Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't open Task Manager, and get dialog in Taskbar [RESOLVED]

Started by FFM185 , Jun 02 2008 11:17 PM

This topic is locked

#1
FFM185

Posted 02 June 2008 - 11:17 PM

New Member

Member
8 posts

I can't open the Task Manager anymore, and I also get a popup in my Taskbar prompting me to buy some antivirus software...I've tried several steps to get rid of this, SDFix in Safe Mode won't run, but it will run just regularly when not in Safe Mode, but it refuses to scan >_< Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:55 AM, on 6/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\vbpdtvdp.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\vbpdtvdp.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9B3F03D8-D903-400D-8B39-F75D09DA1AAB} - C:\Windows\system32\fcccyVnk.dll (file missing)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXNFxyv.dll,#1
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 8556 bytes

Please help

#2
FFM185

Posted 03 June 2008 - 06:39 AM

New Member

Topic Starter
Member
8 posts

Anyone?

#3
Rorschach112

Posted 03 June 2008 - 07:35 AM

Ralphie

Retired Staff
47,710 posts

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#4
FFM185

Posted 03 June 2008 - 12:48 PM

New Member

Topic Starter
Member
8 posts

Alright, doesn't appear to have done any good. My Task Manager is still greyed out, I still get the popups, and now my clock is in Military Time. Anyways, here's what you asked for:

