Installed new theme, now I hear music..

jbrdbr111x · May 22, 2008

I installed a new theme off of one of the recommended websites in an older post, and now every time I re-boot a minute later this techno music plays, and I can't find a way to stop it.. I've ran spybot S&D and I've also had AVG running the whole time when I did install the theme..

I've since un-installed the theme and the theme installation program, but it's still there.. Any ideas, I just wanted a different XP theme??

cohen · May 22, 2008

oh... well.... it might be a under the windows sounds.....

Also Run a Hijackthis and post your Log in hear. Also note - Do a system scan only

GameMaster · May 22, 2008

Lol it's OK, we'll fix it using a program.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the "Config..." button on the bottom right"
Click on the tab "Misc Tools"
Check the 2 boxes next to the Box that says "Generate StartupList log"
Copy and past the StartupList from the notepad into your next post

The reason why am I asking for a startup list is because the techno music you hear happens on booting.

cohen · May 22, 2008

GameMaster said:
Lol it's OK, we'll fix it using a program.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.

By default it will install to C:\Program Files\Hijack This.

Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.

Put a check by Create a desktop icon then click Next again.

Continue to follow the rest of the prompts from there.

At the final dialogue box click Finish and it will launch Hijack This.

Click on the "Config..." button on the bottom right"

Click on the tab "Misc Tools"

Check the 2 boxes next to the Box that says "Generate StartupList log"

Copy and past the StartupList from the notepad into your next post

The reason why am I asking for a startup list is because the techno music you hear happens on booting.

Exactly what i want

but can't wait till i'm trained!

jbrdbr111x · May 22, 2008

Logfile of HijackThis v1.99.1
Scan saved at 6:04:20 AM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Startup: pfkipmysr.lnk = C:\WINDOWS\system32\pfkipmysr.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194670305542
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211093213340
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

I think that's everything...

jbrdbr111x · May 22, 2008

I can't put the start up log because the forums say it's too long...

cohen · May 22, 2008

jbrdbr111x said:
I can't put the start up log because the forums say it's too long...

attach the txt file.

GameMaster · May 22, 2008

Wow, too long? Really wonder how many stuff do you have there lol.
Please put your text document you got as a startup log as an attachment.
In your next post, go Advanced
Under the Submit Reply you will find another section of options and Manage Attachments. Insert that text document and post.

jbrdbr111x · May 22, 2008

Your file of 33.8 KB bytes exceeds the forum's limit of 19.5 KB for this filetype. Is what I'm getting..

GameMaster · May 22, 2008

OK could you post it in parts then? One part in one post, the other one i the other post...and so on until it's posted?

jbrdbr111x · May 22, 2008

StartupList report, 5/22/2008, 6:26:42 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16608)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jeremy\Start Menu\Programs\Startup]
pfkipmysr.lnk = C:\WINDOWS\system32\pfkipmysr.exe
Xfire.lnk = C:\Program Files\Xfire\xfire.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

StartCCC = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
AsusStartupHelp = C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Aim6 =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

jbrdbr111x · May 22, 2008

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - {A057A204-BACC-4D26-9990-79A187E2698E}
(no name) - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll - {D187A56B-A33F-4CBE-9D77-459FC0BAE012}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file:///C:/WINDOWS/Java/classes/xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
CODEBASE = http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194670305542

[System Requirements Lab Class]
InProcServer32 = C:\Program Files\SystemRequirementsLab\sysreqlab2.dll
CODEBASE = http://www.systemrequirementslab.com/sysreqlab2.cab
OSD = C:\WINDOWS\Downloaded Program Files\SysReqLab2.osd

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1211093213340

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Crucial cpcScan]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\cpcScan.dll
CODEBASE = http://crucial.com/controls/cpcScanner.cab

