's showing up yet. the speakers still make a crackling sound (via the sound card and not the speakers i've checked the speakers out and plugged headphones directly into the sound card and it still is crackly) and IE still has that stupid my123.com homepage and i don't know how to fix that either. i can get around the machine alright and i understand all your instructions (i'm not completely illiterate when it comes to computers) but sadly, no idea how to fix this stupid kind of stuff. the HDD guys said they would help me fix the drive once the computer clear. and i GREATLY appreciate all the help.

killed bittorrent and that c-media driver just to move towards getting anything unnecessary off the computer so it can get fixed. however, that bittorrent was on the clean list of p2p and i wasn't a big movie downloader or anything anyway, so whatever, no big deal either way.

here are the new logs:

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 4:26:01 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 784101
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 93245
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:08:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Adam\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Adam\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Adam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\Application Data\AOL OCP\AIM\Storage\data\acourson245\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\History\History.IE5\MSHist012008051920080520\index.dat Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Adam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Adam\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\lruiquij.sys.zip/lruiquij.sys Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\lruiquij.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ndtkvm44.sys.zip/ndtkvm44.sys Infected: Trojan.Win32.Zapchast.ch skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ndtkvm44.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\qncogf76.sys.zip/qncogf76.sys Infected: Trojan.Win32.StartPage.amg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\qncogf76.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\skqudjbj.sys.zip/skqudjbj.sys Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\skqudjbj.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ukumzplk.sys.zip/ukumzplk.sys Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ukumzplk.sys.zip ZIP: infected - 1 skipped
C:\QooBox\Quarantine\catchme2008-05-18_214229.13.zip/ndtkvm44.dll Infected: Trojan-Downloader.Win32.QQHelper.qr skipped
C:\QooBox\Quarantine\catchme2008-05-18_214229.13.zip/qncogf76.dll Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\QooBox\Quarantine\catchme2008-05-18_214229.13.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F87A2B77-270D-4719-9E05-6C5682E300B1}\RP1386\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DB51D7D7-A9C4-49DD-8A0B-0C85D249D71B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\kqthpthi.dll Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\rjptciai.dll Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\WINDOWS\system32\tjtlyokj.dll Infected: Trojan-Downloader.Win32.Agent.bbc skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.CDF Object is locked skipped

Scan process completed.


Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:11 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarew...ab/awswaxf.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gad.../LocalExec.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09950ce6...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9818 bytes

[tetonbob]

The sound issue may well relate to the missing .cpl file. Ask the guys in hardware once we're done, or try reinstalling the motherboard sound drivers...unless you now have an add-on sound card.



Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

1. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
   
2. Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked
   
   R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my123.com/
   
   Close HijackThis now.
   
   ---------------------------------------------------------------------------------------------
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   
   
   Quote:

   http://www.techsupportforum.com/security-center/hijackthis-log-help/248076-some-erroring-dll-s-drivers-will-not-access-external-hdd.html
   
   Collect::
   C:\WINDOWS\system32\kqthpthi.dll
   C:\WINDOWS\system32\rjptciai.dll
   C:\WINDOWS\system32\tjtlyokj.dll
   
   

   Save this as CFScript.txt
   
   
   
   
   Referring to the picture above, drag CFScript.txt into ComboFix.exe
   
   
   
4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
5. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.
   
6. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
   
   ---------------------------------------------------------------------------------------------
   
7. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.
   
   ---------------------------------------------------------------------------------------------

[adam245]

