0

As asked by Phillie here is the new thread with the ComboFix logs. I hope it helps:

ComboFix 08-07-21.2 - Ryan Gartner 2008-07-23 20:11:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2221 [GMT 2:00]
Running from: C:\Documents and Settings\Ryan Gartner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-23 03:44 . 2008-07-23 12:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-23 02:52 . 2008-07-23 20:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-23 02:52 . 2008-07-23 02:52 <DIR> d-------- C:\Program Files\AVG
2008-07-23 02:52 . 2008-07-23 06:39 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\AVGTOOLBAR
2008-07-23 02:52 . 2008-07-23 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 02:52 . 2008-07-23 02:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-23 02:52 . 2008-07-23 02:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-23 02:52 . 2008-07-23 02:52 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-23 02:52 . 2008-07-23 02:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-23 02:42 . 2008-07-23 02:42 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-07-23 02:42 . 2008-07-23 02:42 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-07-22 22:33 . 2008-07-22 23:07 36,864 --a------ C:\WINDOWS\system32\mssetd.dll
2008-07-22 19:02 . 2008-07-22 19:02 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 11:46 . 2008-07-22 12:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44 . 2008-07-22 19:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 07:31 . 2008-07-22 15:48 8,983 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-22 07:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-22 07:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-22 07:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-22 07:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-22 07:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-22 03:02 . 2008-07-22 03:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03 . 2008-07-21 18:03 <DIR> d-------- C:\Program Files\Codemasters
2008-07-20 13:55 . 2008-07-20 13:56 <DIR> d-------- C:\Program Files\Zune
2008-07-20 13:55 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 16:58 . 2008-07-16 16:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42 . 2008-07-16 16:42 <DIR> d-------- C:\Program Files\Sierra
2008-07-11 23:06 . 2008-07-14 01:13 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-08 00:27 . 2008-07-08 00:27 36 --a------ C:\WINDOWS\system32\qbhxaklo.sys
2008-07-08 00:27 . 2008-07-08 00:27 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-07-08 00:21 . 2008-07-08 00:21 20 --a------ C:\WINDOWS\system32\ladyapaw.sys
2008-07-06 17:00 . 2008-07-06 17:00 <DIR> d-------- C:\Program Files\Stardock Games
2008-07-06 12:52 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45 . 2008-07-06 12:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:44 . 2008-07-22 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 09:05 . 2008-07-06 09:05 223,942 --a------ C:\AnalysisLog.sr0
2008-07-06 01:01 . 2008-07-06 01:01 <DIR> d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08 . 2008-07-04 15:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48 . 2008-07-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47 . 2007-12-05 05:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47 . 2008-04-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:47 . 2008-07-03 20:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:18 . 2008-07-04 16:10 <DIR> d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18 . 2008-07-08 17:29 <DIR> d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:40 . 2008-07-21 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40 . 2008-07-03 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:16 . 2008-07-02 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-02 20:20 . 2008-07-02 20:20 9,936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10 . 2008-07-02 20:10 <DIR> d-------- C:\Temp\syschk3
2008-07-02 20:10 . 2008-07-22 22:14 <DIR> d-------- C:\Temp
2008-07-02 19:30 . 2007-07-31 04:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 19:30 . 2007-07-31 04:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 19:30 . 2007-07-31 04:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 02:08 --------- d-----w C:\Program Files\Steam
2008-07-17 04:21 --------- d-----w C:\Program Files\DAP
2008-07-07 19:20 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-07-02 12:00 --------- d-----w C:\Program Files\Starcraft
2008-07-02 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 21:04 --------- d-----w C:\Program Files\Sierra Entertainment
2008-06-22 09:15 --------- d-----w C:\Program Files\TRABULANCE
2008-06-19 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-15 17:35 --------- d-----w C:\Program Files\Diablo II
2008-06-15 08:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-15 08:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-15 07:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 12:26 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:18 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 18:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-09 12:47 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 16:53 --------- d-----w C:\Program Files\Activision
2008-06-07 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 22:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 13:24 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 20:19 22,328 ----a-w C:\Documents and Settings\Ryan Gartner\Application Data\PnkBstrK.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 23:33 3,640 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\nttzapaq.sys
2004-08-08 23:33 1,040 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 23:34 1,040 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 22:27 520 --sh--w C:\WINDOWS\system32\vlhxaklo.sys
2004-08-08 22:19 520 --sh--w C:\WINDOWS\system32\xbfsbjbo.sys
2004-08-08 22:20 1,040 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_22.21.28.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-22 20:34:28 24,576 ----a-w C:\WINDOWS\system32\comrsdo.dll
+ 2008-07-23 00:52:51 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-07-22 20:34:44 24,576 ----a-w C:\WINDOWS\system32\tennfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 04:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 21:34 5724184]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 05:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 17:45 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 17:45 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 18:34 815104]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [2007-04-10 02:44 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 21:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 21:17 970752]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [2007-07-30 23:31 40960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 01:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 08:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 155648]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-23 02:52 1232152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-08-23 17:45 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{7914E0AA-ECCB-4311-B584-C49538227824}"= "C:\WINDOWS\system32\jhfrxz.dll" [BU]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= "C:\WINDOWS\system32\fmcvxy.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"=
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13936:TCP"= 13936:TCP:BitComet 13936 TCP
"13936:UDP"= 13936:UDP:BitComet 13936 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-23 02:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-23 02:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-23 02:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-23 02:52]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-23 02:52]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-23 02:52]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-20 00:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-23 02:42]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-28 01:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0471f14d-1816-11dd-bc89-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36025cb6-1a66-11dd-bc8c-00030d000001}]
\Shell\Auto\command - G:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94eb998e-fec7-11dc-bc74-00030d000001}]
\Shell\Auto\command - F:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfa4b455-2d03-11dd-bc9a-00030d000001}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b84a24-49cd-11dd-bca6-00030d000001}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{990B770D-62AE-5421-DA6D-16033B76258C}]
%SystemRoot%\system32\winup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 05:28:47 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-22 05:28:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B} - C:\WINDOWS\system32\jfdses.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 20:16:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Documents and Settings\Ryan Gartner\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\DB\{A36BEB4D-AC26-4FDF-A58C-6CEC0395E3E2}.xml 415 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CleGameKey\Driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-07-23 20:19:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 18:19:38
ComboFix2.txt 2008-07-22 21:05:34
ComboFix3.txt 2008-07-22 20:21:41