[InetDownload Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WMDownload.dll
CODEBASE = https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Acronis Scheduler2 Service: "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" (autostart)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
AsIO: system32\drivers\AsIO.sys (system)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG8 WatchDog: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (autostart)
AVG AVI Loader Driver x86: \SystemRoot\System32\Drivers\avgldx86.sys (system)
AVG On-access Scanner Minifilter Driver x86: \SystemRoot\System32\Drivers\avgmfx86.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Capture Device Service: "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (disabled)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DVD-RAM_Service: C:\WINDOWS\system32\DVDRAMSV.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast-Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IlvMoneyDRIVER53: \??\C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Rar$EX28.547\IlvMoney1105.sys (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
meiudf: System32\Drivers\meiudf.sys (system)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
ATK0110 ACPI UTILITY: system32\DRIVERS\ASACPI.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NMIndexingService: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (disabled)
npkcmsvc: C:\Nexon\Mabinogi\npkcmsvc.exe (autostart)
npkcrypt: \??\C:\Nexon\MapleStory\npkcrypt.sys (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
PnkBstrA: C:\WINDOWS\system32\PnkBstrA.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SANDRA: \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{586A5BD2-FCAD-4E8D-A46C-96DB1A2B9C07} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Smarthide TAP driver: system32\DRIVERS\tap0801.sys (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acronis True Image FS Filter: system32\DRIVERS\tifsfilt.sys (autostart)
Acronis True Image Backup Archive Explorer: system32\DRIVERS\timntr.sys (system)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft AGPv3.5 Filter: System32\DRIVERS\uagp35.sys (system)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
viagfx: system32\DRIVERS\vtmini.sys (manual start)
ViaIde: System32\DRIVERS\viaide.sys (system)
videX32: system32\DRIVERS\videX32.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): system32\DRIVERS\wanatw4.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Jeremy\LOCALS~1\Temp\GLB1A2B.EXE||C:\DOCUME~1\Jeremy\LOCALS~1\Temp\~nsu.tmp\Au_.exe|||\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 35,318 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

GameMaster · May 22, 2008

Lol this is far worse then just a music. You have some infections in your log.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