here are the new logs

ComboFix

ComboFix 08-05-15.3 - Adam 2008-05-19 14:03:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.585 [GMT -4:00]
Running from: C:\Documents and Settings\Adam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Adam\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-19 02:58 . 2008-05-19 02:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-19 02:58 . 2008-05-19 02:58 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-19 02:58 . 2008-05-19 02:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-19 02:56 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-19 02:55 . 2008-05-19 02:55 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-18 22:30 . 2008-05-18 22:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-18 22:07 . 2008-05-18 22:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 21:22 . 2008-05-18 22:25 <DIR> d-------- C:\SDFix
2008-05-09 18:14 . 2008-05-09 18:14 <DIR> d-------- C:\Deckard
2008-05-09 17:41 . 2008-05-19 13:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-09 17:40 . 2008-05-09 17:42 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-05-09 15:32 . 2008-05-09 15:32 <DIR> d-------- C:\Program Files\Panda Security
2008-05-08 18:57 . 2008-05-08 18:57 1,891 --a------ C:\WINDOWS\imsins.BAK
2008-05-08 18:53 . 2008-05-08 18:53 <DIR> d-------- C:\Documents and Settings\Adam\Contacts
2008-05-08 16:59 . 2008-05-19 02:51 4,958,588 --a------ C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-20021102}.BAK
2008-05-08 02:36 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-08 02:35 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-08 02:34 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-05-08 02:33 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-08 02:32 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-08 02:31 . 2004-08-04 03:56 152,576 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-05-08 02:30 . 2004-08-04 03:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-08 02:29 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-08 02:28 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-05-08 02:27 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-05-08 02:26 . 2001-08-17 13:28 714,698 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-05-08 02:25 . 2004-08-04 08:00 82,172 --a--c--- C:\WINDOWS\system32\dllcache\bopomofo.nls
2008-05-08 02:25 . 2004-08-04 08:00 66,728 --a--c--- C:\WINDOWS\system32\dllcache\big5.nls
2008-05-08 01:43 . 2008-05-08 01:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-07 17:14 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-05-07 17:13 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-05-07 16:38 . 2008-05-07 16:47 <DIR> d-------- C:\Program Files\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 12:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-19 06:56 --------- d-----w C:\Program Files\Java
2008-05-18 08:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-14 08:28 --------- d-----w C:\Program Files\Soulseek
2008-05-09 18:42 --------- d-----w C:\Program Files\WildTangent
2008-05-09 00:14 --------- d-----w C:\Documents and Settings\Adam\Application Data\Aim
2008-05-09 00:13 --------- d-----w C:\Program Files\Antares Audio Technologies
2008-05-09 00:12 161 ----a-w C:\Delme.bat
2008-05-09 00:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 21:43 --------- d-----w C:\Program Files\Ahead
2008-05-08 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-08 21:42 --------- d-----w C:\Documents and Settings\Adam\Application Data\Viewpoint
2008-05-08 20:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\MakeMusic
2008-05-08 20:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 07:01 --------- d-----w C:\Documents and Settings\Adam\Application Data\AdobeUM
2008-05-08 05:43 --------- d-----w C:\Program Files\Lavasoft
2008-05-07 20:35 --------- d-----w C:\Program Files\Western Digital Technologies
2008-05-03 15:25 --------- d-----w C:\Documents and Settings\Adam\Application Data\AVG7
2008-04-16 01:46 --------- d-----w C:\Program Files\Finale 2007
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 03:44 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-13 03:44 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-10-14 08:27 81 ----a-w C:\Documents and Settings\Adam\hs.dat
2004-09-17 03:52 155 ---ha-w C:\Documents and Settings\Adam\hpothb07.dat
2007-03-01 21:46 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-18_21.54.15.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-19 01:44:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 06:53:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 06:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-19 02:08:14 14,508,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-05-19 02:08:14 118,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-05-13 06:55:56 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-19 02:08:02 14,508,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-05-19 02:08:02 118,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2001-08-23 12:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 17:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
- 2006-11-09 18:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 18:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 20:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Washer"="C:\Program Files\Washer\washer.exe" [2004-08-08 19:01 432640]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55 5674352]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"washindex"="C:\Program Files\Washer\washidx.exe" [2002-08-15 04:07 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-03 22:37 2899968]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-02-03 22:37 46080]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"imekrmig"="C:\IME\IMKR\imekrmig.exe" [2001-01-09 12:01 44544]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15 106496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-04-25 08:40 579584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 10:57 133016]
"WD Button Manager"="WDBtnMgr.exe" [2006-12-31 19:04 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"CTHelper"="CTHELPER.EXE" [2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-09 00:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:40 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
MagicTune.lnk - C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe [2003-09-29 23:18:34 125952]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2004-08-10 11:43:30 155715]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Starcraft\\starcraft.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\StubInstaller.exe"=
"C:\\WINDOWS\\system32\\wisptis.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36:TCP"= 36:TCP:itunes
"80:TCP"= 80:TCP:KLite port
"1080:TCP"= 1080:TCP:Klite2
"113:TCP"= 113:TCP:ddc
"1214:TCP"= 1214:TCP:Klite3
"7000:TCP"= 7000:TCP:Klite4
"135:TCP"= 135:TCP:kliteagain

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowRedirect"= 1 (0x1)

