Win32:Agent-HOP [Wrm] ..Avast cannot delete file

[extreme_21]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
 ->  -> File not found
!AVG Anti-Spyware -> %ProgramFiles%\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 5:25:42 AM | Attr =    ]
AudioDeck -> %ProgramFiles%\VIA\VIAudioi\SBADeck\ADeck.exe -> VIA Technologies, Inc. [Ver = 6, 3, 4, 0 | Size = 528384 bytes | Modified Date = 11/2/2006 4:57:56 PM | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 75392 bytes | Modified Date = 4/30/2007 11:42:48 AM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\GRISOFT\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 8:29:58 AM | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr =    ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ ->  ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->  ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1       localhost ->  ->
< Internet Explorer Settings > ->  ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\SYSTEM32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.google.ca/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] ->  ->

[extreme_21]

< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 12:08:42 AM | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr =    ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:42 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr =    ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel ->  -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0D5919AE-6FE7-486D-9403-BC00EF4C7A47} ->    (Linksys Wireless-G USB Network Adapter) ->
{3C2B5E85-E35F-4403-98BA-CFD222C24119} ->    (VIA Rhine II Fast Ethernet Adapter) ->
{5697D3FA-43C3-447B-B180-36CCF55E8FAC} ->    () ->
{887BBED2-CA05-4681-8CC2-7EFE985B9EEF} ->    () ->
{A8E81EC8-4D45-46BF-A69C-9DA33CBDE79D} ->    (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) ->
{D03BCDE3-5D60-4AA8-946E-4F02EBCD2230} ->    () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/FacebookPhotoUploader.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177258613250 ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171083299846 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ->  - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->
{E8F628B5-259A-4734-97EE-BA914D7BE941} -> Driver Agent ActiveX Control - CodeBase = http://driveragent.com/files/driveragent.cab ->

[extreme_21]

[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Created Date = 6/19/2007 4:58:05 PM | Attr =    ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 6/16/2007 10:21:02 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 787271680 bytes | Created Date = 1/1/1601 5:00:00 AM | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 6/16/2007 10:03:06 PM | Attr =    ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 6/20/2007 10:45:02 PM | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 6/21/2007 11:55:43 PM | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 6/22/2007 6:00:24 PM | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 6/20/2007 10:45:02 PM | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 6/21/2007 11:55:43 PM | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 6/22/2007 6:00:24 PM | Attr =  H ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 6/15/2007 7:23:21 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 7/12/2007 8:54:47 PM | Attr =    ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ ->  [Folder | Created Date = 6/13/2007 2:07:20 AM | Attr =  H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ ->  [Folder | Created Date = 6/13/2007 2:04:37 AM | Attr =  H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ ->  [Folder | Created Date = 6/13/2007 2:06:57 AM | Attr =  H ]
$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ ->  [Folder | Created Date = 7/10/2007 11:24:53 PM | Attr =  H ]
catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 104960 bytes | Created Date = 6/16/2007 9:55:10 PM | Attr =    ]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 6/28/2007 8:53:46 PM | Attr =  HS]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 6/16/2007 10:06:25 PM | Attr =    ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 6/16/2007 9:55:09 PM | Attr =    ]
appmgmt -> %System32%\appmgmt ->  [Folder | Created Date = 6/24/2007 9:34:16 AM | Attr =    ]
gold.exe -> %System32%\gold.exe -> Emergy Development [Ver = 1.00 | Size = 178688 bytes | Created Date = 6/25/2007 4:09:24 PM | Attr =    ]
GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Created Date = 6/25/2007 2:41:14 PM | Attr =  H ]
initdebug.nfo -> %System32%\initdebug.nfo ->  [Ver =  | Size = 45 bytes | Created Date = 6/25/2007 2:56:01 PM | Attr =    ]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Created Date = 6/15/2007 6:02:03 PM | Attr =    ]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 6/16/2007 5:15:50 PM | Attr =    ]
rt2500usb.cat -> %System32%\rt2500usb.cat ->  [Ver =  | Size = 8022 bytes | Created Date = 7/3/2007 9:31:12 PM | Attr =    ]
rt2500usb.sys -> %System32%\rt2500usb.sys -> Ralink Technology Inc. [Ver = 2.01.00.0000 | Size = 245376 bytes | Created Date = 7/3/2007 9:31:12 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Created Date = 6/16/2007 9:55:09 PM | Attr =    ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 6/16/2007 9:55:09 PM | Attr =    ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/16/2007 9:55:09 PM | Attr =    ]
vfind.exe -> %System32%\vfind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 6/16/2007 9:55:09 PM | Attr =    ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Created Date = 6/30/2007 5:03:22 PM | Attr =    ]
WLAN.INI -> %System32%\WLAN.INI ->  [Ver =  | Size = 1668 bytes | Created Date = 7/3/2007 9:31:05 PM | Attr =    ]
WUSB20XP.sys -> %System32%\WUSB20XP.sys -> Cisco-Linksys, LLC. [Ver = 1.0.8 | Size = 339488 bytes | Created Date = 7/3/2007 9:31:12 PM | Attr =    ]
WUSB54G.cat -> %System32%\WUSB54G.cat ->  [Ver =  | Size = 8090 bytes | Created Date = 7/3/2007 9:31:12 PM | Attr =    ]
WUSB54GV2.cat -> %System32%\WUSB54GV2.cat ->  [Ver =  | Size = 7846 bytes | Created Date = 7/3/2007 9:31:12 PM | Attr =    ]
WUSBGXP.sys -> %System32%\WUSBGXP.sys -> Cisco-Linksys, LLC. [Ver = 3.00.12 | Size = 374752 bytes | Created Date = 7/3/2007 9:31:12 PM | Attr =    ]
AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Created Date = 7/3/2007 9:31:13 PM | Attr =    ]
AvgArCln.sys -> %System32%\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 6/24/2007 1:08:52 PM | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 6/25/2007 10:37:26 PM | Attr =    ]
hosts.ics -> %System32%\drivers\etc\hosts.ics ->  [Ver =  | Size = 374 bytes | Created Date = 7/3/2007 6:58:36 PM | Attr =    ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 6/16/2007 6:33:24 PM | Attr =  H ]