jbrdbr111x · May 22, 2008

ComboFix 08-05-21.3 - Jeremy 2008-05-22 16:24:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1471 [GMT -4:00]
Running from: C:\Documents and Settings\Jeremy\My Documents\My Received Files\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
C:\WINDOWS\system32\_000005_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 05:23 . 2008-05-22 05:23 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-22 05:13 . 2008-04-26 16:14 42,672 --------- C:\WINDOWS\system32\wbsys.dll
2008-05-22 04:45 . 2008-05-22 05:05 <DIR> d-------- C:\Program Files\Stardock
2008-05-22 01:01 . 2008-05-22 01:01 1,224 --a------ C:\WINDOWS\system32\msexcr.ini
2008-05-20 21:16 . 2008-05-20 21:16 <DIR> d-------- C:\Program Files\Intel Corporation
2008-05-18 03:01 . 2008-05-18 03:01 <DIR> d-------- C:\WINDOWS\system32\windows media
2008-05-18 02:52 . 2008-05-18 02:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-18 02:49 . 2007-04-18 12:12 2,854,400 --a------ C:\WINDOWS\system32\SET5E0.tmp
2008-05-16 22:11 . 2008-05-16 22:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 22:11 . 2008-05-16 22:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\HP
2008-05-16 18:46 . 2007-01-23 15:46 438,272 -ra------ C:\WINDOWS\system32\hpg400co.dll
2008-05-16 18:46 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-16 18:46 . 2004-08-04 00:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-16 18:44 . 2008-05-16 18:44 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-16 18:44 . 2008-05-16 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-16 18:41 . 2008-05-16 18:43 <DIR> d-------- C:\Program Files\Common Files\HP
2008-05-16 18:40 . 2008-05-16 18:40 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-05-16 18:40 . 2008-05-16 18:40 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-16 18:38 . 2008-05-16 18:41 <DIR> d-------- C:\Program Files\HP
2008-05-16 18:36 . 2008-05-16 18:46 100,887 --a------ C:\WINDOWS\hpgins17.dat
2008-05-16 18:36 . 2007-01-23 04:25 284 --------- C:\WINDOWS\hpgmdl17.dat
2008-05-15 20:41 . 2008-05-15 20:42 <DIR> d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro
2008-05-15 18:57 . 2008-05-15 12:18 57,344 --a------ C:\WINDOWS\system32\pfkipmysr.exe
2008-05-13 21:29 . 2008-05-13 21:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-11 22:05 . 2008-05-11 22:05 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\MPEG Streamclip
2008-05-11 05:33 . 2008-05-11 05:34 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\DVD Flick
2008-05-11 05:33 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-05-11 05:33 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.ocx
2008-05-11 05:33 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\system32\mbmouse.ocx
2008-05-11 05:33 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\system32\trayicon.ocx
2008-05-11 05:07 . 2008-05-11 05:13 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\AVSMedia
2008-05-11 05:07 . 2008-05-11 05:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-11 05:06 . 2008-05-11 21:04 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-05-11 04:37 . 2008-05-11 04:37 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\Pegasys Inc
2008-05-11 04:34 . 2008-05-11 04:34 145,504 --a------ C:\WINDOWS\system32\bgsvcgen.exe
2008-05-11 04:34 . 2008-05-11 04:34 59,488 --a------ C:\WINDOWS\system32\GenSvcInst.exe
2008-05-11 04:34 . 2008-05-11 04:34 33,408 --a------ C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2008-05-11 00:56 . 2008-05-22 06:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 00:56 . 2008-05-11 00:56 <DIR> d-------- C:\Program Files\AVG
2008-05-11 00:56 . 2008-05-16 04:07 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\AVGTOOLBAR
2008-05-11 00:56 . 2008-05-11 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 00:56 . 2008-05-11 00:56 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 00:56 . 2008-05-11 00:56 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-10 22:20 . 2008-05-13 23:19 <DIR> d-------- C:\WINDOWS\system32\temp
2008-05-10 21:21 . 2008-05-10 21:21 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-05-10 21:21 . 2008-05-10 22:21 <DIR> d-------- C:\Program Files\Burn4Free
2008-05-10 21:21 . 2008-05-10 21:21 232,077 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_7906.exe
2008-05-10 03:20 . 2008-05-10 03:20 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-10 02:49 . 2008-05-10 02:49 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-05-10 02:49 . 2008-05-10 02:51 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\Ulead Systems
2008-05-10 02:48 . 2008-05-10 02:48 <DIR> d-------- C:\Program Files\Windows Media Components
2008-05-10 02:48 . 2008-05-10 02:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-10 00:17 . 2008-05-10 00:28 26 --a------ C:\WINDOWS\dvdSanta.INI
2008-05-09 23:27 . 2008-05-09 23:27 <DIR> d-------- C:\TempDVD
2008-05-09 23:27 . 2008-05-11 04:55 <DIR> d-------- C:\Program Files\dvdSanta
2008-05-09 18:05 . 2008-05-09 18:05 <DIR> d-------- C:\Program Files\DVD-RAM
2008-05-09 18:05 . 2008-05-09 18:05 405,504 --a------ C:\WINDOWS\system32\DVDTool.exe
2008-05-09 18:05 . 2008-05-09 18:05 233,472 --a------ C:\WINDOWS\system32\DVDTools.dll
2008-05-09 18:05 . 2008-05-09 18:05 155,648 --a------ C:\WINDOWS\system32\RAMASST.exe
2008-05-09 18:05 . 2008-05-09 18:05 135,168 --a------ C:\WINDOWS\system32\DVDMenu.dll
2008-05-09 18:05 . 2008-05-09 18:05 110,592 --a------ C:\WINDOWS\system32\DVDRAMSV.exe
2008-05-09 18:05 . 2008-05-09 18:05 102,384 --a------ C:\WINDOWS\system32\drivers\meiudf.sys
2008-05-09 04:59 . 2008-05-09 04:59 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\Ahead
2008-05-09 04:58 . 2008-05-10 20:01 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-05-07 15:31 . 2008-05-07 19:22 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\Move Networks
2008-05-03 03:35 . 2008-05-03 03:36 <DIR> d-------- C:\MyBackup
2008-05-03 03:34 . 2008-05-03 03:37 <DIR> d-------- C:\Program Files\Premium Booster
2008-05-02 23:07 . 2008-05-09 23:17 <DIR> d-------- C:\Program Files\ASUS
2008-05-02 23:07 . 2006-01-11 04:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-05-02 23:07 . 2006-10-19 15:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-05-02 23:06 . 2008-05-02 23:06 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-05-02 23:02 . 2008-05-02 23:02 <DIR> d-------- C:\Program Files\CCleaner
2008-05-02 01:34 . 2008-05-15 16:49 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-02 01:34 . 2008-05-02 01:34 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-02 01:34 . 2008-05-15 16:49 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-30 23:49 . 2008-05-01 22:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 21:50 . 2008-04-30 22:06 <DIR> d-------- C:\Program Files\iCall
2008-04-29 21:22 . 2008-04-29 21:22 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\ATI
