here are the results of the system scanner...........
Deckard's System Scanner v20071014.68
Run by User on 2008-04-05 09:57:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
14: 2008-04-05 13:57:23 UTC - RP25 - Deckard's System Scanner Restore Point
13: 2008-04-05 03:42:41 UTC - RP24 - Software Distribution Service 3.0
12: 2008-04-05 00:04:10 UTC - RP23 - Installed Ad-Aware 2007
11: 2008-04-04 21:28:25 UTC - RP22 - Removed Nero 7 Ultra Edition
10: 2008-04-04 21:08:12 UTC - RP21 - Installed TuneUp Utilities 2006
-- First Restore Point --
1: 2008-01-06 10:35:07 UTC - RP12 - Software Distribution Service 3.0
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as User.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:31 AM, on 4/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\User.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 3079 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080404-223932-431 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080404-225257-345 O23 - Service: setup_7.0.0.180_04.04.2008_21-34[1] - Kaspersky Lab - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_21-34[1].exe
backup-20080404-225257-500 O4 - HKLM\..\Run: [AVP] "C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_21-34[1].exe"
backup-20080405-001259-864 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlbackup-20080405-001351-737 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157backup-20080405-072156-925 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.combackup-20080405-072157-249 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/backup-20080405-072157-278 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157backup-20080405-072157-312 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.combackup-20080405-072157-458 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.combackup-20080405-072157-530 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlbackup-20080405-072157-815 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.c...//www.yahoo.com-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S3 BOCDRIVE (BOClean Kernel Monitor.) - c:\program files\comodo\cboclean\bocdrive.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-04 18:59:35 262 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2008-04-04 18:59:34 336 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-04-04 17:16:47 388 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-03-05 and 2008-04-05 -----------------------------
2008-04-05 08:57:41 0 d-------- C:\VundoFix Backups
2008-04-05 07:40:40 0 d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-04-05 07:40:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-05 07:40:26 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 00:42:08 0 dr-h----- C:\Documents and Settings\User\Recent
2008-04-04 23:46:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 23:40:16 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-04 23:40:16 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-04 23:40:16 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-04 23:40:16 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-04 23:40:15 153088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-04-04 23:31:55 0 d-------- C:\Downloads
2008-04-04 23:31:54 0 d-------- C:\Documents and Settings\User\Application Data\GetRightToGo
2008-04-04 23:11:23 0 d-------- C:\Program Files\Enigma Software Group
2008-04-04 21:40:57 0 d-------- C:\Program Files\Trend Micro
2008-04-04 20:50:15 0 d-------- C:\Program Files\Alwil Software
2008-04-04 20:04:25 0 d-------- C:\Program Files\Lavasoft
2008-04-04 20:04:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:44:14 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-04-04 19:44:01 0 d-------- C:\Program Files\Comodo
2008-04-04 19:05:30 350240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 18:44:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-04-04 18:39:54 0 d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-04-04 18:39:48 0 d-------- C:\Program Files\Uniblue
2008-04-04 17:08:42 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-04-04 17:08:42 0 d-------- C:\Documents and Settings\User\Application Data\TuneUp Software
2008-04-04 17:06:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-04-04 17:06:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 16:44:53 0 d-------- C:\WINDOWS\pss
2008-04-04 15:39:00 1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-04 05:40:27 0 d-------- C:\Documents and Settings\User\Application Data\acccore
2008-04-04 05:34:55 0 d-------- C:\Documents and Settings\User\Application Data\Yahoo!
2008-04-03 22:51:41 0 d-------- C:\Documents and Settings\User\Application Data\Macromedia
2008-04-03 22:51:14 0 d-------- C:\Documents and Settings\User\Application Data\Adobe
2008-04-03 22:50:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-03 22:50:01 0 d-------- C:\Program Files\Yahoo!
2008-04-03 21:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-03 21:27:30 0 d-------- C:\Program Files\Viewpoint
2008-04-03 21:24:59 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-04-03 21:24:59 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-03 21:22:32 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-03 21:22:31 335 --a------ C:\WINDOWS\nsreg.dat
2008-03-18 16:43:33 0 d-------- C:\Program Files\Microsoft Silverlight
-- Find3M Report ---------------------------------------------------------------
2008-04-04 18:15:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 18:15:33 0 d-------- C:\Program Files\CyberLink
2008-04-04 17:29:14 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-04 17:06:26 0 d-------- C:\Program Files\Common Files
2008-04-03 21:18:33 0 d-------- C:\Program Files\Common Files\InstallShield
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/28/2003 02:19 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 06:56 PM]
"NVIEW"="nview.dll,nViewLoadHook" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
-- End of Deckard's System Scanner: finished at 2008-04-05 09:59:55 ------------