Pre-Run: 26,388,447,232 bytes free
Post-Run: 26,539,274,240 bytes free

270

2
Contributors
9
Replies
10
Views
9 Years
Discussion Span
Last Post by PhilliePhan
0

As asked by Phillie here is the new thread with the ComboFix logs. I hope it helps:

Thanks - much better.

-- It is going to take me a while to go through the log. I will post the next bit this evening after work.

PP :)

0

Hi slntassassin87,

You guys definitely have an infected USB Drive floating around. Be careful! Also, if you can track it/them down, you might try:
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

-- Can you tell me what these two folder are? Do you recognize them?

C:\WINDOWS\system32\vi
C:\WINDOWS\system32\gI5


Your compy has definitely been compromised by information stealing malware. Some of it is specific to online gaming and designed to harvest passwords, etc...
I still think a reformat and clean install is the way to go.

However, if you want to give cleaning a try, please do the following:

1) Please Download HostsXpert and Extract it from the ZIP to its own folder
-- Run HostsXpert and Select Restore MS Hosts File and then Click OK
-- Close HostsXpert.
You might want to keep this handy tool for use in the future.

2) Please delete your copy of ComboFix and download a fresh one to your Desktop.
-- Download the attached file CFScript.txt and save it to your Desktop as well.
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe to start ComboFix.
-- Let Combofix run as before and post me that log

3) Please Run ATF-Cleaner.exe again as per the "Read Me" instructions.

