Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Stop Ie Windows From Poppin Up


  • This topic is locked This topic is locked
7 replies to this topic

#1 Mudslung Studios

Mudslung Studios

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warren, Ohio USA
  • Local time:09:46 PM

Posted 24 February 2008 - 02:56 PM

Ever since I clicked on a Little window that popped up by the system tray that said it was a "Java Update", I have been
unable to stop IE windows from popping up every time I open explorer!
I sure could use any help you fine folks here have to offer.
Thank you very much, Mudslung

Attached Files



BC AdBot (Login to Remove)

 


#2 Mudslung Studios

Mudslung Studios
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warren, Ohio USA
  • Local time:09:46 PM

Posted 29 February 2008 - 08:25 AM

Ever since I clicked on a Little window that popped up by the system tray that said it was a "Java Update", I have been
unable to stop IE windows from popping up every time I open explorer!
I sure could use any help you fine folks here have to offer.
Thank you very much, Mudslung

I should apologize for posting my logfile "Before" taking the "suggested" steps. Well after running ALL the Malware and Spyware checks,
I found Zone Alarm to be very helpful. I can now see that a file called explorer.exe is trying to run, and this is the file that is causing
all the IEXPLORER popups. I have created a new log file. I didn't want to post a new request, since this 1 has been sitting IDLE for 5 days
now.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:18 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mudslung Studios\Application Data\Microsoft\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11719 bytes

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:46 PM

Posted 05 March 2008 - 07:03 PM

Hello

Welcome to the Bleeping Computer Malware Removal Forum


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.




Download ComboFix from Here or Here to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.



1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net

2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.


I need to see the Malwarebytes log, the Combofix log and a New HJT log please

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 Mudslung Studios

Mudslung Studios
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warren, Ohio USA
  • Local time:09:46 PM

Posted 06 March 2008 - 10:53 AM

Thank you for this help. Here are the log files that are required for diagnostics.

Malwarebytes' Anti-Malware 1.07
Database version: 461

Scan type: Quick Scan
Objects scanned: 31455
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\nGpxx01 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Delete on reboot.
C:\Documents and Settings\Mudslung Studios\Application Data\Microsoft\spoolsv.exe (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
********************************************************************************************************************************************************************************************************************************************************************
ComboFix 08-03-05.3 - Mudslung Studios 2008-03-06 10:12:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.123 [GMT -5:00]
Running from: C:\Documents and Settings\Mudslung Studios\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 43

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\fCOe
C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\emupia2kk.sys
C:\WINDOWS\system32\msvcsv60.dll
C:\WINDOWS\system32\oTt09e
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_EMUPIA2KK
-------\emupia2kk