R2 PDIHWCTL;PDIHWCTL;C:\WINDOWS\system32\drivers\PDIHWCTL.sys [2003-01-29 15:08]
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []
S3 EWAVE;EWAVE;C:\WINDOWS\system32\drivers\ew.sys []
S3 FILESPY;FILESPY;C:\WINDOWS\system32\drivers\FILESPY.sys []
S3 NSTATION;NSTATION;C:\WINDOWS\system32\drivers\nstation.sys []
S3 vcddev;VCD VNC Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vcdvnic.sys [2006-03-09 02:04]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 11:34:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 1413
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-05-19 14:09:11
ComboFix-quarantined-files.txt 2008-05-19 18:08:09
ComboFix2.txt 2008-05-19 01:54:27

Pre-Run: 36,474,662,912 bytes free
Post-Run: 36,489,269,248 bytes free

188 --- E O F --- 2008-05-16 07:02:04


Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:25 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MagicTune.lnk = C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://www.phgenit.com/plugin/awarew...ab/awswaxf.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gad.../LocalExec.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09950ce6...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9727 bytes

[tetonbob]

Hmmm, that's interesting. Did you happen to manually delete those dll files in the script? They should show up in a deletions list. Kaspersky identified them, and you had also earlier identified two of them.

Let's see if they're still present:

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

vfind -ltf "%windir%\kqthpthi.dll" "%windir%\rjptciai.dll" "%windir%\tjtlyokj.dll" >log.txt
notepad log.txt

Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Copy that information into your next reply, please.

[adam245]

hahah no i didn't manually delete them. wish i could, but they're always "being used by another process" and i can't delete them. so, i don't actually know where they're coming from. maybe some malware is creating them?

here's that file:


Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0

Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0

Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0

Total Entries: 0 (0)
Total Directories: 0 Files: 0
Total Bytes: 0 Blocks: 0


looks like they might be gone? don't know about the other files i had mentioned though. i guess i could go look for them again, but they also showed up in that last kaspersky scan, even though i thought one of those scans had removed them as well...

[tetonbob]

I don't think they exist any more, or ComboFix would have removed them, and the batch file would have shown their presence. Have you tried a Windows search for the files?

The other files you're referring to, seen in Kaspersky, are in ComboFix quarantine. We'll remove them before we're done here.

Run Kaspersky online scan again.This time instead of choosing My Computer, just scan C:\Windows\System32

To do this, click on Folders, then expand Local Disk C: then scroll down to Windows and expand that, scroll down to System32, place a check in it and click on scan. Save the log, just like last time, and post it.

That will make the scan quite a bit faster, and help ensure they are no longer present.

[adam245]

ok.

status of those files:

lruiquij.sys in the quaratine, has .vir at the end of it now
ndtkvm44.sys in the quaratine, has .vir at the end of it now
qncogf76.sys in the quaratine, has .vir at the end of it now
skqudjbj.sys in the quaratine, has .vir at the end of it now
ukumzplk.sys in the quaratine, has .vir at the end of it now
cjptciai.dll gone
cmicnfg.cpl was deleted, is now back, but doesn't show up as a virus anymore
qncogf76.dll in the quaratine, has .vir at the end of it now
tjtlyokj.dll gone
ndtkvm44.dll in the quaratine, has .vir at the end of it nowp
kqthpthi.dll gone

so... seems to be heading in the right direction.

also that dumb my123.com thing is gone from IE, and it seems like a simple thing to fix following those steps, so thanks.


here's that kapersky scan of just system32. looks like it's clean now (wooooooo).

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 6:20:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 786342
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\WINDOWS\system32\

Scan Statistics:
Total number of scanned objects: 7919
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 00:04:21

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

Scan process completed.

[tetonbob]

cmicnfg.cpl should not have shown as a virus. I've never seen it associated with a virus.

We'll address the items in ComboFix quarantine (.vir items) by uninstalling it as instructed below:

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:

• Microsoft Windows Update - http://www.windowsupdate.com
  Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    
  • Once updated you should see another prompt that the task was completed.
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
• FIREWALL
  Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here
  
  Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Back to Hardware for your external disk issues now.

[adam245]

sweet. updated everything, installed those programs. all in the clear now. AND that HDD shows up again, even tho it shows up as something crazy weird still and the computer doesn't want to work with it. off to the hard drive forum for the HDD, then the hardware forum for the crackling noise!

thanks a TON!!!!

i'll be back if anything super weird happens.

[tetonbob]

Glad to have helped. Good luck with the remaining hardware issues.