4) Please run ESET Online Scan again.
-- You will need to temporarily disable your current Anti-virus program.
-- This time, make sure that the option to Remove found threats is Checked, and the option Scan unwanted applications is Checked as well.
-- Remember to Re-enable your Resident Anti-virus program after the scan has finished.
-- A logfile ought to be found at C:\\Program Files\\EsetOnlineScanner\\log.txt.
Please post that for me.

5) Lastly, please give me a fresh Deckard's System Scanner Scanlog
-- Please use a separate post for that so it doesn't get cut off.

I'll get back to you as soon as I can - I am a bit over-extended with work these days.

Cheers :)
PP

0

I dont know what

C:\WINDOWS\system32\vi
C:\WINDOWS\system32\gI5


are, any guesses?

Here is the log of Combofix with CFScript:


ComboFix 08-07-23.4 - Ryan Gartner 2008-07-24 9:53:08.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2272 [GMT 2:00]
Running from: C:\Documents and Settings\Ryan Gartner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ryan Gartner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\system32\drivers\eth8023.sys
C:\WINDOWS\system32\DRIVERS\nvmini.sys
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\ictxaiua.sys
C:\WINDOWS\system32\jfdses.dll
C:\WINDOWS\system32\jhfrxz.dll
C:\WINDOWS\system32\ladyapaw.sys
C:\WINDOWS\system32\mssetd.dll
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\winup.exe
C:\WINDOWS\system32\xbfsbjbo.sys
C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\syschk3
C:\Temp\syschk3\tdirp5.log
C:\WINDOWS\system32\erjxakin.sys
C:\WINDOWS\system32\ictxaiua.sys
C:\WINDOWS\system32\ladyapaw.sys
C:\WINDOWS\system32\modtrux18
C:\WINDOWS\system32\mssetd.dll
C:\WINDOWS\system32\ngjxakin.sys
C:\WINDOWS\system32\nttzapaq.sys
C:\WINDOWS\system32\qbhxaklo.sys
C:\WINDOWS\system32\smdsbsrv.sys
C:\WINDOWS\system32\snfybbyt.sys
C:\WINDOWS\system32\vlhxaklo.sys
C:\WINDOWS\system32\xbfsbjbo.sys
C:\WINDOWS\system32\xscqbhlp.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_eth8023


((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
.

