Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pesky Vundo/crypt.xpack.gen/privacyset.a Problems


  • This topic is locked This topic is locked
2 replies to this topic

#1 Callmecowboy

Callmecowboy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 15 May 2008 - 06:00 PM

Yeah been having lots and lots of problems.
Here are my Combo logs and Hijack logs and DSS logs.
Been trying to get rid of it with Avira antivir but hasn;t been helping much just lots of pop ups that do well nothing.
Help would be greatly appreciated.


Combo log
--------------------------------
ComboFix 08-05-12.1 - Branden 2008-05-15 16:55:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.390 [GMT -4:00]
Running from: C:\Documents and Settings\Branden\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Branden\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\QsBKnUvw.ini
C:\WINDOWS\system32\QsBKnUvw.ini2
C:\WINDOWS\system32\vbcnrhiv.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-15 16:54 . 2008-05-15 16:54 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-15 16:28 . 2008-05-15 16:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avira
2008-05-15 14:06 . 2008-05-15 14:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-05-15 13:58 . 2008-05-15 13:58 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-15 13:58 . 2008-05-15 16:54 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT.LOG
2008-05-14 17:08 . 2008-05-14 17:08 <DIR> d-------- C:\Documents and Settings\Branden\Application Data\WinPatrol
2008-05-14 17:07 . 2008-05-14 17:07 <DIR> d-------- C:\Program Files\BillP Studios
2008-05-14 14:09 . 2008-05-14 14:14 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-14 14:05 . 2008-05-14 14:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-14 14:03 . 2008-05-14 14:18 <DIR> d-------- C:\Documents and Settings\Branden\.housecall6.6
2008-05-14 04:41 . 2008-05-14 18:12 <DIR> d-------- C:\VundoFix Backups
2008-05-14 03:46 . 2008-05-14 03:46 <DIR> d-------- C:\Program Files\Avira
2008-05-14 03:46 . 2008-05-14 03:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-14 02:31 . 2008-05-14 13:45 109,854 --a------ C:\WINDOWS\BMa727574e.xml
2008-05-13 22:04 . 2008-05-14 03:27 <DIR> d-------- C:\VTPFiles
2008-05-13 18:25 . 2008-05-15 16:09 45 --a------ C:\TEST.XML
2008-05-13 18:19 . 2008-05-13 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-13 14:26 . 2008-05-13 14:26 371,200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll
2008-05-13 14:20 . 2008-05-13 14:20 57,344 --a------ C:\WINDOWS\system32\urqRKBtu.VIR
2008-05-13 13:42 . 2008-05-13 13:42 <DIR> d-------- C:\Program Files\real
2008-05-12 18:41 . 1998-06-23 18:00 115,016 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-05-12 18:41 . 1998-06-17 18:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-12 18:41 . 2000-03-17 03:21 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-12 18:41 . 2000-03-17 03:21 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-12 18:41 . 2002-04-24 06:43 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2008-05-12 18:41 . 2002-04-09 11:23 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2008-05-12 18:41 . 2002-10-17 04:35 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2008-05-12 18:41 . 2002-01-07 11:30 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-12 18:34 . 2008-05-12 18:41 <DIR> d-------- C:\Program Files\Ubisoft
2008-05-12 01:12 . 2008-05-12 01:12 <DIR> d-------- C:\Program Files\Half Life 2
2008-05-10 22:26 . 2008-05-10 22:33 <DIR> d-------- C:\Program Files\GCFScape
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-28 16:57 . 2008-04-28 16:57 <DIR> d-------- C:\Program Files\MSBuild
2008-04-28 16:56 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-04-28 14:47 . 2008-04-28 14:47 244 --ah----- C:\sqmnoopt17.sqm
2008-04-28 14:47 . 2008-04-28 14:47 232 --ah----- C:\sqmdata17.sqm
2008-04-25 17:34 . 2000-07-17 23:42 76,800 --a------ C:\WINDOWS\system32\gwhotkey.cpl
2008-04-25 17:34 . 2000-07-18 22:31 70,656 --a------ C:\WINDOWS\GWHotKey.exe
2008-04-25 17:34 . 1998-07-31 15:00 47,104 --a------ C:\WINDOWS\_ISREG32.DLL
2008-04-25 17:34 . 2008-04-25 17:41 147 --a------ C:\WINDOWS\_DEISREG.ISR
2008-04-25 17:33 . 2008-04-25 17:36 <DIR> d-------- C:\cabs
2008-04-22 12:24 . 2008-04-21 16:42 197,153 --a------ C:\WINDOWS\1208807005873.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 18:01 --------- d-----w C:\Program Files\Ideazon
2008-05-15 17:35 --------- d-----w C:\Documents and Settings\Branden\Application Data\uTorrent
2008-05-14 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-14 09:08 --------- d-----w C:\Program Files\PowerISO
2008-05-14 07:27 --------- d-----w C:\Program Files\Zune
2008-05-13 18:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 04:53 --------- d-----w C:\Program Files\StepMania
2008-05-12 07:42 --------- d-----w C:\Program Files\VstPlugins
2008-05-12 07:42 --------- d-----w C:\Program Files\Image-Line
2008-05-10 23:41 --------- d-----w C:\Program Files\FrostWire
2008-04-30 19:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 02:20 --------- d-----w C:\Documents and Settings\Branden\Application Data\FrostWire
2008-04-14 21:42 --------- d-----w C:\Program Files\AIM6
2008-04-14 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-14 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-04-12 00:31 --------- d-----w C:\Program Files\Guitar Pro 5
2008-03-20 07:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 04:45 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-19 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-19 04:34 --------- d-----w C:\Program Files\Common Files\Research in Motion
2008-03-19 04:31 --------- d-----w C:\Documents and Settings\Branden\Application Data\Roxio
2008-03-19 04:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-03-19 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-19 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-19 04:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-19 03:47 503,808 ----a-w C:\WINDOWS\msvcp71.dll
2008-03-16 23:00 --------- d-----w C:\Program Files\Microsoft Works
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
C:\WINDOWS\system32\urqRKBtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE5A9E33-43DF-49C2-B509-480A3386E78F}]
2008-05-13 14:26 371200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31 1372160]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 06:27 219520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"Multi-function Keyboard"="GWHotKey.exe" [2000-07-18 22:31 70656 C:\WINDOWS\GWHotKey.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-04-25 13:31 333120]