((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-06 09:34 . 2008-03-06 09:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-06 09:34 . 2008-03-06 09:34 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\Malwarebytes
2008-03-06 09:34 . 2008-03-06 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-04 08:05 . 2008-03-04 08:05 231 --a------ C:\WINDOWS\system32\3dsviz.ini
2008-03-04 08:05 . 2008-03-04 08:05 43 --a------ C:\WINDOWS\system32\InstallSettings.ini
2008-03-04 08:00 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-01 12:20 . 2008-03-01 12:20 <DIR> d-------- C:\WINDOWS\_ISTMP1.DIR
2008-03-01 11:55 . 2008-03-01 11:55 646 --a------ C:\UFantasy.ini
2008-03-01 11:52 . 2002-12-15 20:07 5,183 --a------ C:\WINDOWS\system32\drivers\usbu2a.sys
2008-03-01 11:51 . 2008-03-01 11:52 <DIR> d-------- C:\USBStorage
2008-02-29 15:50 . 2008-02-29 15:50 92,064 --a------ C:\Documents and Settings\Mudslung Studios\mqdmmdm.sys
2008-02-29 15:50 . 2008-02-29 15:50 79,328 --a------ C:\Documents and Settings\Mudslung Studios\mqdmserd.sys
2008-02-29 15:50 . 2008-02-29 15:50 66,656 --a------ C:\Documents and Settings\Mudslung Studios\mqdmbus.sys
2008-02-29 15:50 . 2008-02-29 15:50 9,232 --a------ C:\Documents and Settings\Mudslung Studios\mqdmmdfl.sys
2008-02-29 15:50 . 2008-02-29 15:50 6,208 --a------ C:\Documents and Settings\Mudslung Studios\mqdmcmnt.sys
2008-02-29 15:50 . 2008-02-29 15:50 5,936 --a------ C:\Documents and Settings\Mudslung Studios\mqdmwhnt.sys
2008-02-29 15:50 . 2008-02-29 15:50 4,048 --a------ C:\Documents and Settings\Mudslung Studios\mqdmcr.sys
2008-02-29 15:37 . 2008-02-29 15:53 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-02-29 15:37 . 2008-02-29 15:50 25,600 --a------ C:\Documents and Settings\Mudslung Studios\usbsermptxp.sys
2008-02-29 15:37 . 2008-02-29 15:50 22,768 --a------ C:\Documents and Settings\Mudslung Studios\usbsermpt.sys
2008-02-29 15:28 . 2008-02-29 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avanquest Software
2008-02-29 15:04 . 2008-03-06 10:13 <DIR> d-------- C:\Temp
2008-02-29 13:43 . 2008-02-29 15:28 <DIR> d-------- C:\Program Files\LiveUpdate
2008-02-29 13:42 . 2008-02-29 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-29 12:44 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-02-29 12:44 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-02-29 11:55 . 2008-02-29 11:55 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\DivX
2008-02-29 10:49 . 2008-02-29 10:49 <DIR> d-------- C:\Program Files\DivX
2008-02-28 11:19 . 2008-03-06 10:25 3,264,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-28 11:19 . 2008-03-06 10:22 40,328 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-28 11:13 . 2008-02-28 11:13 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-28 11:13 . 2008-02-28 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-28 11:11 . 2008-03-06 10:09 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-28 08:30 . 2008-02-28 08:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-28 08:29 . 2008-02-28 08:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 12:19 . 2008-02-26 12:41 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\AVS Video Converter
2008-02-26 06:23 . 2008-02-26 06:23 <DIR> d-------- C:\Program Files\Microsoft Speech SDK 5.1
2008-02-26 05:56 . 2008-02-26 05:56 <DIR> d-------- C:\Program Files\Loquendo
2008-02-25 16:26 . 2008-02-25 16:26 <DIR> d-------- C:\Program Files\NextUp-Acapela
2008-02-25 13:45 . 2008-02-26 15:16 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-02-25 13:45 . 2008-02-26 15:16 16 --a------ C:\WINDOWS\msocreg32.dat
2008-02-25 13:37 . 2008-02-25 13:37 <DIR> d-------- C:\Program Files\IK Multimedia
2008-02-24 18:16 . 2008-02-24 18:18 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-24 17:33 . 2008-02-24 18:03 <DIR> d-------- C:\Program Files\Picasa2
2008-02-24 17:32 . 2008-02-26 05:18 <DIR> d-------- C:\Program Files\Google
2008-02-24 17:32 . 2008-02-24 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-24 17:30 . 2008-02-25 11:09 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Memeo
2008-02-24 11:55 . 2008-02-24 11:55 <DIR> d-------- C:\Program Files\ATTNaturalVoices
2008-02-24 08:24 . 2008-02-24 08:24 81 -r-hs---- C:\WINDOWS\CT5PRET.BIN
2008-02-24 08:23 . 2008-02-24 08:23 <DIR> d-------- C:\Program Files\Reallusion
2008-02-22 21:24 . 2004-06-03 12:56 999,424 --a------ C:\WINDOWS\system32\crazytalk.dll
2008-02-22 20:59 . 2008-02-22 20:59 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\Reallusion
2008-02-22 15:11 . 2008-02-22 15:11 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\Publish Providers
2008-02-22 15:11 . 2008-02-27 22:59 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-02-22 15:11 . 2008-02-27 22:59 3 --a------ C:\WINDOWS\Twain001.Mtx
2008-02-22 15:11 . 2008-02-22 15:11 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-02-22 15:09 . 2008-02-24 13:14 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\Sony