2008-07-23 03:44 . 2008-07-24 05:44 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-23 02:52 . 2008-07-23 20:08 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-23 02:52 . 2008-07-23 02:52 <DIR> d-------- C:\Program Files\AVG
2008-07-23 02:52 . 2008-07-23 06:39 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\AVGTOOLBAR
2008-07-23 02:52 . 2008-07-24 05:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-23 02:52 . 2008-07-23 02:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-23 02:52 . 2008-07-23 02:52 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-23 02:52 . 2008-07-23 02:52 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-07-23 02:52 . 2008-07-23 02:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-23 02:42 . 2008-07-23 02:42 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-07-23 02:42 . 2008-07-23 02:42 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-07-22 13:17 . 2008-07-22 13:17 <DIR> d-------- C:\Deckard
2008-07-22 11:46 . 2008-07-22 12:20 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44 . 2008-07-22 19:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44 . 2008-07-22 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 07:31 . 2008-07-22 15:48 8,983 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-22 07:29 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-22 07:29 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-22 07:29 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-22 07:29 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-22 07:29 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-22 07:28 . 2008-07-22 07:28 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-22 07:28 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-22 03:02 . 2008-07-22 03:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-22 01:46 . 2008-07-22 01:46 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03 . 2008-07-21 18:03 <DIR> d-------- C:\Program Files\Codemasters
2008-07-20 13:55 . 2008-07-20 13:56 <DIR> d-------- C:\Program Files\Zune
2008-07-20 13:55 . 2008-03-21 13:57 14,640 --------- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-07-20 13:55 . 2008-07-20 13:55 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 16:58 . 2008-07-16 16:58 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42 . 2008-07-16 16:42 <DIR> d-------- C:\Program Files\Sierra
2008-07-11 23:06 . 2008-07-14 01:13 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-06 17:00 . 2008-07-06 17:00 <DIR> d-------- C:\Program Files\Stardock Games
2008-07-06 12:52 . 2008-07-22 07:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45 . 2008-07-06 12:45 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:44 . 2008-07-22 07:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 09:05 . 2008-07-06 09:05 223,942 --a------ C:\AnalysisLog.sr0
2008-07-06 01:01 . 2008-07-06 01:01 <DIR> d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08 . 2008-07-04 15:08 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48 . 2008-07-03 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47 . 2007-12-05 05:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47 . 2008-04-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:47 . 2008-07-03 20:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 20:18 . 2008-07-04 16:10 <DIR> d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18 . 2008-07-08 17:29 <DIR> d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:40 . 2008-07-21 18:14 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40 . 2008-07-03 01:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:16 . 2008-07-02 21:16 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-02 20:20 . 2008-07-02 20:20 9,936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10 . 2008-07-24 09:53 <DIR> d-------- C:\Temp
2008-07-02 19:30 . 2007-07-31 04:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 19:30 . 2007-07-31 04:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 19:30 . 2007-07-31 04:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 02:08 --------- d-----w C:\Program Files\Steam
2008-07-17 04:21 --------- d-----w C:\Program Files\DAP
2008-07-07 19:20 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-07-02 12:00 --------- d-----w C:\Program Files\Starcraft
2008-07-02 09:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 21:04 --------- d-----w C:\Program Files\Sierra Entertainment
2008-06-22 09:15 --------- d-----w C:\Program Files\TRABULANCE
2008-06-19 17:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-06-15 17:35 --------- d-----w C:\Program Files\Diablo II
2008-06-15 08:37 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-15 08:37 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-15 07:50 --------- d-----w C:\Program Files\OpenAL
2008-06-13 12:26 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 12:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 18:18 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-11 18:18 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-09 12:47 --------- d-----w C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 16:53 --------- d-----w C:\Program Files\Activision
2008-06-07 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-02 22:42 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2008-06-02 13:24 --------- d-----w C:\Program Files\Elaborate Bytes
2008-04-06 20:19 22,328 ----a-w C:\Documents and Settings\Ryan Gartner\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-22_22.21.28.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-22 20:34:28 24,576 ----a-w C:\WINDOWS\system32\comrsdo.dll
+ 2008-07-23 00:52:51 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2008-07-22 20:34:44 24,576 ----a-w C:\WINDOWS\system32\tennfs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-24 04:05 143360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 14:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 21:34 5724184]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 05:07 389120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-23 17:45 8478720]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-08-23 17:45 81920]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-23 01:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 18:34 815104]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [2007-04-10 02:44 36864]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 21:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 21:17 970752]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [2007-07-30 23:31 40960]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-24 01:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 08:55 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 155648]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 15:21 94208]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-23 02:52 1232152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2007-07-27 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-08-23 17:45 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 09:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"=
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"=
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13936:TCP"= 13936:TCP:BitComet 13936 TCP
"13936:UDP"= 13936:UDP:BitComet 13936 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-23 02:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-23 02:52]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-23 02:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-23 02:52]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-07-23 02:52]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-23 02:52]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\WINDOWS\System32\StkCSrv.exe [2007-04-20 00:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-07-23 02:42]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 StkCMini;Syntek AVStream USB2.0 2M WebCam;C:\WINDOWS\system32\Drivers\StkCMini.sys [2007-06-28 01:44]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 05:28:47 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-22 05:28:45 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 09:56:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CleGameKey\Driver\ZClevoGKY.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-07-24 9:59:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 07:59:53
ComboFix2.txt 2008-07-23 18:19:43
ComboFix3.txt 2008-07-22 21:05:34
ComboFix4.txt 2008-07-22 20:21:41