SmitFraudFix v2.323

Scan done at 13:23:22.41, Tue 06/03/2008
Run from C:\Users\FFM185\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Windows\accesss.exe Deleted
C:\Windows\astctl32.ocx Deleted
C:\Windows\avpcc.dll Deleted
C:\Windows\clrssn.exe Deleted
C:\Windows\cpan.dll Deleted
C:\Windows\default.htm Deleted
C:\Windows\iexplorer.exe Deleted
C:\Windows\loader.exe Deleted
C:\Windows\mtwirl32.dll Deleted
C:\Windows\notepad32.exe Deleted
C:\Windows\olehelp.exe Deleted
C:\Windows\systeem.exe Deleted
C:\Windows\systemcritical.exe Deleted
C:\Windows\time.exe Deleted
C:\Windows\users32.exe Deleted
C:\Windows\waol.exe Deleted
C:\Windows\win32e.exe Deleted
C:\Windows\win64.exe Deleted
C:\Windows\winajbm.dll Deleted
C:\Windows\window.exe Deleted
C:\Windows\winmgnt.exe Deleted
C:\Windows\x.exe Deleted
C:\Windows\xplugin.dll Deleted
C:\Windows\xxxvideo.hta Deleted
C:\Windows\y.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{73141EBB-CD47-4308-A68C-130FA4EE35F5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{97CF232C-4BA6-47CB-80D9-70A992A4CBAB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{73141EBB-CD47-4308-A68C-130FA4EE35F5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{97CF232C-4BA6-47CB-80D9-70A992A4CBAB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS2\Services\Tcpip\..\{73141EBB-CD47-4308-A68C-130FA4EE35F5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS2\Services\Tcpip\..\{97CF232C-4BA6-47CB-80D9-70A992A4CBAB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{73141EBB-CD47-4308-A68C-130FA4EE35F5}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{97CF232C-4BA6-47CB-80D9-70A992A4CBAB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Deckard's System Scanner v20071014.68
Run by FFM185 on 2008-06-03 13:28:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as FFM185.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:34, on 6/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\vbpdtvdp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\FFM185\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FFM185.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\vbpdtvdp.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {9B3F03D8-D903-400D-8B39-F75D09DA1AAB} - C:\Windows\system32\fcccyVnk.dll (file missing)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXNFxyv.dll,#1
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 7705 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CTAudSvcService (Creative Audio Service) - c:\program files\creative\shared files\ctaudsvc.exe <Not Verified; Creative Technology Ltd; Creative Audio Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-03 13:24:06 31488 --a------ C:\Windows\y.exe
2008-06-03 13:24:06 31488 --a------ C:\Windows\xplugin.dll
2008-06-03 13:24:06 16896 --a------ C:\Windows\x.exe
2008-06-03 13:24:06 16640 --a------ C:\Windows\winmgnt.exe
2008-06-03 13:24:06 8448 --a------ C:\Windows\window.exe
2008-06-03 13:24:06 8704 --a------ C:\Windows\winajbm.dll
2008-06-03 13:24:05 10496 --a------ C:\Windows\win64.exe
2008-06-03 13:24:05 26624 --a------ C:\Windows\win32e.exe
2008-06-03 13:24:05 21760 --a------ C:\Windows\waol.exe
2008-06-03 13:24:05 11264 --a------ C:\Windows\users32.exe
2008-06-03 13:24:05 26368 --a------ C:\Windows\time.exe
2008-06-03 13:24:05 20992 --a------ C:\Windows\systemcritical.exe
2008-06-03 13:24:05 19968 --a------ C:\Windows\systeem.exe
2008-06-03 13:24:05 17408 --a------ C:\Windows\olehelp.exe
2008-06-03 13:24:05 21248 --a------ C:\Windows\notepad32.exe
2008-06-03 13:24:05 31488 --a------ C:\Windows\mtwirl32.dll
2008-06-03 13:24:04 31744 --a------ C:\Windows\loader.exe
2008-06-03 13:24:04 11520 --a------ C:\Windows\iexplorer.exe
2008-06-03 13:24:03 22528 --a------ C:\Windows\cpan.dll
2008-06-03 13:24:03 22272 --a------ C:\Windows\clrssn.exe
2008-06-03 13:24:03 17664 --a------ C:\Windows\avpcc.dll
2008-06-03 13:24:03 15616 --a------ C:\Windows\accesss.exe
2008-06-03 13:23:27 2962 --a------ C:\Windows\system32\tmp.reg
2008-06-02 22:29:56 13312 --a------ C:\Windows\mssys.exe
2008-06-02 20:53:45 9472 --a------ C:\Windows\msupdate.exe
2008-06-02 17:18:52 0 d-------- C:\Program Files\Lavasoft
2008-06-02 16:56:57 0 d-------- C:\Program Files\Trend Micro
2008-06-02 13:40:56 11008 --a------ C:\Windows\svcinit.exe
2008-06-02 13:40:56 28672 --a------ C:\Windows\svchost32.exe
2008-06-02 13:40:56 32256 --a------ C:\Windows\sistem.exe
2008-06-02 13:40:55 9216 --a------ C:\Windows\searchword.dll
2008-06-02 13:40:55 22784 --a------ C:\Windows\rundll16.exe
2008-06-02 13:40:55 29440 --a------ C:\Windows\quicken.exe
2008-06-02 13:40:55 12032 --a------ C:\Windows\qttasks.exe
2008-06-02 13:40:55 22528 --a------ C:\Windows\mswsc20.dll
2008-06-02 13:40:55 8704 --a------ C:\Windows\mswsc10.dll
2008-06-02 13:40:54 23552 --a------ C:\Windows\msspi.dll
2008-06-02 13:40:54 21760 --a------ C:\Windows\msconfd.dll
2008-06-02 13:40:54 29952 --a------ C:\Windows\internet.exe
2008-06-02 13:40:54 27904 --a------ C:\Windows\inetinf.exe
2008-06-02 13:40:53 20992 --a------ C:\Windows\iedll.exe
2008-06-02 13:40:53 27904 --a------ C:\Windows\helpcvs.exe
2008-06-02 13:40:53 32000 --a------ C:\Windows\gfmnaaa.dll
2008-06-02 13:40:53 22272 --a------ C:\Windows\funny.exe
2008-06-02 13:40:53 14336 --a------ C:\Windows\funniest.exe
2008-06-02 13:40:53 26880 --a------ C:\Windows\explorer32.exe
2008-06-02 13:40:53 13568 --a------ C:\Windows\explore.exe
2008-06-02 13:40:53 16896 --a------ C:\Windows\editpad.exe
2008-06-02 13:40:53 23552 --a------ C:\Windows\dnsrelay.dll
2008-06-02 13:40:52 32512 --a------ C:\Windows\directx32.exe
2008-06-02 13:40:52 23552 --a------ C:\Windows\ctrlpan.dll
2008-06-02 13:40:52 29696 --a------ C:\Windows\ctfmon32.exe
2008-06-02 00:38:22 345 --ahs---- C:\Windows\system32\knVycccf.ini2
2008-06-02 00:35:58 1687 --a------ C:\Windows\system32\clbinit.dll
2008-06-02 00:35:17 0 d--hs---- C:\Windows\RkZNMTg1
2008-06-02 00:35:17 0 d-------- C:\Program Files\Network Monitor
2008-06-02 00:35:16 32279 --a------ C:\Windows\system32\clbdll.dll
2008-06-02 00:35:09 0 d-------- C:\Windows\system32\Vco1
2008-06-02 00:35:09 0 d-------- C:\Windows\system32\sTMP
2008-06-02 00:35:09 0 d-------- C:\Windows\system32\Dev3
2008-06-02 00:35:09 0 d-------- C:\Windows\system32\a053
2008-06-02 00:35:09 0 d-------- C:\Windows\system32\6026c
2008-06-02 00:35:06 0 d-------- C:\Windows\system32\vntiho06
2008-06-02 00:35:06 0 d-------- C:\Temp
2008-06-02 00:34:50 89049 --a------ C:\Windows\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-06-02 00:34:50 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-06-02 00:34:50 89049 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-06-02 00:33:10 0 d-------- C:\Program Files\Internet Download Manager
2008-06-02 00:25:07 0 d-------- C:\Program Files\Alwil Software
2008-06-01 23:35:42 0 d-------- C:\Program Files\Electronic Arts
2008-06-01 22:36:27 0 d-------- C:\Program Files\Microsoft Works
2008-06-01 22:34:27 0 d-------- C:\Windows\PCHEALTH
2008-06-01 22:34:27 0 d-------- C:\Program Files\Microsoft.NET
2008-06-01 22:32:41 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 18:42:50 3636 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-05-31 21:10:57 0 d-------- C:\Program Files\Lavalys
2008-05-31 14:29:24 0 d-------- C:\Windows\nvtmpinst
2008-05-26 18:18:37 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-05-26 18:15:55 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-26 18:15:54 0 d-------- C:\Program Files\DivX
2008-05-22 09:25:30 0 d-------- C:\Program Files\uTorrent
2008-05-20 12:35:37 0 d-------- C:\Program Files\World of Warcraft
2008-05-20 12:35:37 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-20 12:30:10 0 d-------- C:\Windows\system32\Macromed
2008-05-20 12:30:10 1160 --a------ C:\Windows\mozver.dat
2008-05-20 12:17:37 0 d-------- C:\Program Files\Ventrilo
2008-05-20 12:17:15 0 d--hs---- C:\Windows\Installer
2008-05-20 12:17:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 05:27:50 0 d-------- C:\Windows\Panther
2008-05-20 05:06:41 0 d-------- C:\Windows.old.000
2008-05-20 04:41:22 0 d-------- C:\Program Files\OpenAL
2008-05-20 04:36:58 69120 --a------ C:\Windows\system32\CmdRtr.DLL
2008-05-20 04:36:58 108544 --a------ C:\Windows\system32\APOMngr.DLL
2008-05-20 04:34:53 0 d-------- C:\Windows\Debug
2008-05-20 04:29:14 0 d-------- C:\Windows\Prefetch
2008-05-20 04:22:22 41984 -----n--- C:\Windows\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2008-05-20 04:21:29 183 --a------ C:\Windows\setuplog
2008-05-20 04:16:06 25088 -----n--- C:\Windows\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control>
2008-05-20 04:16:06 44032 -----n--- C:\Windows\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access>
2008-05-20 04:06:11 0 d-------- C:\Windows\system32\Data
2008-05-20 04:06:11 3072 --a------ C:\Windows\CTXFIRES.DLL <Not Verified; ; CTxfiRes Dynamic Link Library>
2008-05-20 03:44:20 77824 -----n--- C:\Windows\system32\ctdvda32.dll <Not Verified; Creative Technology Ltd; Creative DVD-Audio Product>
2008-05-20 03:25:40 0 d-------- C:\Program Files\Creative
2008-05-20 03:24:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 03:13:03 0 d-------- C:\Windows\nvidia icons
2008-05-20 03:08:28 0 --a------ C:\Windows\nsreg.dat
2008-05-20 02:53:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 02:51:01 0 dr------- C:\Users\FFM185\Searches
2008-05-20 02:50:42 0 dr------- C:\Users\FFM185\Contacts
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\Templates
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\Start Menu
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\SendTo
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\Recent
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\PrintHood
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\NetHood
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\My Documents
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\Local Settings
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\Cookies
2008-05-20 02:50:33 0 d--hs---- C:\Users\FFM185\Application Data
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Videos
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Saved Games
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Pictures
2008-05-20 02:50:31 1572864 --ahs---- C:\Users\FFM185\NTUSER.DAT
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Music
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Links
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Favorites
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Downloads
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Documents
2008-05-20 02:50:31 0 dr------- C:\Users\FFM185\Desktop
2008-05-20 02:50:31 0 d--h----- C:\Users\FFM185\AppData
2008-05-20 02:36:37 0 d-------- C:\Windows\SoftwareDistribution
2008-05-16 11:48:12 0 d--hs---- C:\found.000
2008-05-12 20:53:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-12 20:50:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 20:50:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 20:50:08 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 20:50:08 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:08 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-05-12 20:50:08 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:50:06 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 20:49:02 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll

-- Find3M Report ---------------------------------------------------------------

2008-06-03 13:27:07 0 d-------- C:\Users\FFM185\AppData\Roaming\uTorrent
2008-06-03 13:26:44 0 d-------- C:\Users\FFM185\AppData\Roaming\DMCache
2008-06-03 13:23:27 35 --a------ C:\Users\FFM185\AppData\Roaming\SetValue.bat
2008-06-03 13:23:27 691 --a------ C:\Users\FFM185\AppData\Roaming\GetValue.vbs
2008-06-02 13:48:35 0 d-------- C:\Users\FFM185\AppData\Roaming\IDM
2008-06-02 00:19:50 0 d-------- C:\Users\FFM185\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-06-02 00:19:31 0 dr-h----- C:\Users\FFM185\AppData\Roaming\SecuROM
2008-06-01 22:36:13 0 d-------- C:\Program Files\MSBuild
2008-06-01 22:35:40 0 d-------- C:\Program Files\Common Files
2008-05-31 21:10:21 0 d-------- C:\Users\FFM185\AppData\Roaming\WinRAR
2008-05-21 03:39:40 174 --ahs---- C:\Program Files\desktop.ini
2008-05-21 03:36:03 0 d-------- C:\Program Files\Windows Calendar
2008-05-21 03:36:00 0 d-------- C:\Program Files\Windows Mail
2008-05-21 03:35:55 0 d-------- C:\Program Files\Windows Defender
2008-05-21 03:35:42 0 d-------- C:\Program Files\Windows Sidebar
2008-05-20 22:18:20 0 d-------- C:\Users\FFM185\AppData\Roaming\Ventrilo
2008-05-20 12:30:20 0 d-------- C:\Users\FFM185\AppData\Roaming\Macromedia
2008-05-20 12:30:20 0 d-------- C:\Users\FFM185\AppData\Roaming\Adobe
2008-05-20 12:19:46 0 d-------- C:\Users\FFM185\AppData\Roaming\Creative
2008-05-20 11:56:04 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-20 11:56:04 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-20 03:08:02 0 d-------- C:\Users\FFM185\AppData\Roaming\Mozilla
2008-05-20 02:50:46 0 d-------- C:\Users\FFM185\AppData\Roaming\Identities

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B3F03D8-D903-400D-8B39-F75D09DA1AAB}]
C:\Windows\system32\fcccyVnk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/21/2008 03:24]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 18:07]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 18:07]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [10/14/2005 11:01]
"CtxfiReg"="CTXFIREG.exe" [02/20/2008 20:55 C:\Windows\System32\CTXFIREG.EXE]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 01:00]
"CTRegRun"="C:\Windows\CTRegRun.EXE" [10/10/1999 20:00]
"CTHelper"="CTHELPER.EXE" [02/20/2008 20:58 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [02/20/2008 20:58 C:\Windows\System32\CTXFIHLP.EXE]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/02/2008 22:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/02/2008 22:46]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 18:19]
"MSServer"="C:\Windows\system32\cbXNFxyv.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [12/02/2004 18:23]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [06/02/2008 00:34]
"Microsoft Windows Installer"="C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe" [06/02/2008 00:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F53BAFE5-CE7A-4E95-95AC-A3912EFD3739}"= C:\Windows\system32\cbXNFxyv.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,C:\Windows\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\fcccyVnk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22bcc878-264f-11dd-94eb-806e6f6e6963}]
AutoRun\command- D:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-03 13:30:23 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 2045.88 MiB / 1266.19 MiB
Pagefile Memory (total/avail): 4304.1 MiB / 3391.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.75 GiB total, 394.27 GiB free.
D: is CDROM (UDF)
E: is Removable (No Media)
Q: is Fixed (NTFS) - 189.92 GiB total, 81.75 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD50 00YS-01MPB1 SCSI Disk Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.75 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE1 - Maxtor 3200 USB Device - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.92 GiB - Q:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1201 [VPS 080603-0] v4.8.1201 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1201 [VPS 080603-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\FFM185\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAGBOX9000
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\FFM185
LOCALAPPDATA=C:\Users\FFM185\AppData\Local
LOGONSERVER=\\FAGBOX9000
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4303
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\FFM185\AppData\Local\Temp
TMP=C:\Users\FFM185\AppData\Local\Temp
USERDOMAIN=Fagbox9000
USERNAME=FFM185
USERPROFILE=C:\Users\FFM185
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

FFM185 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AB55EC6-1158-41EF-B87D-90555A8F5C92}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B20EB9BE-3795-47BA-BDD6-889593E8FD55}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEC86016-B796-4348-B93B-36C5EDEB85E1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEC86016-B796-4348-B93B-36C5EDEB85E1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Ins

#5
Rorschach112

Posted 03 June 2008 - 12:49 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#6
FFM185

Posted 03 June 2008 - 01:14 PM

New Member

Topic Starter
Member
8 posts

I should add, I'm using Windows Vista, will that change anything?