2008-04-29 21:22 . 2008-04-29 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-29 21:15 . 2008-04-29 21:15 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-29 21:14 . 2008-04-29 21:18 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-29 21:14 . 2007-06-29 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-29 21:11 . 2007-06-26 21:30 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-04-29 21:11 . 2007-06-26 21:30 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-04-29 21:11 . 2007-06-26 21:30 972,072 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-04-29 21:11 . 2007-06-26 21:59 344,064 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-04-29 21:11 . 2007-06-26 21:56 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-04-29 21:11 . 2007-06-05 13:40 149,278 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-29 21:11 . 2007-04-11 21:33 7,069 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-04-29 19:58 . 2008-04-29 19:58 <DIR> d-------- C:\ATI
2008-04-29 06:18 . 2008-04-29 06:18 <DIR> dr-h----- C:\Documents and Settings\Jeremy\Application Data\SecuROM
2008-04-29 06:18 . 2008-04-29 06:18 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-29 06:17 . 2008-04-29 06:17 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-29 06:11 . 2008-04-29 06:11 22,328 --a------ C:\Documents and Settings\Jeremy\Application Data\PnkBstrK.sys
2008-04-29 06:04 . 2008-04-29 06:04 <DIR> d-------- C:\Program Files\Activision
2008-04-29 05:53 . 2004-08-04 01:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-29 05:53 . 2004-08-04 01:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-29 05:53 . 2004-08-04 01:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-29 05:53 . 2004-08-04 01:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-29 05:53 . 2004-08-04 02:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-29 05:53 . 2004-08-04 02:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-29 00:41 . 2008-04-29 06:17 <DIR> d-------- C:\Documents and Settings\Jeremy\Application Data\GetRightToGo
2008-04-28 19:15 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-04-28 19:14 . 2008-04-28 19:14 0 --a------ C:\WINDOWS\Irremote.ini
2008-04-24 13:21 . 2008-05-20 21:29 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-24 13:21 . 2008-04-24 13:21 <DIR> d-------- C:\AeriaGames
2008-04-22 05:59 . 2008-05-09 23:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-22 05:53 . 2008-04-22 05:53 4 --a------ C:\WINDOWS\msoffice.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 09:57 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-05-21 02:03 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Xfire
2008-05-20 06:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-20 06:13 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-05-20 06:05 --------- d-----w C:\Program Files\Xfire
2008-05-11 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-09 08:58 --------- d-----w C:\Program Files\Nero
2008-04-29 23:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-28 23:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-22 09:54 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-22 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-22 09:53 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\AOL
2008-04-21 05:49 --------- d-----w C:\Program Files\NeroInstall.bak
2008-04-21 05:48 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\Nero
2008-04-17 04:40 1,049,662 ----a-w C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-15 02:14 --------- d-----w C:\Program Files\ValuSoft
2008-04-15 02:14 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-04-14 21:26 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\LimeWire
2008-04-11 07:22 1,882,904 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
2008-04-11 07:19 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis
2008-04-11 07:16 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-04-11 07:16 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-04-11 07:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-04-11 07:15 368,544 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-04-11 07:15 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-04-11 07:15 --------- d-----w C:\Program Files\Acronis
2008-04-10 22:46 --------- d-----w C:\Program Files\Java
2008-04-10 22:45 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 05:02 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-04 01:39 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Xfire
2008-04-02 19:39 --------- d-----w C:\Program Files\LocalCooling
2008-04-02 19:38 --------- d-----w C:\Program Files\ImgBurn
2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-24 04:12 --------- d-----w C:\Documents and Settings\Jeremy\Application Data\vlc
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 20:27 155,995 ----a-w C:\WINDOWS\java\Packages\UY9BN5VH.ZIP
2008-03-05 20:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\SET697.tmp
2008-02-29 04:14 223,744 ----a-w C:\WINDOWS\system32\b4fm.dll
2008-02-25 07:20 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-25 07:20 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-02-24 18:39 5,832 ----a-w C:\Program Files\install.log
2007-12-09 04:10 620 -c--a-w C:\Program Files\JohnDeere.cfg
2006-05-30 01:25 73,727 -c--a-w C:\Program Files\irrm-installer.bat
2006-05-30 01:16 132,199 -c--a-w C:\Program Files\irrm-9x.bat
2006-05-30 00:57 104 -c--a-w C:\Program Files\irrm-reg.reg
2006-04-11 20:14 4,793 -c--a-w C:\Program Files\ReadMe.txt
2005-10-01 18:00 75,264 ----a-w C:\Program Files\irrm-uha.exe
2005-07-23 00:59 2,319,568 ----a-w C:\Program Files\d3dx9_27.dll
2005-07-14 15:06 847,920 ----a-w C:\Program Files\Python22.dll
2005-07-12 20:58 74,573 -c--a-w C:\Program Files\JD.cfl
2005-07-12 20:58 5,191 -c--a-w C:\Program Files\DebugWindow.gib
2005-07-12 20:58 155,648 ----a-w C:\Program Files\boost_python.dll
2005-07-12 20:58 1,378 -c--a-w C:\Program Files\ProfilerWindow.gib
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-11 00:56 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-05-10 21:21 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-05-10 21:21 806912]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-11 00:56 2050816]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-11 00:56 2050816]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll [2008-05-10 21:21 806912]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-15 02:25 363008]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 00:56 1177368]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\Jeremy\Start Menu\Programs\Startup\
pfkipmysr.lnk - C:\WINDOWS\system32\pfkipmysr.exe [2008-05-15 18:57:55 57344]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-13 21:29:28 3007824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2005-05-04 14:43 69632 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.1\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1200484601\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LocalCooling]
C:\Program Files\LocalCooling\localcooling.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-ra------ 2007-01-31 14:54 16116224 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-17 14:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 05:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP

xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-18 17:22]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 00:56]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 00:56]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]
S2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 01:31]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\DOCUME~1\Jeremy\LOCALS~1\Temp\Rar$EX28.547\IlvMoney1105.sys []
S3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2007-10-12 09:07]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 16:25:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-22 16:25:48
ComboFix-quarantined-files.txt 2008-05-22 20:25:46

Pre-Run: 458,896,551,936 bytes free
Post-Run: 458,903,277,568 bytes free

319

PS.. Does this mean AVG is worthless or is this something that anti-viruses can't detect?

cohen · May 22, 2008

No this doesn't mean AVG is worthless it still picks up things but this tells us what runs.... so the exe file that is running for AVG it isn't a virus.... so it would scan it but wouldn't pick it up as a virus.

jbrdbr111x · May 22, 2008

hmm.. are there any programs out there than can run in the background that can detect these things?

G25r8cer · May 22, 2008

Every antivirus runs in the background! They scan things automatically as you download things or scan im's and e-mails etc

jbrdbr111x · May 22, 2008

g25racer said:
Every antivirus runs in the background! They scan things automatically as you download things or scan im's and e-mails etc

Yes but AVG didn't detect this so that's why I wanted to know if there were specific programs that ran in the background that could detect what happened to me..

voyagerfan99 · May 22, 2008

Did you check your startup sounds?

cohen · May 23, 2008

jbrdbr111x said:
Yes but AVG didn't detect this so that's why I wanted to know if there were specific programs that ran in the background that could detect what happened to me..

But this isn't a virus.... so AVG would no detect it.

When you have installed the theme.... it has kept it there.... so i might suggest a system restore

before you installed the theme

What do other guys say??

Installed new theme, now I hear music..

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

Active Member

New Member

Master of Turning Things Off and Back On Again

New Member