Pre-Run: 47,242,481,664 bytes free
Post-Run: 47,235,350,528 bytes free

266

0

Here is the ESET Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3293 (20080723)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=c5a359f2fd4cd0439e5458129ac886cf
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-07-24 08:27:15
# local_time=2008-07-24 10:27:15 (+0100, W. Europe Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=209793
# found=1
# scan_time=1414
C:\QooBox\Quarantine\C\WINDOWS\system32\jfrwdh.dll.vir Win32/PSW.OnLineGames.NOA trojan (unable to clean - deleted) 00000000000000000000000000000000

0

Main DSS log

Deckard's System Scanner v20071014.68
Run by Ryan Gartner on 2008-07-24 10:32:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2008-07-24 08:32:40 UTC - RP145 - Deckard's System Scanner Restore Point
29: 2008-07-24 07:52:56 UTC - RP144 - ComboFix created restore point
28: 2008-07-24 06:48:34 UTC - RP143 - System Checkpoint
27: 2008-07-23 00:52:26 UTC - RP142 - Installed AVG 8.0
26: 2008-07-23 00:50:00 UTC - RP141 - Installed AVG 7.5


-- First Restore Point --
1: 2008-07-07 21:53:11 UTC - RP116 - Installed AVG 7.5


Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Ryan Gartner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:34 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\MHotkey.exe
C:\WINDOWS\CleGameKey\driver\ZClevoGKY.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\StkCSrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ryan Gartner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ryan Gartner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LchGKey] C:\WINDOWS\LchGKey.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Hook] C:\Program Files\VideoView\StkHK.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196826068891
O17 - HKLM\System\CCS\Services\Tcpip\..\{797AB5AC-E12D-48D0-A954-55EE70D653F0}: NameServer = 217.237.148.102 217.237.151.115
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

--
End of file - 8404 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S2 cdralw (NVIDIA Compatible Windows Miniport Driver) - c:\windows\system32\drivers\nvmini.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 SDDMI2 - c:\windows\system32\ddmi2.sys <Not Verified; Gteko Ltd.; DDMI>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>