#7
Rorschach112

Posted 03 June 2008 - 01:20 PM

Ralphie

Retired Staff
47,710 posts

Leave the Recovery Console step and just run ComboFix

#8
FFM185

Posted 03 June 2008 - 01:30 PM

New Member

Topic Starter
Member
8 posts

ComboFix 08-06-01.6 - FFM185 2008-06-03 14:17:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1174 [GMT -5:00]
Running from: C:\Users\FFM185\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\network monitor
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\Windows\default.htm
C:\Windows\explore.exe
C:\Windows\iexplorer.exe
C:\Windows\lfn.exe
C:\Windows\mainms.vpi
C:\Windows\megavid.cdt
C:\Windows\muotr.so
C:\Windows\system32\clbdll.dll
C:\Windows\system32\clbinit.dll
C:\Windows\system32\drivers\core.cache.dsk
C:\Windows\System32\knVycccf.ini
C:\Windows\System32\knVycccf.ini2
C:\Windows\system32\MSINET.oca
C:\Windows\system32\pac.txt
C:\Windows\x.exe
C:\Windows\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 13:28 . 2008-06-03 13:28 <DIR> d-------- C:\Deckard
2008-06-03 13:23 . 2008-06-03 13:23 2,962 --a------ C:\Windows\System32\tmp.reg
2008-06-03 13:23 . 2008-06-03 13:23 691 --a------ C:\Users\FFM185\AppData\Roaming\GetValue.vbs
2008-06-03 13:23 . 2008-06-03 13:23 35 --a------ C:\Users\FFM185\AppData\Roaming\SetValue.bat
2008-06-02 23:23 . 2008-06-02 23:39 <DIR> d-------- C:\SDFix
2008-06-02 22:29 . 2008-06-02 22:29 13,312 --a------ C:\Windows\mssys.exe
2008-06-02 20:53 . 2008-06-02 20:53 9,472 --a------ C:\Windows\msupdate.exe
2008-06-02 17:18 . 2008-06-02 17:20 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-02 17:18 . 2008-06-02 17:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-02 16:56 . 2008-06-02 16:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 00:35 . 2008-06-02 00:35 <DIR> d-------- C:\Windows\System32\vntiho06
2008-06-02 00:35 . 2008-06-02 00:35 <DIR> d-------- C:\Windows\System32\Vco1
2008-06-02 00:35 . 2008-06-02 00:35 <DIR> d-------- C:\Windows\System32\sTMP
2008-06-02 00:35 . 2008-06-02 14:21 <DIR> d-------- C:\Windows\System32\Dev3
2008-06-02 00:35 . 2008-06-02 00:35 <DIR> d-------- C:\Windows\System32\a053
2008-06-02 00:35 . 2008-06-02 18:53 <DIR> d-------- C:\Windows\System32\6026c
2008-06-02 00:35 . 2008-06-02 14:20 <DIR> d--hs---- C:\Windows\RkZNMTg1
2008-06-02 00:35 . 2008-06-03 14:17 <DIR> d-------- C:\Temp
2008-06-02 00:35 . 2008-06-02 00:35 30,728 --a------ C:\Windows\444.470
2008-06-02 00:35 . 2006-11-02 03:51 6,144 --a------ C:\Windows\System32\beep.sys
2008-06-02 00:34 . 2008-06-02 00:34 89,049 --a------ C:\Windows\System32\vbpdtvdp.exe
2008-06-02 00:34 . 2008-06-02 00:34 30,728 --a------ C:\Windows\444.471
2008-06-02 00:34 . 2008-06-02 00:34 4 --a------ C:\Windows\System32\hljwugsf.bin
2008-06-02 00:33 . 2008-06-02 13:48 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\IDM
2008-06-02 00:33 . 2008-06-03 13:26 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\DMCache
2008-06-02 00:33 . 2008-06-02 00:34 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-06-02 00:25 . 2008-06-02 00:25 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-02 00:19 . 2008-06-02 00:19 <DIR> dr-h----- C:\Users\FFM185\AppData\Roaming\SecuROM
2008-06-02 00:19 . 2008-06-02 00:19 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-06-02 00:19 . 2008-06-02 00:19 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-06-01 23:48 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-06-01 23:35 . 2008-06-01 23:35 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-01 22:38 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-06-01 22:36 . 2008-06-01 22:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 22:34 . 2008-06-01 22:34 <DIR> d-------- C:\Windows\PCHEALTH
2008-06-01 22:34 . 2008-06-01 22:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 22:32 . 2008-06-01 22:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 22:31 . 2008-06-01 22:54 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-06-01 18:43 . 2008-06-01 18:43 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-06-01 18:42 . 2008-06-01 18:42 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-01 18:42 . 2008-06-01 18:42 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-01 18:42 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-05-31 21:10 . 2008-05-31 21:10 <DIR> d-------- C:\Program Files\Lavalys
2008-05-31 14:29 . 2008-05-31 14:29 <DIR> d-------- C:\Windows\nvtmpinst
2008-05-26 18:18 . 2008-05-26 18:18 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-05-26 18:15 . 2008-05-26 18:16 <DIR> d-------- C:\Program Files\DivX
2008-05-26 18:15 . 2008-05-26 18:15 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-22 09:25 . 2008-06-03 13:27 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\uTorrent
2008-05-22 09:25 . 2008-05-22 09:25 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 03:27 . 2008-05-21 03:27 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-21 03:26 . 2008-05-21 03:26 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-21 03:26 . 2008-05-21 03:26 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-21 03:25 . 2008-05-21 03:25 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-05-21 03:25 . 2008-05-21 03:25 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-05-21 03:23 . 2008-05-21 03:23 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-21 03:23 . 2008-05-21 03:23 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-21 03:21 . 2008-05-21 03:21 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-21 03:21 . 2008-05-21 03:21 414,208 --a------ C:\Windows\System32\msscp.dll
2008-05-21 03:21 . 2008-05-21 03:21 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-21 03:21 . 2008-05-21 03:21 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-21 03:21 . 2008-05-21 03:21 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-21 03:21 . 2008-05-21 03:21 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-21 03:20 . 2008-05-21 03:20 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-05-21 03:20 . 2008-05-21 03:20 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-05-21 03:20 . 2008-05-21 03:20 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-05-21 03:20 . 2008-05-21 03:20 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-05-21 03:20 . 2008-05-21 03:20 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-05-21 03:20 . 2008-05-21 03:20 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-05-21 03:20 . 2008-05-21 03:20 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-05-21 03:20 . 2008-05-21 03:20 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-05-21 03:20 . 2008-05-21 03:20 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-05-21 03:19 . 2008-05-21 03:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-21 03:19 . 2008-05-21 03:19 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-21 03:19 . 2008-05-21 03:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-21 03:19 . 2008-05-21 03:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-21 03:19 . 2008-05-21 03:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-21 03:19 . 2008-05-21 03:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-21 03:19 . 2008-05-21 03:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-21 03:19 . 2008-05-21 03:19 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-05-21 03:18 . 2008-05-21 03:18 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-21 03:18 . 2008-05-21 03:18 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-05-21 03:18 . 2008-05-21 03:18 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-21 03:17 . 2008-05-21 03:17 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-05-21 03:17 . 2008-05-21 03:17 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-05-21 03:17 . 2008-05-21 03:17 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-05-21 03:17 . 2008-05-21 03:17 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-05-21 03:17 . 2008-05-21 03:17 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-05-21 03:17 . 2008-05-21 03:17 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-05-21 03:17 . 2008-05-21 03:17 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-21 03:17 . 2008-05-21 03:17 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-05-21 03:16 . 2008-05-21 03:16 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-21 03:16 . 2008-05-21 03:16 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-21 03:16 . 2008-05-21 03:16 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-21 03:16 . 2008-05-21 03:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-21 03:16 . 2008-05-21 03:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-21 03:16 . 2008-05-21 03:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-21 03:14 . 2008-05-21 03:14 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-21 03:11 . 2008-05-21 03:11 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-21 03:11 . 2008-05-21 03:11 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-21 03:11 . 2008-05-21 03:11 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-21 03:11 . 2008-05-21 03:11 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-21 03:10 . 2008-05-21 03:10 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-05-21 03:10 . 2008-05-21 03:10 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-05-21 03:10 . 2008-05-21 03:10 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-05-21 03:10 . 2008-05-21 03:10 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-21 03:10 . 2008-05-21 03:10 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-05-21 03:10 . 2008-05-21 03:10 223,232 --a------ C:\Windows\System32\SLC.dll
2008-05-21 03:10 . 2008-05-21 03:10 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-05-21 03:10 . 2008-05-21 03:10 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-05-21 03:10 . 2008-05-21 03:10 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-05-21 03:10 . 2008-05-21 03:10 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-05-21 03:09 . 2008-05-21 03:09 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-21 03:09 . 2008-05-21 03:09 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-05-21 03:07 . 2008-05-21 03:07 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-21 03:07 . 2008-05-21 03:07 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-21 03:07 . 2008-05-21 03:07 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-21 03:06 . 2008-05-21 03:06 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-21 03:06 . 2008-05-21 03:06 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-21 03:05 . 2008-05-21 03:05 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-21 03:05 . 2008-05-21 03:05 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-21 03:05 . 2008-05-21 03:05 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-21 03:05 . 2008-05-21 03:05 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-21 03:05 . 2008-05-21 03:05 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-21 03:03 . 2008-05-21 03:03 974,336 --a------ C:\Windows\System32\crypt32.dll
2008-05-21 03:03 . 2008-05-21 03:03 152,576 --a------ C:\Windows\System32\imagehlp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 18:40 9,216 ----a-w C:\Windows\searchword.dll
2008-06-02 03:36 --------- d-----w C:\Program Files\MSBuild
2008-06-01 23:42 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-01 23:42 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-01 23:42 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-01 23:42 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-01 23:42 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-21 08:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-21 08:36 --------- d-----w C:\Program Files\Windows Mail
2008-05-21 08:36 --------- d-----w C:\Program Files\Windows Calendar
2008-05-21 08:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-21 08:35 --------- d-----w C:\Program Files\Windows Defender
2008-05-21 08:28 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-21 08:28 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-21 08:28 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-21 08:28 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-21 08:28 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-21 08:27 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-21 08:13 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-21 08:13 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-21 08:13 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-21 08:13 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-21 08:13 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-21 08:13 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-21 08:13 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-21 08:13 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-05-21 08:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-29 16:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B3F03D8-D903-400D-8B39-F75D09DA1AAB}]
C:\Windows\system32\fcccyVnk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-02 00:34 2594224]
"Microsoft Windows Installer"="C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe" [2008-06-02 00:35 121856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"CtxfiReg"="CTXFIREG.exe" [2008-02-20 20:55 43520 C:\Windows\System32\CTXFIREG.EXE]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTRegRun"="C:\Windows\CTRegRun.EXE" [1999-10-10 20:00 41984]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\Windows\System32\CTXFIHLP.EXE]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"MSServer"="C:\Windows\system32\cbXNFxyv.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2488AE31-F3C7-4AE0-AA15-C478365BDBCB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03A6C4BC-5673-4D1E-91EC-2A9236E73574}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1A0596B1-C8DD-4187-9421-F4255E8EF960}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D1DDE9B5-C4AE-4664-A3AD-16465CA64FEC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{715EC48D-D914-4231-AB63-40FAA8FB1FB0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C0792028-5639-42DA-A954-ED01AA4C4235}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15BC9E6F-E011-4B6C-A3E1-C0A157391A5D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0898D75D-6C5F-43F3-B4D9-0D3A54ECD32C}Q:\\westwood\\sun\\game.exe"= UDP:Q:\westwood\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{B26F5BB2-00AA-4767-97AF-CA855D73C5EF}Q:\\westwood\\sun\\game.exe"= TCP:Q:\westwood\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{5918945A-6E4C-4A34-AD4D-A384018BFF9D}Q:\\westwood\\ra2\\gamemd.exe"= UDP:Q:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{94E0B68B-9181-40F0-8CD7-42F969DE40F2}Q:\\westwood\\ra2\\gamemd.exe"= TCP:Q:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{B66BF8D1-1336-4744-BFD4-DFA5012F4385}C:\\users\\ffm185\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\ffm185\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{2C164CCC-ACD0-4AE3-8B44-7AC46FEC229F}C:\\users\\ffm185\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\ffm185\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{716FDA19-CF08-456C-8718-8F509FC6FBFC}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{37335827-8C0C-489F-9347-BEA0639ED82C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-15 18:18]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 06:59]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 06:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22bcc878-264f-11dd-94eb-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 14:21:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-03 14:23:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 19:23:12