2008-02-22 15:09 . 2008-02-27 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-22 14:46 . 2008-02-22 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-02-22 14:45 . 2008-02-22 14:45 <DIR> d-------- C:\Program Files\Sony
2008-02-22 14:42 . 2008-02-22 15:31 <DIR> d-------- C:\Program Files\Sony Setup
2008-02-21 12:09 . 2008-02-21 12:09 <DIR> d-------- C:\Program Files\Toontrack
2008-02-21 08:56 . 2008-02-21 08:56 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-02-21 08:53 . 2008-02-21 08:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-02-21 08:52 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-02-21 08:52 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-02-20 21:05 . 2008-02-20 21:05 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 21:05 . 2008-02-20 21:05 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-02-20 21:05 . 2008-02-20 21:05 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-02-20 21:05 . 2008-02-20 21:05 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-02-20 21:05 . 2008-02-20 21:05 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-02-20 21:03 . 2008-02-20 21:03 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-02-20 21:03 . 2008-02-20 21:03 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-02-20 21:03 . 2008-02-20 21:03 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-02-18 14:26 . 2008-02-18 14:21 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-18 14:26 . 2008-02-18 14:26 3,456 --a------ C:\WINDOWS\unins000.dat
2008-02-17 20:05 . 2008-02-18 14:33 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-17 20:05 . 2008-02-18 14:33 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-17 10:23 . 2008-03-01 10:41 292 --a------ C:\WINDOWS\wininit.ini
2008-02-17 09:44 . 2008-02-18 14:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-17 09:44 . 2008-02-18 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 12:38 . 2008-02-16 12:38 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-02-16 12:29 . 2008-02-16 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-13 22:16 . 2008-02-13 22:16 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-02-13 22:12 . 2008-02-13 22:12 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-12 23:04 . 2008-02-13 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-12 23:02 . 2008-02-13 10:41 <DIR> d-------- C:\Program Files\Security Task Manager
2008-02-11 08:12 . 2008-02-11 08:12 <DIR> d-------- C:\Documents and Settings\Mudslung Studios\Application Data\M-Audio
2008-02-10 11:38 . 2008-02-10 11:38 <DIR> d--hs---- C:\Diskeeper
2008-02-10 10:46 . 2008-02-10 10:46 249,856 --------- C:\WINDOWS\Setup1.exe
2008-02-10 10:46 . 2008-02-10 10:46 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-02-10 10:29 . 2008-02-10 10:29 670 --a------ C:\WINDOWS\ST6UNST.003
2008-02-10 10:29 . 2008-02-10 10:29 670 --a------ C:\WINDOWS\ST6UNST.002
2008-02-10 10:24 . 2008-02-10 10:24 670 --a------ C:\WINDOWS\ST6UNST.001
2008-02-10 10:24 . 2008-02-10 10:24 670 --a------ C:\WINDOWS\ST6UNST.000
2008-02-08 10:28 . 2008-02-08 10:28 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-02-08 10:28 . 2008-02-08 10:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-02-07 21:02 . 2008-02-07 21:02 <DIR> d-------- C:\Program Files\iTunes
2008-02-07 21:02 . 2008-02-07 21:02 <DIR> d-------- C:\Program Files\iPod
2008-02-07 21:02 . 2008-03-06 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 13:12 --------- d-----w C:\Program Files\AskBar
2008-03-04 19:15 1,715,200 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-03-04 19:13 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\POP Peeper
2008-03-04 13:07 --------- d-s---w C:\Program Files\Autodesk
2008-03-04 13:04 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-04 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-03-04 12:49 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\uTorrent
2008-02-29 20:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-29 02:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-28 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-25 18:37 --------- d-----w C:\Program Files\VstPlugins
2008-02-24 22:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-22 20:34 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-02-22 05:20 --------- d-----w C:\Program Files\isoHunt
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-02-19 19:34 --------- d-----w C:\Program Files\uTorrent
2008-02-17 15:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-16 17:31 --------- d-s---w C:\Program Files\AIM6
2008-02-16 17:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-13 05:55 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\SolidWorks
2008-02-13 02:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-11 21:49 --------- d-s---w C:\Program Files\AutoCAD 2008
