Win32.Small.ddx Trojan Detected! I keep removing it but it keeps re-appearing! [Archive]

View Full Version : Win32.Small.ddx Trojan Detected! I keep removing it but it keeps re-appearing!

King Justice

2008-03-12, 06:23

Hello!

I cannot find anything on the web for this Trojan that Spybot Search & Destroy has detected called Win32.Small.ddx.

I've searched Google and everybody whose had it is confused and it seems that there's no way to remove it! I don't know what it does but I want it gone! I don't want my system compromised or my personal data collected!

I am running Windows Vista Ultimate 32-bit OS! Please help me, it says its found in a FireFox bookmark or something? Please help me remove this... :( I've tried deleting my temp files, clearing cache, clearing everything in FireFox (cookies, cache etc), and removing it with Spybot Search & Destroy, but NOTHING is working! :(

Attached is the log generated by Spybot Search & Destroy!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 13, 2008 12:19:41 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/03/2008
Kaspersky Anti-Virus database records: 627048
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 160706
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:04:12

Infected Object Name / Virus Name / Last Action
C:\Program Files\muvee Technologies\muvee autoProducer 5.0 - HPD\Flash\mv_hp_ap5_quicktour.exe Infected: Trojan-Dropper.Win32.Agent.fvr skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\avg7\Log\emc.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee3e659dc7edcfed857b629a6ee409d3_160743ab-e113-48df-a9f3-11022244a459 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031320080314\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\UsrClass.dat{42c7f4dc-3833-11dc-88b5-001a921e6258}.TM.blf Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\UsrClass.dat{42c7f4dc-3833-11dc-88b5-001a921e6258}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\UsrClass.dat{42c7f4dc-3833-11dc-88b5-001a921e6258}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows Defender\FileTracker\{ECFABA9B-E7BD-4214-9B7B-D06A7A299FA0} Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Temp\hsperfdata_Justice McCay\864 Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Mozilla\Firefox\Profiles\477y5tn0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Mozilla\Firefox\Profiles\477y5tn0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Mozilla\Firefox\Profiles\477y5tn0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Justice McCay\AppData\Local\Mozilla\Firefox\Profiles\477y5tn0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Mozilla\Firefox\Profiles\477y5tn0.default\cert8.db Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Mozilla\Firefox\Profiles\477y5tn0.default\history.dat Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Mozilla\Firefox\Profiles\477y5tn0.default\key3.db Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Mozilla\Firefox\Profiles\477y5tn0.default\parent.lock Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Mozilla\Firefox\Profiles\477y5tn0.default\search.sqlite Object is locked skipped
C:\Users\Justice McCay\AppData\Roaming\Mozilla\Firefox\Profiles\477y5tn0.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Justice McCay\NTUSER.DAT Object is locked skipped
C:\Users\Justice McCay\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Justice McCay\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Justice McCay\NTUSER.DAT{701e3ba8-a39f-11dc-b4d6-001a921e6258}.TM.blf Object is locked skipped
C:\Users\Justice McCay\NTUSER.DAT{701e3ba8-a39f-11dc-b4d6-001a921e6258}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Justice McCay\NTUSER.DAT{701e3ba8-a39f-11dc-b4d6-001a921e6258}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Public\Documents\Config\desktop2.idf Object is locked skipped
C:\Users\Public\Documents\Fonts\SwUniNew.tff Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\sam.log Object is locked skipped
C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\OMEGA-PC.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\ZALog2008.03.11.txt Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.persist.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SAM Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\IntelDH.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\Temp\nmsmc_DQLWinService.log Object is locked skipped
C:\WINDOWS\Temp\ZLT03e12.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06ec8.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped
D:\$RECYCLE.BIN\Protect.ed Object is locked skipped

Scan process completed.

King Justice

2008-03-14, 03:40

HJT Log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:33 PM, on 3/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\PixArt\Pac7311\Monitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9727 bytes

little eagle

2008-03-18, 03:40

Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net

2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.