Pre-Run: 420,072,787,968 bytes free
Post-Run: 423,046,766,592 bytes free

294 --- E O F --- 2008-06-02 03:04:30

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:38, on 6/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {9B3F03D8-D903-400D-8B39-F75D09DA1AAB} - C:\Windows\system32\fcccyVnk.dll (file missing)
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\cbXNFxyv.dll,#1
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5808 bytes

Haven't gotten any popups so far, and my Task Manager is back. I'll wait for the verdict from you first though.

#9
Rorschach112

Posted 03 June 2008 - 01:43 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\mssys.exe
C:\Windows\msupdate.exe
C:\Windows\444.470
C:\Windows\System32\vbpdtvdp.exe
C:\Windows\444.471
C:\Windows\System32\hljwugsf.bin
D:\autorun.exe

Folder::
C:\Windows\System32\vntiho06
C:\Windows\System32\Vco1
C:\Windows\System32\sTMP
C:\Windows\System32\Dev3
C:\Windows\System32\a053
C:\Windows\System32\6026c
C:\Windows\RkZNMTg1

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22bcc878-264f-11dd-94eb-806e6f6e6963}]

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Windows\System32\beep.sys

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

#10
FFM185

Posted 03 June 2008 - 04:28 PM

New Member

Topic Starter
Member
8 posts

Antivirus Version Last Update Result
AhnLab-V3 2008.5.30.1 2008.06.03 -
AntiVir 7.8.0.26 2008.06.03 -
Authentium 5.1.0.4 2008.06.03 -
Avast 4.8.1195.0 2008.06.03 -
AVG 7.5.0.516 2008.06.03 -
BitDefender 7.2 2008.06.04 -
CAT-QuickHeal 9.50 2008.06.03 -
ClamAV 0.92.1 2008.06.03 -
DrWeb 4.44.0.09170 2008.06.03 -
eSafe 7.0.15.0 2008.06.03 -
eTrust-Vet 31.4.5845 2008.06.03 -
Ewido 4.0 2008.06.03 -
F-Prot 4.4.4.56 2008.06.02 -
F-Secure 6.70.13260.0 2008.06.03 -
Fortinet 3.14.0.0 2008.06.04 -
GData 2.0.7306.1023 2008.06.03 -
Ikarus T3.1.1.26.0 2008.06.03 -
Kaspersky 7.0.0.125 2008.06.03 -
McAfee 5309 2008.06.03 -
Microsoft 1.3604 2008.06.03 -
NOD32v2 3156 2008.06.03 -
Norman 5.80.02 2008.06.03 -
Panda 9.0.0.4 2008.06.03 -
Prevx1 V2 2008.06.04 -
Rising 20.47.12.00 2008.06.03 -
Sophos 4.29.0 2008.06.03 -
Sunbelt 3.0.1143.1 2008.06.03 -
Symantec 10 2008.06.04 -
TheHacker 6.2.92.333 2008.06.03 -
VBA32 3.12.6.7 2008.06.03 -
VirusBuster 4.3.26:9 2008.06.03 -
Webwasher-Gateway 6.6.2 2008.06.03 BlockReason.0
Additional information
File size: 6144 bytes
MD5...: ac3dd1708b22761ebd7cbe14dcc3b5d7
SHA1..: c52920173dc8fedf42b99c71fda34c26c0a11317
SHA256: 395769c8daa505e261033b9ea0319a7ed56a6289bae11fdda49002e25d9d8698
SHA512: f25ad06d4a990f0eb805ea6a4407898c2f748988e86b7089789a647c79a4ec6a
e6dd2b65b3a26d70beada8bb1f4855e6dd6f4ebe20c72f38e23a5ff8c30be044
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x14005
timedatestamp.....: 0x4549b177 (Thu Nov 02 08:51:03 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x47a 0x600 4.96 cb5ce1bca5bd2f0773aedc1042abe435
.rdata 0x2000 0xad 0x200 1.52 7c799c2fc8ec7dbe3207581364f8c4d1
.data 0x3000 0x8 0x200 0.16 0b2e7741e0c0fc65af1542e370d89f53
INIT 0x4000 0x2de 0x400 4.17 c3d870f51e4c5c4499202658d592c5d5
.rsrc 0x5000 0x3d8 0x400 3.29 5ac209cf2f32fdf3280a1d2d64c626d2
.reloc 0x6000 0xd0 0x200 1.90 8863107c6e99e7fe3202bc3543d43045

( 2 imports )
> ntoskrnl.exe: IoStartPacket, MmLockPagableDataSection, KeCancelTimer, MmUnlockPagableImageSection, IoStartNextPacket, KeSetTimer, IoAcquireCancelSpinLock, IoDeleteDevice, KeInitializeTimer, KeInitializeDpc, IoCreateDevice, RtlInitUnicodeString, KeTickCount, KeRemoveDeviceQueue, IoReleaseCancelSpinLock, KeRemoveEntryDeviceQueue, IofCompleteRequest, _allmul, KeInitializeEvent
> HAL.dll: ExReleaseFastMutex, KfRaiseIrql, KfLowerIrql, HalMakeBeep, ExAcquireFastMutex

( 0 exports )