2008-02-10 15:57 --------- d-----w C:\Program Files\Common Files\ALLDATA Shared
2008-02-08 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 02:01 --------- d-s---w C:\Program Files\QuickTime
2008-02-08 02:01 --------- d-----w C:\Program Files\Bonjour
2008-02-05 15:27 --------- d-----w C:\Program Files\Object Desktop
2008-02-05 15:27 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-04 12:11 --------- d-----w C:\Program Files\Java
2008-02-04 12:08 --------- d-----w C:\Program Files\Common Files\Java
2008-02-02 19:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-02 04:33 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-02 03:16 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\vlc
2008-02-02 03:14 --------- d-----w C:\Program Files\VideoLAN
2008-02-02 01:44 --------- d-----w C:\Program Files\MediaTV
2008-02-02 01:41 --------- d-----w C:\Program Files\The Playa
2008-02-02 01:41 --------- d-----w C:\Program Files\DivXCodec
2008-01-30 19:41 186,443 ----a-w C:\WINDOWS\system32\atasnt40.dll
2008-01-29 15:52 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-01-29 15:52 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-01-28 03:32 --------- d-----w C:\Program Files\POP Peeper
2008-01-26 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\IMSI
2008-01-25 17:56 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\IMSI
2008-01-25 04:34 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\IMSIDesign
2008-01-23 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-23 04:19 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Unigraphics Solutions
2008-01-22 12:28 --------- d-----w C:\Program Files\r2 Studios
2008-01-21 21:42 --------- d-----w C:\Program Files\Cucusoft
2008-01-21 17:33 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-01-21 17:32 --------- d-----w C:\Program Files\AVSMedia
2008-01-21 17:12 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\AVSMedia
2008-01-21 16:31 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\AVS4YOU
2008-01-21 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-01-21 15:10 --------- d-----w C:\Program Files\MSBuild
2008-01-21 15:10 --------- d-----w C:\Program Files\Microsoft Works
2008-01-21 15:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-19 16:24 --------- d-----w C:\Program Files\Cakewalk
2008-01-18 19:08 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Autodesk
2008-01-15 08:11 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Cakewalk
2008-01-15 06:09 118,784 ----a-w C:\WINDOWS\dsdxirmv.exe
2008-01-15 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-01-14 18:39 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-14 18:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-01-14 18:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-01-14 18:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-01-14 18:39 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-01-14 18:38 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-01-13 22:55 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Morphine
2008-01-13 22:51 --------- d-----w C:\Program Files\Image-Line
2008-01-13 22:34 --------- d-----w C:\Program Files\ASIO4ALL v2
2008-01-13 20:58 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Deckadance
2008-01-13 16:04 --------- d-----w C:\Program Files\Common Files\Digidesign
2008-01-13 16:01 --------- d-----w C:\Program Files\Common Files\Avid
2008-01-12 15:30 --------- d-----r C:\Program Files\Winamp
2008-01-12 13:34 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\InstallShield
2008-01-12 13:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
2008-01-12 06:06 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-01-12 00:17 --------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2008-01-12 00:17 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\PACE Anti-Piracy
2008-01-12 00:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2008-01-11 23:33 --------- d-----w C:\Program Files\PowerISO
2008-01-11 22:22 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\onOne Software
2008-01-11 21:47 --------- d-----w C:\Program Files\onOne Software
2008-01-11 21:02 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Mask Pro 4.0
2008-01-11 20:16 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Alien Skin
2008-01-11 19:36 --------- d-----w C:\Program Files\Common Files\onOne Software Shared
2008-01-11 19:12 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Imagenomic
2008-01-11 18:36 --------- d-----w C:\Program Files\Imagenomic
2008-01-11 18:04 --------- d-----w C:\Documents and Settings\Mudslung Studios\Application Data\Digital Film Tools
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-02-22 00:20 1555480 --a------ C:\Program Files\isoHunt\tbiso1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A6E4A4EB-D169-4E99-8988-250FCBAFE767}
{5A074B29-F830-49DE-A31B-5BB9D7F6B407}