S2 McShield (McAfee Real-time Scanner) - c:\progra~1\mcafee\viruss~1\mcshield.exe (file missing)
S2 McSysmon (McAfee SystemGuards) - c:\progra~1\mcafee\viruss~1\mcsysmon.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 07:28:47 354 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-07-22 07:28:45 346 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 10:03:03 0 d-------- C:\WINDOWS\LastGood
2008-07-23 03:44:34 0 d--h----- C:\$AVG8.VAULT$
2008-07-23 02:52:49 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-23 02:52:49 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\AVGTOOLBAR
2008-07-23 02:52:26 0 d-------- C:\Program Files\AVG
2008-07-23 02:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-22 22:35:08 0 d-------- C:\cmdcons
2008-07-22 22:34:52 68096 --a------ C:\WINDOWS\zip.exe
2008-07-22 22:34:52 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-22 22:34:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-22 22:34:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-22 22:34:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-22 22:34:52 98816 --a------ C:\WINDOWS\sed.exe
2008-07-22 22:34:52 80412 --a------ C:\WINDOWS\grep.exe
2008-07-22 22:34:52 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 22:34:44 24576 --a------ C:\WINDOWS\system32\tennfs.dll
2008-07-22 22:34:28 24576 --a------ C:\WINDOWS\system32\comrsdo.dll
2008-07-22 11:46:57 0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-22 10:44:43 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Malwarebytes
2008-07-22 10:44:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 10:44:41 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 07:37:10 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-22 07:30:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-22 07:30:29 0 d-------- C:\Program Files\SiteAdvisor
2008-07-22 07:30:29 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\SiteAdvisor
2008-07-22 07:30:05 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-07-22 07:28:36 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-22 03:11:18 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-22 03:02:57 0 d-------- C:\Program Files\Trend Micro
2008-07-22 02:30:24 0 d-------- C:\WINDOWS\pss
2008-07-22 01:46:14 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-07-21 18:03:36 0 d-------- C:\Program Files\Codemasters
2008-07-20 13:55:02 0 d-------- C:\Program Files\Zune
2008-07-16 16:58:13 0 d-------- C:\Program Files\Sierra On-Line
2008-07-16 16:42:01 0 d-------- C:\Program Files\Sierra
2008-07-11 23:06:17 8 --a------ C:\WINDOWS\system32\Update.dat
2008-07-06 17:00:12 0 d-------- C:\Program Files\Stardock Games
2008-07-06 12:52:26 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-07-06 12:52:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-06 12:45:14 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-06 12:45:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-06 12:44:02 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-06 01:01:45 0 d-------- C:\Program Files\EGOSOFT
2008-07-04 15:08:27 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-03 20:48:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-03 20:47:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-03 20:47:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-03 20:47:18 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-03 20:47:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-03 20:47:18 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-03 20:47:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-03 20:47:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-07-03 20:47:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-07-03 20:18:40 0 d-------- C:\WINDOWS\system32\vi
2008-07-03 20:18:40 0 d-------- C:\WINDOWS\system32\gI5
2008-07-03 01:44:30 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-03 01:40:56 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-03 01:40:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-02 21:21:56 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-07-02 21:16:58 0 d--h----- C:\WINDOWS\PIF
2008-07-02 20:20:27 9936 --a------ C:\WINDOWS\system32\awtsRKAt.dll
2008-07-02 20:10:59 0 d-------- C:\Temp
2008-07-01 23:04:18 5746688 --a------ C:\Documents and Settings\Ryan Gartner\ntuser.dat
2008-07-01 23:04:18 229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-07-24 09:53:45 0 d-------- C:\Program Files\Common Files
2008-07-21 04:08:22 0 d-------- C:\Program Files\Steam
2008-07-17 06:21:05 0 d-------- C:\Program Files\DAP
2008-07-09 01:58:51 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Adobe
2008-07-07 21:20:35 0 d-------- C:\Program Files\Linksys EasyLink Advisor
2008-07-02 14:00:00 0 d-------- C:\Program Files\Starcraft
2008-07-02 11:54:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 23:04:29 0 d-------- C:\Program Files\Sierra Entertainment
2008-06-22 11:18:53 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Help
2008-06-22 11:15:35 0 d-------- C:\Program Files\TRABULANCE
2008-06-15 19:35:40 0 d-------- C:\Program Files\Diablo II
2008-06-15 19:32:16 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-06-15 19:32:16 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-06-15 19:32:16 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-06-15 13:51:41 34562 --a------ C:\WINDOWS\DIIUnin.dat
2008-06-15 10:37:58 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-06-15 10:37:58 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-06-15 09:50:14 0 d-------- C:\Program Files\OpenAL
2008-06-13 14:26:00 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\Sierra Entertainment
2008-06-13 14:15:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-09 14:47:05 0 d-------- C:\Documents and Settings\Ryan Gartner\Application Data\vlc
2008-06-07 18:53:00 0 d-------- C:\Program Files\Activision
2008-06-07 18:04:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-03 00:42:16 967 --a------ C:\WINDOWS\ScUnin.pif
2008-06-03 00:42:16 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-06-03 00:42:16 35382 --a------ C:\WINDOWS\scunin.dat
2008-06-02 15:24:27 0 d-------- C:\Program Files\Elaborate Bytes


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/23/2008 02:52 AM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/23/2008 02:52 AM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [07/27/2007 02:00 PM C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/23/2007 05:45 PM]
"nwiz"="nwiz.exe" [08/23/2007 05:45 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/23/2007 05:45 PM]
"RTHDCPL"="RTHDCPL.EXE" [02/26/2007 09:03 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/2006 12:04 PM C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/23/2006 01:31 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/08/2006 06:34 PM]
"LchGKey"="C:\WINDOWS\LchGKey.exe" [04/10/2007 02:44 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [02/21/2007 09:19 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [02/21/2007 09:17 PM]
"Hook"="C:\Program Files\VideoView\StkHK.exe" [07/30/2007 11:31 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/24/2006 01:10 AM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/06/2006 08:55 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/13/2006 01:40 AM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 03:21 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/23/2008 02:52 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/24/2006 04:05 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 02:00 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 09:34 PM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [04/03/2006 05:07 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 7:05:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - CATCHME