ComboFix 08-06-01.6 - FFM185 2008-06-03 17:12:53.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1206 [GMT -5:00]
Running from: C:\Users\FFM185\Desktop\ComboFix.exe
Command switches used :: C:\Users\FFM185\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\444.470
C:\Windows\444.471
C:\Windows\mssys.exe
C:\Windows\msupdate.exe
C:\Windows\System32\hljwugsf.bin
C:\Windows\System32\vbpdtvdp.exe
D:\autorun.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\444.470
C:\Windows\444.471
C:\Windows\mssys.exe
C:\Windows\msupdate.exe
C:\Windows\RkZNMTg1
C:\Windows\System32\6026c
C:\Windows\System32\a053
C:\Windows\System32\a053\updatdll95.exe
C:\Windows\System32\Dev3
C:\Windows\System32\hljwugsf.bin
C:\Windows\System32\sTMP
C:\Windows\System32\sTMP\lutdtx2.exe
C:\Windows\System32\vbpdtvdp.exe
C:\Windows\System32\Vco1
C:\Windows\System32\vntiho06
C:\Windows\System32\vntiho06\vntiho061083.exe
D:\autorun.exe . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 13:28 . 2008-06-03 13:28 <DIR> d-------- C:\Deckard
2008-06-03 13:23 . 2008-06-03 13:23 2,962 --a------ C:\Windows\System32\tmp.reg
2008-06-03 13:23 . 2008-06-03 13:23 691 --a------ C:\Users\FFM185\AppData\Roaming\GetValue.vbs
2008-06-03 13:23 . 2008-06-03 13:23 35 --a------ C:\Users\FFM185\AppData\Roaming\SetValue.bat
2008-06-02 23:23 . 2008-06-02 23:39 <DIR> d-------- C:\SDFix
2008-06-02 17:18 . 2008-06-02 17:20 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-02 17:18 . 2008-06-02 17:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-02 16:56 . 2008-06-02 16:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 00:35 . 2008-06-03 14:17 <DIR> d-------- C:\Temp
2008-06-02 00:35 . 2006-11-02 03:51 6,144 --a------ C:\Windows\System32\beep.sys
2008-06-02 00:33 . 2008-06-02 13:48 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\IDM
2008-06-02 00:33 . 2008-06-03 17:16 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\DMCache
2008-06-02 00:33 . 2008-06-02 00:34 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-06-02 00:25 . 2008-06-02 00:25 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-02 00:19 . 2008-06-02 00:19 <DIR> dr-h----- C:\Users\FFM185\AppData\Roaming\SecuROM
2008-06-02 00:19 . 2008-06-02 00:19 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-06-02 00:19 . 2008-06-02 00:19 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-06-01 23:48 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-06-01 23:35 . 2008-06-01 23:35 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-01 22:38 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-06-01 22:36 . 2008-06-01 22:36 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-01 22:34 . 2008-06-01 22:34 <DIR> d-------- C:\Windows\PCHEALTH
2008-06-01 22:34 . 2008-06-01 22:34 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-01 22:32 . 2008-06-01 22:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-01 22:31 . 2008-06-01 22:54 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-06-01 18:43 . 2008-06-01 18:43 229,888 --a------ C:\Windows\System32\msshsq.dll
2008-06-01 18:42 . 2008-06-01 18:42 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-01 18:42 . 2008-06-01 18:42 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-01 18:42 . 2007-11-17 23:22 3,636 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-05-31 21:10 . 2008-05-31 21:10 <DIR> d-------- C:\Program Files\Lavalys
2008-05-31 14:29 . 2008-05-31 14:29 <DIR> d-------- C:\Windows\nvtmpinst
2008-05-26 18:18 . 2008-05-26 18:18 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-05-26 18:15 . 2008-05-26 18:16 <DIR> d-------- C:\Program Files\DivX
2008-05-26 18:15 . 2008-05-26 18:15 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-22 09:25 . 2008-06-03 17:14 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\uTorrent
2008-05-22 09:25 . 2008-05-22 09:25 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 03:27 . 2008-05-21 03:27 2,923,520 --a------ C:\Windows\explorer.exe
2008-05-21 03:26 . 2008-05-21 03:26 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-05-21 03:26 . 2008-05-21 03:26 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-05-21 03:25 . 2008-05-21 03:25 376,320 --a------ C:\Windows\System32\winsrv.dll
2008-05-21 03:25 . 2008-05-21 03:25 49,664 --a------ C:\Windows\System32\csrsrv.dll
2008-05-21 03:23 . 2008-05-21 03:23 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-21 03:23 . 2008-05-21 03:23 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-21 03:21 . 2008-05-21 03:21 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-21 03:21 . 2008-05-21 03:21 414,208 --a------ C:\Windows\System32\msscp.dll
2008-05-21 03:21 . 2008-05-21 03:21 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-21 03:21 . 2008-05-21 03:21 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-21 03:21 . 2008-05-21 03:21 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-21 03:21 . 2008-05-21 03:21 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-21 03:20 . 2008-05-21 03:20 396,800 --a------ C:\Windows\System32\MPSSVC.dll
2008-05-21 03:20 . 2008-05-21 03:20 392,192 --a------ C:\Windows\System32\FirewallAPI.dll
2008-05-21 03:20 . 2008-05-21 03:20 178,688 --a------ C:\Windows\System32\iphlpsvc.dll
2008-05-21 03:20 . 2008-05-21 03:20 86,016 --a------ C:\Windows\System32\icfupgd.dll
2008-05-21 03:20 . 2008-05-21 03:20 63,488 --a------ C:\Windows\System32\drivers\mpsdrv.sys
2008-05-21 03:20 . 2008-05-21 03:20 61,952 --a------ C:\Windows\System32\cmifw.dll
2008-05-21 03:20 . 2008-05-21 03:20 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
2008-05-21 03:20 . 2008-05-21 03:20 16,896 --a------ C:\Windows\System32\wfapigp.dll
2008-05-21 03:20 . 2008-05-21 03:20 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
2008-05-21 03:19 . 2008-05-21 03:19 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-21 03:19 . 2008-05-21 03:19 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-21 03:19 . 2008-05-21 03:19 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-21 03:19 . 2008-05-21 03:19 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-21 03:19 . 2008-05-21 03:19 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-21 03:19 . 2008-05-21 03:19 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-21 03:19 . 2008-05-21 03:19 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-21 03:19 . 2008-05-21 03:19 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-05-21 03:18 . 2008-05-21 03:18 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-05-21 03:18 . 2008-05-21 03:18 104,448 --a------ C:\Windows\System32\DWWIN.EXE
2008-05-21 03:18 . 2008-05-21 03:18 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-05-21 03:17 . 2008-05-21 03:17 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-05-21 03:17 . 2008-05-21 03:17 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-05-21 03:17 . 2008-05-21 03:17 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-05-21 03:17 . 2008-05-21 03:17 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-05-21 03:17 . 2008-05-21 03:17 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-05-21 03:17 . 2008-05-21 03:17 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-05-21 03:17 . 2008-05-21 03:17 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-21 03:17 . 2008-05-21 03:17 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-05-21 03:16 . 2008-05-21 03:16 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-21 03:16 . 2008-05-21 03:16 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-21 03:16 . 2008-05-21 03:16 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-21 03:16 . 2008-05-21 03:16 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-21 03:16 . 2008-05-21 03:16 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-21 03:16 . 2008-05-21 03:16 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-21 03:14 . 2008-05-21 03:14 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-05-21 03:11 . 2008-05-21 03:11 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-21 03:11 . 2008-05-21 03:11 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-21 03:11 . 2008-05-21 03:11 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-21 03:11 . 2008-05-21 03:11 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-21 03:10 . 2008-05-21 03:10 2,605,568 --a------ C:\Windows\System32\SLsvc.exe
2008-05-21 03:10 . 2008-05-21 03:10 566,784 --a------ C:\Windows\System32\SLCommDlg.dll
2008-05-21 03:10 . 2008-05-21 03:10 351,232 --a------ C:\Windows\System32\SLUI.exe
2008-05-21 03:10 . 2008-05-21 03:10 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-21 03:10 . 2008-05-21 03:10 268,288 --a------ C:\Windows\System32\mcbuilder.exe
2008-05-21 03:10 . 2008-05-21 03:10 223,232 --a------ C:\Windows\System32\SLC.dll
2008-05-21 03:10 . 2008-05-21 03:10 186,368 --a------ C:\Windows\System32\SLLUA.exe
2008-05-21 03:10 . 2008-05-21 03:10 57,856 --a------ C:\Windows\System32\SLUINotify.dll