[extreme_21]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Modified Date = 6/22/2007 5:58:34 PM | Attr =    ]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 6/16/2007 11:21:04 PM | Attr =    ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 7/11/2007 10:29:20 PM | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 7/12/2007 9:58:36 PM | Attr =    ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 6/24/2007 10:26:48 AM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 787271680 bytes | Modified Date = 7/12/2007 10:14:44 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 7/3/2007 10:31:08 PM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 6/16/2007 11:03:08 PM | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 6/24/2007 10:28:06 AM | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 6/24/2007 2:09:08 PM | Attr =  H ]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 6/25/2007 5:42:12 PM | Attr =  H ]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 6/25/2007 11:53:44 PM | Attr =  H ]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/9/2007 12:29:36 AM | Attr =  H ]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/9/2007 7:09:38 AM | Attr =  H ]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/12/2007 12:02:42 AM | Attr =  H ]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 7/12/2007 10:13:48 PM | Attr =  H ]
sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 6/20/2007 11:45:04 PM | Attr =  H ]
sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 6/22/2007 12:55:44 AM | Attr =  H ]
sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 6/22/2007 7:00:26 PM | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 6/24/2007 2:09:08 PM | Attr =  H ]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 6/25/2007 5:42:12 PM | Attr =  H ]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 6/25/2007 11:53:44 PM | Attr =  H ]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/9/2007 12:29:36 AM | Attr =  H ]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/9/2007 7:09:38 AM | Attr =  H ]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/12/2007 12:02:42 AM | Attr =  H ]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 7/12/2007 10:13:48 PM | Attr =  H ]
sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 6/20/2007 11:45:04 PM | Attr =  H ]
sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 6/22/2007 12:55:44 AM | Attr =  H ]
sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 6/22/2007 7:00:26 PM | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 6/25/2007 3:08:16 PM | Attr =  HS]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 6/30/2007 6:15:48 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 7/12/2007 9:52:56 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 7/12/2007 9:54:48 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 7/10/2007 9:19:36 PM | Attr =  H ]
$NtUninstallKB929123$ -> %SystemRoot%\$NtUninstallKB929123$ ->  [Folder | Modified Date = 6/13/2007 3:07:22 AM | Attr =  H ]
$NtUninstallKB935839$ -> %SystemRoot%\$NtUninstallKB935839$ ->  [Folder | Modified Date = 6/13/2007 3:04:38 AM | Attr =  H ]
$NtUninstallKB935840$ -> %SystemRoot%\$NtUninstallKB935840$ ->  [Folder | Modified Date = 6/13/2007 3:06:58 AM | Attr =  H ]
$NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ ->  [Folder | Modified Date = 7/11/2007 12:24:54 AM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 7/12/2007 10:14:46 PM | Attr =   S]
cache -> %SystemRoot%\cache ->  [Folder | Modified Date = 7/3/2007 10:41:36 PM | Attr =    ]