King Justice

2008-03-19, 13:48

King Justice

2008-03-19, 13:49

ComboFix 08-03-18.1 - Justice McCay 2008-03-19 8:37:37.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1257 [GMT -4:00]
Running from: C:\Users\Justice McCay\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-19 08:21 . 2008-03-19 08:21 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-03-19 08:21 . 2008-03-19 08:21 <DIR> d-------- C:\ProgramData\NVIDIA
2008-03-18 01:21 . 2008-01-08 13:10 98,304 --a------ C:\WINDOWS\RTKAUDIOSERVICE.EXE
2008-03-18 01:21 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-03-18 01:20 . 2008-01-15 11:26 4,874,240 --a------ C:\WINDOWS\RtHDVCpl.exe
2008-03-18 01:20 . 2008-01-07 19:30 2,156,544 --a------ C:\WINDOWS\System32\RtkAPO.dll
2008-03-18 01:20 . 2008-01-15 19:19 2,047,576 --a------ C:\WINDOWS\System32\drivers\RTKVHDA.sys
2008-03-18 01:20 . 2007-11-07 17:31 1,191,936 --a------ C:\WINDOWS\RtlUpd.exe
2008-03-18 01:20 . 2008-01-09 18:52 636,416 --a------ C:\WINDOWS\System32\RtkPgExt.dll
2008-03-18 01:20 . 2007-11-13 12:35 532,480 --a------ C:\WINDOWS\System32\RTSndMgr.cpl
2008-03-18 01:20 . 2006-12-13 10:30 339,968 --a------ C:\WINDOWS\System32\SRSTSXT.dll
2008-03-18 01:20 . 2008-03-18 01:20 315,392 --a------ C:\WINDOWS\HideWin.exe
2008-03-18 01:20 . 2007-07-25 09:33 135,168 --a------ C:\WINDOWS\System32\SRSWOW.dll
2008-03-18 01:20 . 2008-01-14 16:18 29,696 --a------ C:\WINDOWS\System32\RtkCoInst.dll
2008-03-16 22:37 . 2008-03-16 22:37 <DIR> d-------- C:\Program Files\Xenu
2008-03-14 20:27 . 2008-03-14 20:27 <DIR> d-------- C:\Users\Justice McCay\Program Files
2008-03-14 15:56 . 2008-03-15 01:24 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\BitTorrent
2008-03-14 15:55 . 2008-03-19 08:31 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\DNA
2008-03-14 15:55 . 2008-03-14 15:55 <DIR> d-------- C:\Program Files\DNA
2008-03-14 15:55 . 2008-03-14 15:55 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-13 23:49 . 2008-03-13 23:49 <DIR> d-------- C:\Program Files\Logitech
2008-03-13 23:49 . 2005-04-12 19:09 159,744 --a------ C:\WINDOWS\System32\WmJoyFrc.dll
2008-03-13 23:49 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\System32\drivers\WmXlCore.sys
2008-03-13 23:49 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\System32\drivers\WmFilter.sys
2008-03-13 23:49 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\System32\drivers\WmBEnum.sys
2008-03-13 23:49 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\System32\drivers\WmVirHid.sys
2008-03-13 23:48 . 2008-03-13 23:49 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-13 22:35 . 2008-03-13 22:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-13 02:27 . 2008-03-13 02:27 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-03-11 20:25 . 2007-12-16 18:50 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys
2008-03-11 20:25 . 2007-12-16 05:56 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys
2008-03-11 18:29 . 2008-03-11 18:29 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\PlayFirst
2008-03-10 12:26 . 2008-03-10 12:26 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\teamspeak2
2008-03-10 12:25 . 2008-03-10 12:25 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-03-10 12:25 . 2008-03-10 12:25 34,064 --a------ C:\WINDOWS\System32\lhacm.acm
2008-03-06 00:24 . 2008-03-06 00:24 <DIR> d-------- C:\Program Files\Password Safe
2008-03-04 09:36 . 2008-03-17 21:20 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\gtk-2.0
2008-03-04 09:26 . 2008-03-19 02:30 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\.purple
2008-03-04 09:25 . 2008-03-04 09:26 <DIR> d-------- C:\Program Files\Aspell
2008-03-04 09:23 . 2008-03-04 09:26 <DIR> d-------- C:\Program Files\Pidgin
2008-03-04 09:23 . 2008-03-04 09:23 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-02-29 21:14 . 2008-02-29 21:14 <DIR> d-------- C:\Program Files\Kelsey Medeiros
2008-02-29 21:14 . 2008-02-29 21:14 471,552 --a------ C:\WINDOWS\uninstall.exe
2008-02-25 23:16 . 2008-02-25 23:16 1,024 --a------ C:\.rnd
2008-02-25 23:10 . 2008-02-25 23:10 <DIR> d-------- C:\Users\Justice McCay\AppData\Roaming\demoxi
2008-02-25 23:09 . 2008-02-25 23:09 <DIR> d-------- C:\Program Files\demoxi
2008-02-23 17:16 . 2008-02-23 17:16 <DIR> d-------- C:\Program Files\NovaTech Network