2008-05-21 03:10 . 2008-05-21 03:10 39,936 --a------ C:\Windows\System32\slcinst.dll
2008-05-21 03:10 . 2008-05-21 03:10 33,280 --a------ C:\Windows\System32\slwmi.dll
2008-05-21 03:09 . 2008-05-21 03:09 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-05-21 03:09 . 2008-05-21 03:09 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-05-21 03:07 . 2008-05-21 03:07 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-21 03:07 . 2008-05-21 03:07 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-21 03:07 . 2008-05-21 03:07 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-21 03:06 . 2008-05-21 03:06 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-21 03:06 . 2008-05-21 03:06 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-21 03:05 . 2008-05-21 03:05 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-21 03:05 . 2008-05-21 03:05 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-21 03:05 . 2008-05-21 03:05 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-21 03:05 . 2008-05-21 03:05 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-21 03:05 . 2008-05-21 03:05 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-21 03:03 . 2008-05-21 03:03 974,336 --a------ C:\Windows\System32\crypt32.dll
2008-05-21 03:03 . 2008-05-21 03:03 152,576 --a------ C:\Windows\System32\imagehlp.dll
2008-05-21 03:03 . 2008-05-21 03:03 12,800 --a------ C:\Windows\System32\drivers\fs_rec.sys
2008-05-21 03:03 . 2008-05-21 03:03 5,120 --a------ C:\Windows\System32\wmi.dll
2008-05-21 03:03 . 2008-05-21 03:03 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-21 03:01 . 2008-05-21 03:01 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-21 03:01 . 2008-05-21 03:01 633,856 --a------ C:\Windows\System32\user32.dll
2008-05-21 03:00 . 2008-05-21 03:00 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-05-20 22:18 . 2008-05-20 22:18 <DIR> d-------- C:\Users\FFM185\AppData\Roaming\Ventrilo
2008-05-20 17:26 . 2008-05-20 17:26 1,080 --a------ C:\Windows\System32\settingsbkup.sfm
2008-05-20 17:26 . 2008-05-20 17:26 1,080 --a------ C:\Windows\System32\settings.sfm
2008-05-20 12:55 . 2008-05-20 12:55 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-05-20 12:35 . 2008-05-21 02:38 <DIR> d-------- C:\Program Files\World of Warcraft
2008-05-20 12:35 . 2008-05-20 12:36 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-05-20 12:30 . 2008-05-20 12:30 <DIR> d-------- C:\Windows\System32\Macromed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 18:40 9,216 ----a-w C:\Windows\searchword.dll
2008-06-02 03:36 --------- d-----w C:\Program Files\MSBuild
2008-06-01 23:42 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-01 23:42 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-01 23:42 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-01 23:42 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-01 23:42 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-21 08:39 174 --sha-w C:\Program Files\desktop.ini
2008-05-21 08:36 --------- d-----w C:\Program Files\Windows Mail
2008-05-21 08:36 --------- d-----w C:\Program Files\Windows Calendar
2008-05-21 08:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-21 08:35 --------- d-----w C:\Program Files\Windows Defender
2008-05-21 08:28 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-21 08:28 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-21 08:28 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-21 08:28 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-21 08:28 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-21 08:27 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-21 08:13 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-21 08:13 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-21 08:13 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-21 08:13 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-21 08:13 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-21 08:13 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-21 08:13 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-21 08:13 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-05-21 08:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-03 03:46 7,460,320 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-04-29 16:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-06-03_14.22.48.66 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 19:21:04 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-03 22:16:27 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-03 19:21:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-03 22:16:39 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-03 19:21:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-03 22:16:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-03 19:21:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-03 22:16:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-03 19:21:13 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-03 22:16:38 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-03 19:21:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 22:16:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-03 18:33:56 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-03 19:27:10 103,818 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-03 18:33:56 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-03 19:27:10 618,410 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-03 18:16:16 7,064 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-217085429-2072581838-3877441453-1000_UserData.bin
+ 2008-06-03 19:22:56 7,378 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-217085429-2072581838-3877441453-1000_UserData.bin
- 2008-06-03 18:28:19 58,716 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 19:22:55 58,904 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 22:14:47 2,470 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B3F03D8-D903-400D-8B39-F75D09DA1AAB}]
C:\Windows\system32\fcccyVnk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23 102400]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-02 00:34 2594224]
"Microsoft Windows Installer"="C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe" [2008-06-02 00:35 121856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"CtxfiReg"="CTXFIREG.exe" [2008-02-20 20:55 43520 C:\Windows\System32\CTXFIREG.EXE]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTRegRun"="C:\Windows\CTRegRun.EXE" [1999-10-10 20:00 41984]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\Windows\System32\CTXFIHLP.EXE]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"MSServer"="C:\Windows\system32\cbXNFxyv.dll" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2488AE31-F3C7-4AE0-AA15-C478365BDBCB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03A6C4BC-5673-4D1E-91EC-2A9236E73574}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{1A0596B1-C8DD-4187-9421-F4255E8EF960}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D1DDE9B5-C4AE-4664-A3AD-16465CA64FEC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{715EC48D-D914-4231-AB63-40FAA8FB1FB0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C0792028-5639-42DA-A954-ED01AA4C4235}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15BC9E6F-E011-4B6C-A3E1-C0A157391A5D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0898D75D-6C5F-43F3-B4D9-0D3A54ECD32C}Q:\\westwood\\sun\\game.exe"= UDP:Q:\westwood\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{B26F5BB2-00AA-4767-97AF-CA855D73C5EF}Q:\\westwood\\sun\\game.exe"= TCP:Q:\westwood\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{5918945A-6E4C-4A34-AD4D-A384018BFF9D}Q:\\westwood\\ra2\\gamemd.exe"= UDP:Q:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"UDP Query User{94E0B68B-9181-40F0-8CD7-42F969DE40F2}Q:\\westwood\\ra2\\gamemd.exe"= TCP:Q:\westwood\ra2\gamemd.exe:Main executable for Yuri's Revenge
"TCP Query User{B66BF8D1-1336-4744-BFD4-DFA5012F4385}C:\\users\\ffm185\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\ffm185\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{2C164CCC-ACD0-4AE3-8B44-7AC46FEC229F}C:\\users\\ffm185\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\ffm185\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{716FDA19-CF08-456C-8718-8F509FC6FBFC}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{37335827-8C0C-489F-9347-BEA0639ED82C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-15 18:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-15 18:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-15 18:18]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 06:59]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 06:59]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:16:42
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-03 17:18:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 22:18:30
ComboFix2.txt 2008-06-03 19:23:20