[extreme_21]

catchme.exe -> %SystemRoot%\catchme.exe ->  [Ver =  | Size = 104960 bytes | Modified Date = 7/4/2007 7:21:06 PM | Attr =    ]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 7/2/2007 2:16:56 PM | Attr =  HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 6/22/2007 9:00:46 PM | Attr =   S]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 7/12/2007 10:11:32 PM | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 6/19/2007 8:21:50 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 7/11/2007 12:25:08 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 7/12/2007 9:58:36 PM | Attr =  HS]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 6/17/2007 12:11:58 AM | Attr =    ]
od5.ini -> %SystemRoot%\od5.ini ->  [Ver =  | Size = 32380 bytes | Modified Date = 7/2/2007 3:03:44 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 7/12/2007 10:23:58 PM | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 7/12/2007 12:03:06 AM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 246 bytes | Modified Date = 7/11/2007 10:29:20 PM | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 7/12/2007 10:10:32 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 6/24/2007 11:25:08 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 7/12/2007 10:20:28 PM | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 7/10/2007 11:07:18 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1171 bytes | Modified Date = 7/11/2007 10:29:20 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 6/30/2007 4:16:04 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 7/12/2007 10:15:06 PM | Attr =  H ]
appmgmt -> %System32%\appmgmt ->  [Folder | Modified Date = 7/12/2007 9:57:20 PM | Attr =    ]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 7/9/2007 7:05:20 AM | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 7/10/2007 9:19:30 PM | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 7/12/2007 10:12:52 PM | Attr =    ]
CONFIG.NT -> %System32%\CONFIG.NT ->  [Ver =  | Size = 2626 bytes | Modified Date = 6/24/2007 11:44:00 PM | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 7/11/2007 12:24:58 AM | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 7/12/2007 10:19:22 PM | Attr =    ]
gold.exe -> %System32%\gold.exe -> Emergy Development [Ver = 1.00 | Size = 178688 bytes | Modified Date = 6/25/2007 11:15:18 PM | Attr =    ]
GroupPolicy -> %System32%\GroupPolicy ->  [Folder | Modified Date = 6/25/2007 3:41:16 PM | Attr =  H ]
initdebug.nfo -> %System32%\initdebug.nfo ->  [Ver =  | Size = 45 bytes | Modified Date = 6/25/2007 3:56:04 PM | Attr =    ]
Kaspersky Lab -> %System32%\Kaspersky Lab ->  [Folder | Modified Date = 6/15/2007 7:02:04 PM | Attr =    ]
nscompat.tlb -> %System32%\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 6/16/2007 6:15:52 PM | Attr =    ]
Restore -> %System32%\Restore ->  [Folder | Modified Date = 6/24/2007 9:23:18 PM | Attr =    ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Modified Date = 7/11/2007 4:59:06 PM | Attr =    ]
VundoFixSVC.exe -> %System32%\VundoFixSVC.exe -> Atribune.org [Ver = 1.00.0002 | Size = 24576 bytes | Modified Date = 6/30/2007 6:03:24 PM | Attr =    ]
WLAN.INI -> %System32%\WLAN.INI ->  [Ver =  | Size = 1668 bytes | Modified Date = 7/3/2007 10:46:12 PM | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1374 bytes | Modified Date = 7/12/2007 10:16:36 PM | Attr =    ]
AegisP.sys -> %System32%\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.3.0 | Size = 20747 bytes | Modified Date = 7/3/2007 10:46:52 PM | Attr =    ]
etc -> %System32%\drivers\etc ->  [Folder | Modified Date = 7/12/2007 10:15:40 PM | Attr =    ]
UMDF -> %System32%\drivers\UMDF ->  [Folder | Modified Date = 6/16/2007 7:33:26 PM | Attr =    ]
hosts.ics -> %System32%\drivers\etc\hosts.ics ->  [Ver =  | Size = 374 bytes | Modified Date = 7/3/2007 7:58:38 PM | Attr =    ]
Msft_User_WpdMtpDr_01_00_00.Wdf -> %System32%\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 6/16/2007 7:33:26 PM | Attr =  H ]