C:\Documents and Settings\Branden\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-03 21:00:10 3581680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\urqRKBtu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRKBtu]
urqRKBtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-05-14 13:33]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-07 10:06]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 18:54]
R3 crtaud;Conexant Riptide WDM Audio Driver;C:\WINDOWS\system32\drivers\crtaud.sys [2001-08-17 08:19]
R3 rpfun;Conexant Riptide Dummy Driver;C:\WINDOWS\system32\drivers\rpfun.sys [2001-08-17 08:19]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;C:\WINDOWS\system32\drivers\rthwcls.sys [2001-08-17 08:19]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 18:39:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 17:08:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-15 17:14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 21:14:36

Pre-Run: 26,026,024,960 bytes free
Post-Run: 26,008,854,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

196 --- E O F --- 2008-04-29 07:01:59

end of log.
----------------------------------


here is my hijack this log.

------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:13:59 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Planex\Common\RaUI.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\progra~1\mozill~1\firefox.exe
c:\program files\avira\antivir personaledition premium\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avscan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Planex Wireless Utility.lnk = C:\Program Files\Planex\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195603310750
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77059F38-C6D0-4466-8EEF-DF230616F3B3}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--------------------------------


EDIT:

Here is my DSS log.


Main.txt
Deckard's System Scanner v20071014.68
Run by Branden on 2008-05-15 18:48:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
113: 2008-05-15 22:48:36 UTC - RP218 - Deckard's System Scanner Restore Point
112: 2008-05-15 21:45:28 UTC - RP217 - Last known good configuration
111: 2008-05-15 21:45:21 UTC - RP216 - Last known good configuration
110: 2008-05-15 21:45:21 UTC - RP215 - ComboFix created restore point
109: 2008-05-15 21:45:20 UTC - RP214 - i work


-- First Restore Point --
1: 2008-05-15 21:45:09 UTC - RP106 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Branden.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-15 18:49:53
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Branden\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\urqRKBtu.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {02e435cd-6b6c-fe6a-fb64-f1fb42ca6928} - {8296ac24-bf1f-46bf-a6ef-c6b6dc534e20} - C:\WINDOWS\system32\tblqebua.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94D4664D-4C3A-4C26-8221-CB32B79395E4} - C:\WINDOWS\system32\wvUnKBsQ.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195603310750
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{77059F38-C6D0-4466-8EEF-DF230616F3B3}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: urqRKBtu - C:\WINDOWS\system32\urqRKBtu.dll (file missing)
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


--
End of file - 7152 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080515-132643-954 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-132712-332 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20080515-132834-566 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080515-132834-771 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-140358-896 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-140358-979 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080515-174637-966 O4 - HKLM\..\Run: [BMa727574e] Rundll32.exe "C:\WINDOWS\system32\nnkjvekm.dll",s
backup-20080515-174646-697 O4 - HKLM\..\Run: [BMa727574e] Rundll32.exe "C:\WINDOWS\system32\nnkjvekm.dll",s
backup-20080515-184017-295 O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
backup-20080515-184017-519 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
backup-20080515-184017-602 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20080515-184017-610 O11 - Options group: [INTERNATIONAL] International*
backup-20080515-184017-724 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