-- End of Deckard's System Scanner: finished at 2008-07-24 10:33:57 ------------

0

Extra DSS Log


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU X6800 @ 2.93GHz
CPU 1: Intel(R) Core(TM)2 CPU X6800 @ 2.93GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2813.98 MiB / 2042.2 MiB
Pagefile Memory (total/avail): 4700.73 MiB / 4107.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.96 MiB

C: is Fixed (NTFS) - 186.3 GiB total, 43.99 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 186.31 GiB total, 91.85 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Hitachi HTS722020K9SA00 - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - E:

\\.\PHYSICALDRIVE0 - Hitachi HTS722020K9SA00 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: AVG Firewall v8.0 (AVG Technologies CZ, s.r.o.)
AV: AVG Internet Security v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM) "
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe:*:Enabled:Battlefield 2142"
"C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe"="C:\\Program Files\\Gravity\\RO\\GatheringRO-Patcher.exe:*:Enabled:GatheringRO-Patcher"
"C:\\Program Files\\Gravity\\RO\\Ragnarok.exe"="C:\\Program Files\\Gravity\\RO\\Ragnarok.exe:*:Enabled:Ragnarok Online"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft - Brood War"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe"="C:\\Program Files\\AGEIA Technologies\\bin\\TrayIcon.exe:*:Enabled:AGEIA PhysX System Tray Icon"
"C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"="C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe:*:Disabled:etqwded.exe"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe:*:Disabled:World in Conflict"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe:*:Disabled:World in Conflict - Dedicated Server"
"C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe:*:Disabled:World in Conflict - Online Only"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe"="C:\\Program Files\\Steam\\steamapps\\common\\universe at war earth assault\\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nightshadewolf\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ryan Gartner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYAN-F15720B3EA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ryan Gartner
LOGONSERVER=\\RYAN-F15720B3EA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RYANGA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RYANGA~1\LOCALS~1\Temp
USERDOMAIN=RYAN-F15720B3EA
USERNAME=Ryan Gartner
USERPROFILE=C:\Documents and Settings\Ryan Gartner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Ryan Gartner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Documents and Settings\Ryan Gartner\Local Settings\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 2142 Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
BlueSoleil --> MsiExec.exe /X{DD7DBE40-889C-4674-8EE5-76C094C31F75}
Cataclysm --> C:\Sierra\CATACL~1\UNINST~1\UNWISE.EXE C:\Sierra\CATACL~1\UNINST~1\INSTALL.LOG
Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquerâ„¢ 3: Kane's Wrath --> MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Day of Defeat: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/300
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Empire Earth III --> C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0009 -removeonly
Enemy Territory - QUAKE Wars(TM) --> C:\Program Files\InstallShield Installation Information\{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}\setup.exe -runfromtemp -l0x0409
Enemy Territory - QUAKE Wars(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{BCA71D05-6BC9-4735-BA3F-7218EBE6A023}\setup.exe -runfromtemp -l0x0409
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
EVE-ONLINE (remove only) --> C:\Program Files\CCP\EVE\Uninstall.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Frontlines: Fuel of War --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9460
Galactic Civilizations II - Gold Edition --> C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GalCiv2\INSTALL.LOG
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Homeworld --> C:\Sierra\HOMEWO~1\UNINST~1\UNWISE.EXE C:\Sierra\HOMEWO~1\UNINST~1\INSTALL.LOG
Homeworld2 --> C:\Program Files\Sierra\Homeworld2\uninstall.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Linksys EasyLink Advisor 1.5 (1010) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F385F486-C1BC-4350-8837-6F17761134B5}\Setup.exe" -l0x9
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Essentials --> MsiExec.exe /X{ADD9E56D-2DD8-448A-8887-B3AF76AB1033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\OpenALwEAX.exe" /U
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Ragnarok Online --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU3B.inf
Ragnarok Sakray --> "C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFU3A.inf
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RF Online Episode 2 --> "C:\Program Files\Codemasters\RF Online\unins000.exe"
Scorched3D 41.3 --> C:\Program Files\Scorched3D\uninst.exe
Sins of a Solar Empire --> "C:\Documents and Settings\Ryan Gartner\Local Settings\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
STK1135 PC Camera --> C:\Program Files\InstallShield Installation Information\{6A92D7DC-DC2A-42B0-8FC0-F162B1CFDFD3}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}\setup.exe -runfromtemp -l0x0409
THE SETTLERS - Rise of an Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Universe at War: Earth Assault --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10430
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World in Conflict --> C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
X3 REUNION --> MsiExec.exe /I{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2629 / Error
Event Submitted/Written: 07/24/2008 05:58:34 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avgscanx.exe, version 8.0.0.134, faulting module avgcorex.dll, version 8.0.0.134, fault address 0x00178e4b.
Processing media-specific event for [avgscanx.exe!ws!]