[extreme_21]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 ,  -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 997, 0 | Size = 745600 bytes | Modified Date = 4/30/2007 11:46:10 AM | Attr =    ]
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41397 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =    ]
UPX! , UPX0 ,  -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.7 | Size = 139776 bytes | Modified Date = 7/11/2007 4:59:06 PM | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 8/4/2004 8:00:00 AM | Attr =    ]
PEC2 ,  -> %System32%\drivers\VcommMgr.sys -> IVT Corporation [Ver = 2.20 | Size = 82148 bytes | Modified Date = 11/5/2004 11:39:08 AM | Attr =    ]

< End of report >

[mauserme]

Please upload these files to Virus Total and post the analysis results

C:\WINDOWS\system32\system.exe

C:\Windows\System32\nscompat.tlb

C:\Windows\server.exe

If you're unable to find server.exe that's OK.

[extreme_21]

File nscompat.tlb received on 07.15.2007 22:55:53 (CET)


Antivirus Version Last Update Result
AhnLab-V3 2007.7.14.0 2007.07.14 no virus found
AntiVir 7.4.0.42 2007.07.15 no virus found
Authentium 4.93.8 2007.07.13 no virus found
Avast 4.7.997.0 2007.07.13 no virus found
AVG 7.5.0.476 2007.07.15 no virus found
BitDefender 7.2 2007.07.15 no virus found
CAT-QuickHeal 9.00 2007.07.14 no virus found
ClamAV devel-20070416 2007.07.15 no virus found
DrWeb 4.33 2007.07.15 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3784 2007.07.14 no virus found
Ewido 4.0 2007.07.14 no virus found
FileAdvisor 1 2007.07.15 no virus found
Fortinet 2.91.0.0 2007.07.14 no virus found
F-Prot 4.3.2.48 2007.07.13 no virus found
Ikarus T3.1.1.8 2007.07.15 no virus found
Kaspersky 4.0.2.24 2007.07.15 no virus found
McAfee 5074 2007.07.13 no virus found
Microsoft 1.2704 2007.07.15 no virus found
NOD32v2 2399 2007.07.14 no virus found
Norman 5.80.02 2007.07.13 no virus found
Panda 9.0.0.4 2007.07.15 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.14 no virus found
Symantec 10 2007.07.15 no virus found
TheHacker 6.1.6.146 2007.07.13 no virus found
VBA32 3.12.0.2 2007.07.14 no virus found
VirusBuster 4.3.23:9 2007.07.15 no virus found
Webwasher-Gateway 6.0.1 2007.07.15 no virus found
Aditional information
File size: 23392 bytes
MD5: a32b14be5edae794fce1a9e970827509
SHA1: 80539593beddf90c348139d01e25d4687e0249cf

[extreme_21]

**there was no system.exe file, so i just scanned the file labelled "system"**

File system received on 07.15.2007 23:05:40 (CET)