backup-20080515-184017-829 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
backup-20080515-184253-471 O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)
S3 RimUsb (BlackBerry Smartphone) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 RT73 (RT73 USB Wireless LAN Card Driver) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirMailService (Avira AntiVir Premium MailGuard) - "c:\program files\avira\antivir personaledition premium\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 AntiVirScheduler (Avira AntiVir Premium Scheduler) - "c:\program files\avira\antivir personaledition premium\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 antivirwebservice (Avira AntiVir Premium WebGuard) - "c:\program files\avira\antivir personaledition premium\avwebgrd.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AVEService (Avira AntiVir Premium MailGuard helper service) - "c:\program files\avira\antivir personaledition premium\avesvc.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 14:39:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-15 and 2008-05-15 -----------------------------

2008-05-15 17:38:38 12410 --ahs---- C:\WINDOWS\system32\QsBKnUvw.ini2
2008-05-15 16:55:08 0 d-------- C:\cmdcons
2008-05-15 16:51:20 68096 --a------ C:\WINDOWS\zip.exe
2008-05-15 16:51:20 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-15 16:51:20 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-15 16:51:20 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-15 16:51:20 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-15 16:51:20 98816 --a------ C:\WINDOWS\sed.exe
2008-05-15 16:51:20 80412 --a------ C:\WINDOWS\grep.exe
2008-05-15 16:51:20 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-15 16:28:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Avira
2008-05-15 14:06:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinPatrol
2008-05-15 13:58:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-15 13:58:28 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-15 13:58:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-15 13:58:28 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-15 13:58:28 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-15 13:58:28 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-15 13:58:28 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-15 13:58:28 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-15 13:58:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-15 13:58:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-15 13:58:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-14 17:08:16 0 d-------- C:\Documents and Settings\Branden\Application Data\WinPatrol
2008-05-14 17:07:56 0 d-------- C:\Program Files\BillP Studios
2008-05-14 14:54:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-14 14:09:20 0 d-------- C:\Program Files\RegCleaner
2008-05-14 14:03:55 0 d-------- C:\Documents and Settings\Branden\.housecall6.6
2008-05-14 03:46:57 0 d-------- C:\Program Files\Avira
2008-05-14 03:46:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-14 03:30:40 5242880 --a------ C:\Documents and Settings\Branden\ntuser.dat
2008-05-13 22:04:23 0 d-------- C:\VTPFiles
2008-05-13 18:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-13 14:26:05 371200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll
2008-05-13 14:20:33 57344 --a------ C:\WINDOWS\system32\urqRKBtu.VIR
2008-05-13 13:42:54 0 d-------- C:\Program Files\real
2008-05-12 18:41:02 69632 --a------ C:\WINDOWS\system32\xmltok.dll
2008-05-12 18:41:02 36864 --a------ C:\WINDOWS\system32\xmlparse.dll
2008-05-12 18:41:02 24576 --a------ C:\WINDOWS\system32\msxml3a.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2008-05-12 18:34:10 0 d-------- C:\Program Files\Ubisoft
2008-05-12 01:12:47 0 d-------- C:\Program Files\Half Life 2
2008-05-10 22:26:00 0 d-------- C:\Program Files\GCFScape
2008-04-28 16:57:24 0 d-------- C:\Program Files\MSBuild
2008-04-28 16:57:18 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-04-28 16:57:10 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 17:34:48 70656 --a------ C:\WINDOWS\GWHotKey.exe <Not Verified; BillP Studios; Gateway Multi-function Keyboard Utility>
2008-04-25 17:34:48 47104 --a------ C:\WINDOWS\_ISREG32.DLL <Not Verified; Stirling; Stirling _isreg32>
2008-04-25 17:33:12 0 d-------- C:\cabs