Event Record #/Type2621 / Error
Event Submitted/Written: 07/22/2008 01:51:19 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type2613 / Error
Event Submitted/Written: 07/22/2008 01:43:05 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Event Record #/Type2598 / Error
Event Submitted/Written: 07/21/2008 03:01:55 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application DAP.exe, version 8.6.2.4, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2597 / Error
Event Submitted/Written: 07/21/2008 07:59:25 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dap.exe, version 8.6.2.4, faulting module unknown, version 0.0.0.0, fault address 0x68542f72.
Processing media-specific event for [dap.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8546 / Error
Event Submitted/Written: 07/24/2008 09:58:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee SystemGuards service failed to start due to the following error:
%%3

Event Record #/Type8545 / Error
Event Submitted/Written: 07/24/2008 09:58:17 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee Real-time Scanner service failed to start due to the following error:
%%3

Event Record #/Type8543 / Warning
Event Submitted/Written: 07/24/2008 09:57:10 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0090F55D5945. The IP address being used is 169.254.29.69.

Event Record #/Type8521 / Error
Event Submitted/Written: 07/24/2008 09:53:13 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG8 Firewall service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type8519 / Error
Event Submitted/Written: 07/24/2008 09:53:07 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AVG8 E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).

-- End of Deckard's System Scanner: finished at 2008-07-24 10:33:57 ------------

0

I dont know what
C:\WINDOWS\system32\vi
C:\WINDOWS\system32\gI5
are, any guesses?

No idea.... Not sure if they are gaming-related. What's in the folders?

I gave the logs a quick glance and they look much better now - How are things running?

Let's do a couple more things:

1) I've prepared another CFScript and attached it. Please use it to run combofix one more time and post me the log. I made a mistake with last one (nothing major) and I want to rectify that and do a few other things.

2) Go and install the latest Java from here ---> http://www.java.com/en


Let me know how everything shakes out. We'll still have a couple final cleanup steps (removing combofix properly, etc...) yet to do once all is deemed well with your compy.

I have a hectic long weekend coming up and may be away until Monday. One of the other volunteers may jump in.
Try to keep an eye out for that/those infected pen drives!

Cheers :)
PP

0

Sorry for the late reply. Ive been busy with work and haven't been able to check up on things much.

C:\WINDOWS\system32\vi
C:\WINDOWS\system32\gI5

I checked them both and they appear to be empty. I'm not really sure what they are for and I dont want to delete then and find out that its something that my computer needs.

Ive installed Java, I should have done it a while back but I kept on forgetting. And I will run the CFScript you attached as soon as I can and post the log. Thanks for being so patient with me.

0

Sorry for the late reply. Ive been busy with work and haven't been able to check up on things much.

No Worries! We all have "real life" to attend to and that always comes before everything else ;)

C:\WINDOWS\system32\vi
C:\WINDOWS\system32\gI5
I checked them both and they appear to be empty. I'm not really sure what they are for and I dont want to delete then and find out that its something that my computer needs

Whatever makes you comfortable - doubt there is anything to worry about there. I trust you had the viewing of hidden files enabled when you looked at these?

Will keep an eye out for the new logs.

Cheers :)
PP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.