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= C:\Program Files\isoHunt\tbiso1.dll [2008-02-22 00:20 1555480]

[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [2008-02-08 02:18 1429504]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 02:23 221568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 00:28 36352]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 15:41 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55 491520]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55 176128]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05 200704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"USBDetector"="C:\USBStorage\USBDetector.exe" [2002-11-25 23:08 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]

C:\Documents and Settings\Mudslung Studios\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-02 21:19:49 557568]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
SolidWorks Task Scheduler Engine.lnk - D:\Program Files\SolidWorks\swScheduler\swBOEngine.exe [2007-09-09 06:51:40 488728]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-02 19:17:01 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-02 18:42 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\VIZ2008\\3dsviz.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;"C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe" [2007-03-07 15:32]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Mudslung Studios\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-03-06 04:59:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-03-06 15:23:53 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-03-06 08:21:39 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 10:25:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-06 10:30:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 15:30:08
.
2008-02-16 06:11:36 --- E O F ---
********************************************************************************************************************************************************************************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:07 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbiso1.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:\Program Files\AskBar\bar\bin\askBar1.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USBDetector] C:\USBStorage\USBDetector.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SolidWorks Task Scheduler Engine.lnk = D:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\AskBar\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\AskBar\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://cache2.vuze.com/files/Azureus_Java_Installer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Program Files\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12229 bytes

#5 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:46 PM

Posted 06 March 2008 - 01:26 PM

Hello,

You need to go to the Add Remove Programs in the Control Panel and uninstall these programs. These are your call, if you use them then keep them.

http://www.castlecops.com/clsid-42212.html <-- Read about it here
isoHunt Toolbar

Viewpoint
Installs without your knowledge or consent , uses system resources and basically is not needed.


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE




Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up



  • Your Java is out of date and leaving your system vulnerable.
  • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
  • It should have an icon next to it:
    Posted Image
    Select it and click Remove.
  • Reboot your system.
  • Then go to the Sun Microsystems and install the update
  • Java Runtime Environment (JRE) 6 Update 4 <--This is what you need to download and install.
  • If you chose the online installation, it will prompt you to run the program.
  • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
  • Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future



The rest of your log looks fine :thumbsup: How is your system behaving now??

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#6 Mudslung Studios

Mudslung Studios
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warren, Ohio USA
  • Local time:09:46 PM

Posted 07 March 2008 - 08:41 AM

Hello Ken,

THANK YOU VERY MUCH! :thumbsup: Now my system is running PERFECT! Thanks to YOU!!!
I absolutely Appreciate your support very much. As soon as I get back to work I plan to make a donation in your name!

I followed ALL of your recommendations from your last post and now it's "ALL SYSTEMS GO!"

Thank you once again sir, you have provided an invaluable service.
Sincerely, Patrick M McGeever
mudslung@embarqmail.com

#7 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:46 PM

Posted 07 March 2008 - 09:07 AM

Glad things are better for you :thumbsup:


Time for some housekeeping

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.5
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0.0.12 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken

Edited by ken545, 07 March 2008 - 09:15 AM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:46 PM

Posted 16 March 2008 - 09:05 AM

Since this issue appears to be resolved this thread will now be closed. Thank you for using Bleeping Computer.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users