-- Find3M Report ---------------------------------------------------------------

2008-05-15 14:01:07 0 d-------- C:\Program Files\Ideazon
2008-05-15 13:35:14 0 d-------- C:\Documents and Settings\Branden\Application Data\uTorrent
2008-05-14 05:08:38 0 d-------- C:\Program Files\PowerISO
2008-05-14 03:27:23 0 d-------- C:\Program Files\Zune
2008-05-13 14:02:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 00:53:42 0 d-------- C:\Program Files\StepMania
2008-05-12 03:42:40 0 d-------- C:\Program Files\VstPlugins
2008-05-12 03:42:40 0 d-------- C:\Program Files\Image-Line
2008-05-10 19:41:07 0 d-------- C:\Program Files\FrostWire
2008-04-30 22:00:03 0 d-------- C:\Documents and Settings\Branden\Application Data\Adobe
2008-04-21 22:20:31 0 d-------- C:\Documents and Settings\Branden\Application Data\FrostWire
2008-04-14 17:42:32 0 d-------- C:\Program Files\AIM6
2008-04-11 20:31:19 0 d-------- C:\Program Files\Guitar Pro 5
2008-03-20 03:01:31 0 d-------- C:\Program Files\MSXML 6.0
2008-03-19 00:45:54 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-19 00:45:42 0 d-------- C:\Program Files\Common Files
2008-03-19 00:34:28 0 d-------- C:\Program Files\Common Files\Research in Motion
2008-03-19 00:31:09 0 d-------- C:\Documents and Settings\Branden\Application Data\Roxio
2008-03-19 00:22:57 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-18 23:48:39 256 --a------ C:\WINDOWS\system32\pool.bin
2008-03-18 23:47:08 503808 --a------ C:\WINDOWS\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio.NET>
2008-03-16 19:00:16 0 d-------- C:\Program Files\Microsoft Works


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
C:\WINDOWS\system32\urqRKBtu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8296ac24-bf1f-46bf-a6ef-c6b6dc534e20}]
C:\WINDOWS\system32\tblqebua.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94D4664D-4C3A-4C26-8221-CB32B79395E4}]
05/13/2008 02:26 PM 371200 --a------ C:\WINDOWS\system32\wvUnKBsQ.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/15/2007 12:43 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 02:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [01/11/2008 06:54 PM]
"Multi-function Keyboard"="GWHotKey.exe" [07/18/2000 10:31 PM C:\WINDOWS\GWHotKey.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [02/12/2008 10:06 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/25/2008 01:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 02:31 PM]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]