Pre-Run: 419,882,397,696 bytes free
Post-Run: 423,043,411,968 bytes free

316 --- E O F --- 2008-06-02 03:04:30

Everything still seems normal, but the clock is still in Military time.

#11
Rorschach112

Posted 03 June 2008 - 04:33 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Also post a new HijackThis log

#12
FFM185

Posted 03 June 2008 - 04:48 PM

New Member

Topic Starter
Member
8 posts

Malwarebytes' Anti-Malware 1.14
Database version: 818

17:43:07 6/3/2008
mbam-log-6-3-2008 (17-43-07).txt

Scan type: Quick Scan
Objects scanned: 30646
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Windows Installer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\FFM185\AppData\Roaming\Microsoft\dtsc\31534.exe (Trojan.Agent) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:21, on 6/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {9B3F03D8-D903-400D-8B39-F75D09DA1AAB} - C:\Windows\system32\fcccyVnk.dll (file missing)
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5564 bytes

#13
Rorschach112

Posted 03 June 2008 - 04:58 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {9B3F03D8-D903-400D-8B39-F75D09DA1AAB} - C:\Windows\system32\fcccyVnk.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot and post a new HijackThis log

#14
FFM185

Posted 03 June 2008 - 05:06 PM

New Member

Topic Starter
Member
8 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:53, on 6/3/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 5365 bytes

How do I change the clock back to regular time? I can't seem to find the option anywhere =/

#15
Rorschach112

Posted 03 June 2008 - 05:14 PM

Ralphie

Retired Staff
47,710 posts

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.