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 12:21 --------- d-----w C:\Users\Justice McCay\AppData\Roaming\OpenOffice.org2
2008-03-19 12:20 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-03-19 06:30 --------- d-----w C:\Users\Justice McCay\AppData\Roaming\.purple
2008-03-19 01:39 --------- d-----w C:\Users\Justice McCay\AppData\Roaming\AVG7
2008-03-18 19:00 --------- d-----w C:\ProgramData\avg7
2008-03-18 05:20 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-18 05:20 --------- d-----w C:\Program Files\Realtek
2008-03-15 06:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 20:01 --------- d-----w C:\Program Files\Opera
2008-03-13 19:47 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 05:33 1,748 ----a-w C:\Users\Justice McCay\AppData\Roaming\wklnhst.dat
2008-03-12 02:07 --------- d-----w C:\Program Files\Windows Mail
2008-03-09 03:46 --------- d-----w C:\ProgramData\WildTangent
2008-02-28 03:01 --------- d-----w C:\Program Files\Windows Live
2008-02-20 03:20 4,564,658 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-02-18 05:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-18 04:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 04:45 691,545 ----a-w C:\Windows\unins000.exe
2008-02-14 03:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 03:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 03:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 03:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 03:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 03:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 03:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 03:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 03:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 03:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 03:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 03:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 03:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 03:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 03:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 03:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 03:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 03:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 03:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 03:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 03:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 03:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-04 16:28 --------- d-----w C:\Users\Justice McCay\AppData\Roaming\acccore
2008-02-01 16:11 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-29 22:23 --------- d-----w C:\Program Files\Zune
2008-01-26 19:42 --------- d-----w C:\ProgramData\AOL OCP
2008-01-26 19:40 --------- d-----w C:\ProgramData\Viewpoint
2008-01-26 19:40 --------- d-----w C:\ProgramData\AOL
2008-01-26 19:40 --------- d-----w C:\Program Files\Viewpoint
2008-01-26 19:40 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-26 19:35 --------- d-----w C:\Users\Justice McCay\AppData\Roaming\LAIM
2008-01-24 22:04 --------- d-----w C:\ProgramData\Lavasoft
2008-01-24 22:03 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-11 22:54 245,664 ----a-w C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-01-11 22:39 70,656 ----a-w C:\Windows\System32\ZuneIpTransport.dll
2008-01-11 22:39 62,464 ----a-w C:\Windows\System32\ZuneUsbTransport.dll
2008-01-11 22:39 35,840 ----a-w C:\Windows\System32\ZuneUsbCOnnection.dll
2008-01-11 22:39 145,408 ----a-w C:\Windows\System32\ZuneMTPZ.dll
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-10 03:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 08:31 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-09 00:39 1,551,872 ----a-w C:\Windows\Internet Logs\xDB7B37.tmp
2007-08-31 07:12 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-03-19_ 8.29.33.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-19 12:21:38 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-19 12:35:27 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-19 12:26:18 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-19 12:37:40 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:02 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:34 125440]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-14 15:55 287040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-22 02:33 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"Monitor"="C:\Windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 11:01 319488]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-23 19:11 579072]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 18:11 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 18:54 166304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 17:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 17:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 17:59 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 15:48 219136]