C:\Documents and Settings\Branden\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [3/3/2008 9:00:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\urqRKBtu.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRKBtu]
urqRKBtu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnKBsQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-15 18:51:06 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 1500+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 767.48 MiB / 466.85 MiB
Pagefile Memory (total/avail): 1877.78 MiB / 1539.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 83.82 GiB total, 24.27 GiB free.
D: is Fixed (FAT32) - 30.66 GiB total, 7.1 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120P0 - 98.5 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 83.82 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 30.67 GiB - D:

\\.\PHYSICALDRIVE1 - Apple iPod USB Device - 27.95 GiB - 1 partition
\PARTITION0 - Unknown - 27.91 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"="C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe:*:Enabled:XLink Kai Evolution 7 Launcher"
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"="C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe:*:Enabled:XLink Kai Evolution 7 Engine"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Branden\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRANDENSCOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Branden
LOGONSERVER=\\BRANDENSCOM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Branden\LOCALS~1\Temp
TMP=C:\DOCUME~1\Branden\LOCALS~1\Temp
USERDOMAIN=BRANDENSCOM
USERNAME=Branden
USERPROFILE=C:\Documents and Settings\Branden
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Branden (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM MusicLink 2.0.0.4 --> C:\PROGRA~1\AIMMUS~1\UNWISE.EXE C:\PROGRA~1\AIMMUS~1\INSTALL.LOG
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArtRage 2 --> MsiExec.exe /I{78E232B0-C337-4695-BBF0-C1033156CE7B}
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Premium --> C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
CamStudio Lossless Codec --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\DRIVERS\camcodec.inf
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DScaler 5 Mpeg Decoders --> "C:\Program Files\DScaler5\unins000.exe"
Gateway Multi-function Keyboard --> C:\WINDOWS\gwhotkey.exe -U
GCFScape 1.6.7 --> "C:\Program Files\GCFScape\unins000.exe"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.5.7 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~1\objectdock.exe /uninstall
PCI GW-US54Mini2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PLAYSTATION®Network Downloader --> MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prince of Persia The Sands of Time --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealMedia (remove only) --> "C:\Program Files\RealMedia\uninstall.exe"
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
VZAccess Manager for RIM --> MsiExec.exe /X{41E993EE-14C3-413D-A922-4A941AB2BCC1}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPatrol 2008 --> C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XLink Kai Evolution 7 --> MsiExec.exe /X{F90592EC-5E58-4EE6-A333-EC05ED57ACF4}
XML Paper Specification Shared Components Pack 1.0 -->
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"
Zune --> MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3675 / Warning
Event Submitted/Written: 05/15/2008 05:44:27 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3674 / Warning
Event Submitted/Written: 05/15/2008 05:44:27 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3669 / Warning
Event Submitted/Written: 05/15/2008 05:42:39 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3668 / Warning
Event Submitted/Written: 05/15/2008 05:42:38 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll

Event Record #/Type3667 / Warning
Event Submitted/Written: 05/15/2008 05:42:11 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\system32\nnkjvekm.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type90493 / Error
Event Submitted/Written: 05/15/2008 06:02:59 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{77059F38-C6D0-4466-8EEF-DF230616F3B3}.
The backup browser is stopping.

Event Record #/Type90492 / Warning
Event Submitted/Written: 05/15/2008 06:00:41 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\YOUR-E5CNNE9VNU on the network \Device\NetBT_Tcpip_{77059F38-C6D0-4466-8EEF-DF230616F3B3}.
The data is the error code.

Event Record #/Type90473 / Error
Event Submitted/Written: 05/15/2008 05:59:09 PM / 05/15/2008 05:59:40 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type90470 / Error
Event Submitted/Written: 05/15/2008 05:54:53 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type90469 / Error
Event Submitted/Written: 05/15/2008 05:54:05 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}



-- End of Deckard's System Scanner: finished at 2008-05-15 18:51:06 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:45 AM

Posted 19 May 2008 - 07:04 AM

Hello Callmecowboy and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:45 AM

Posted 15 June 2008 - 09:27 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users