C:\Users\Justice McCay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]
Password Safe.lnk - C:\Program Files\Password Safe\pwsafe.exe [2008-02-22 03:07:58 1650688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-07-23 22:11 9216 C:\WINDOWS\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2ED663E3-778F-4E99-9BE3-5DE5FB4D8050}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{E2942A5D-4BC9-413A-9326-DC602035C448}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{2D680015-0825-4F91-87D1-EF29D573C832}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{EF72610E-80DD-40DF-B78B-5C0B27B850C3}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{205FBD55-B4FA-48F9-B39F-7836A45BE024}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3ED6FCF3-D811-4340-8CDD-7B6EA7B703E2}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{3FFFF43A-FBF0-423F-8CA6-9993E099B065}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{269517E0-42DE-4686-9A59-D2C4FFF2A5BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{F4D964D5-1CEA-4A58-B150-33B3CABB6616}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{FA8AABEC-0164-43AC-8A5D-C923EB39FC3E}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{2E5E81F6-9D12-4F26-951A-B895B4A608EE}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{942DB6B2-DB31-466B-8FC1-F3DFBDFF278F}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{FD9F74CC-98FD-469B-BACA-D0254C14F5FD}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{AFA2AD64-F0EB-4531-B74F-B0980316D1F7}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E75BC54D-EFDF-441B-8879-82A87EBC2DC2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6CA4A13D-8597-45BA-843E-CA1518CD0BFD}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{176EAD02-5833-4500-9F3A-CF36051C7509}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F972D2CE-6380-40F8-B35D-98B90BD9EAF7}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0FD725AE-BE5A-4F69-A6E8-C67E21E5386A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AE70B563-4628-4F3D-A4FB-2D7FDCFA1DC4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{50EA47FD-F08C-43D3-A1F2-558A5E734CF0}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2DA7DDCF-3DBC-47A9-BAEB-55464F589657}"= UDP:C:\Program Files\Manolito\Manolito.exe:Manolito
"{898C1EEE-F274-4DBC-82D5-399E7690DF0C}"= TCP:C:\Program Files\Manolito\Manolito.exe:Manolito
"{713907B9-A7C8-42A1-928E-2887E23D8209}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6294793A-BCD5-4E75-AAD4-0BD5CA71B0E2}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{081696BE-4319-406B-B6BA-17DB5C5DF704}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{B56F9FB0-3B3D-4AEE-88C0-92410CC264C8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-08-07 15:26]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 17:47]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 15:47]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2006-11-22 18:16]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]
S3 cur_bus;Curitel USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\cur_bus.sys [2005-07-19 18:39]
S3 cur_mdfl;Curitel Packet Service Filter;C:\Windows\system32\DRIVERS\cur_mdfl.sys [2005-07-19 18:40]
S3 cur_mdm;Curitel Packet Service Drivers;C:\Windows\system32\DRIVERS\cur_mdm.sys [2005-07-19 18:40]
S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\cur_serd.sys [2005-07-19 18:42]
S3 PAC7311;VGA USB Camera;C:\Windows\system32\DRIVERS\PA707UCM.SYS [2006-11-08 09:59]
S3 usbprint;Microsoft USB PRINTER Class;C:\Windows\system32\DRIVERS\usbprint.sys [2006-11-02 05:14]
S3 VST_DPV;VST_DPV;C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 03:41]
S3 VSTHWBS2;VSTHWBS2;C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 03:41]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 18:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 05:42:56 C:\Windows\Tasks\User_Feed_Synchronization-{CD19A71F-49E6-4FFC-AE5D-CE4EB2BEEA18}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 08:38:22
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-03-19 8:38:46
ComboFix2.txt 2008-03-19 12:29:40
.
2008-03-13 17:50:33 --- E O F ---

King Justice

2008-03-19, 13:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:21 AM, on 3/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\PixArt\Pac7311\Monitor.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Users\Justice McCay\Program Files\DNA\btdna.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9165 bytes

[B]

little eagle

2008-03-20, 02:18

You can remove this in add and remove programs.

Viewpoint

--------------------------------

Looks like this may be a false positive.

Do you have a flash drive installed?
If so keep it in and run this Click HERE (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan

* You need to use IE to run this scan
* Once you are on the Panda site click the Scan your PC button
* A new window will open...click the Check Now button
* Enter your Country
* Enter your State/Province
* Enter your e-mail address and click send
* Select either Home User or Company
* Click the big Scan Now button
* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
* When download is complete, click on My Computer to start the scan
* When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report