Antivirus Version Last Update Result
AhnLab-V3 2007.7.14.0 2007.07.14 no virus found
AntiVir 7.4.0.42 2007.07.15 no virus found
Authentium 4.93.8 2007.07.13 no virus found
Avast 4.7.997.0 2007.07.13 no virus found
AVG 7.5.0.476 2007.07.15 no virus found
BitDefender 7.2 2007.07.15 no virus found
CAT-QuickHeal 9.00 2007.07.14 no virus found
ClamAV devel-20070416 2007.07.15 no virus found
DrWeb 4.33 2007.07.15 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3784 2007.07.14 no virus found
Ewido 4.0 2007.07.14 no virus found
FileAdvisor 1 2007.07.15 no virus found
Fortinet 2.91.0.0 2007.07.14 no virus found
F-Prot 4.3.2.48 2007.07.13 no virus found
Ikarus T3.1.1.8 2007.07.15 no virus found
Kaspersky 4.0.2.24 2007.07.15 no virus found
McAfee 5074 2007.07.13 no virus found
Microsoft 1.2704 2007.07.15 no virus found
NOD32v2 2399 2007.07.14 no virus found
Norman 5.80.02 2007.07.13 no virus found
Panda 9.0.0.4 2007.07.15 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.14 no virus found
Symantec 10 2007.07.15 no virus found
TheHacker 6.1.6.146 2007.07.13 no virus found
VBA32 3.12.0.2 2007.07.14 no virus found
VirusBuster 4.3.23:9 2007.07.15 no virus found
Webwasher-Gateway 6.0.1 2007.07.15 no virus found
Aditional information
File size: 192019 bytes
MD5: 521451e79921ac7653dda8819028826c
SHA1: 817287b1d9e9cdc88115332aa998d40261bd029d

[extreme_21]

as for the server.exe..it cannot be found

[extreme_21]

the problem I'm still having is the computer shutting down on it's own...i'm running speedfan to monitor temps and voltage..all appear within spec. It can stay on all day or only a few hours..even on boot up it'll shut down when the windows xp black screen appears...only way i'm able to get around that is to start up in safe mode then run a scheduled boot scan with avast...then i can restart in normal mode without a problem..but even just to power back on the computer after it shuts down on it's own, i need to disconnect the power..wait 10 seconds, connect the power and turn it on from the front then go through that whole safe mode process

[mauserme]

I keep getting pop-up windows, my comp gets really slow..my clock changes from 12h to 24h and my computer will randomly shut down, when I try to restart it shuts down at the windows boot screen..the only way to restart is in safe mode..i then run avast thorough scan..then restart as normal. Avast is also going crazy with warnings...but they keep coming back..some can't even be deleted/repaired/moved+renamed. I tried getting help on another forum, but no luck.

That's how you described things in your first post with us.  Prior to coming here you indicated the computer was so slow you couldn't even type normally.

Are the slowness, popups, and clock changes now gone but the spontaneous reboots and detections while scanning in safe mode remain?

What does avast! detect at this point - ie name of malware, file name and path.  Are the detections only with an on-demand scan or in real time too?


Let's also have a run with SDFix:

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, double click SDFix.exe and install to the default location by clicking Install.  The SDFix Folder will be extracted to %systemdrive% \ (Drive that contains the Windows directory - typically 'C:\SDFix') Open the SDFix folder in Safe Mode then double click the RunThis.bat file to start the fixtool.  Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.  Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.  When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

[extreme_21]

ok, so right now all I'm having is the random shut downs..as for any avast notices of virus's or even pop-ups are all of gone, or at least all the pop-ups are deleted..the computer is back to speed. I'm starting to think maybe I have a hardware problem for the shut downs, just what puzzles me is how i can run the avast scan in safe mode and start up fine afterwards..here's the scans as requested..thanx:



SDFix: Version 1.91

Run by Chris on Thu 07/19/2007 at 10:59 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
 


                                 Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\Colleen\Local Settings\Application Data\Microsoft\Messenger\sweetmama4@hotmail.com\Sharing Folders\firestn@hotmail.com\Thumbs.db
C:\Documents and Settings\Colleen\Local Settings\Application Data\Microsoft\Messenger\sweetmama4@hotmail.com\Sharing Folders\happypostie@hotmail.com\Picture\Thumbs.db
C:\Program Files\DssEvolution.com\KeyRipper\Setup.exe
C:\Program Files\DssEvolution.com\KeyRipper\Setup.ini
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\Mavis Beacon Teaches Typing.exe
C:\Program Files\DssEvolution.com\KeyRipper\Setup.exe
C:\NTBOOTDD.SYS
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

                                 Finished

[extreme_21]

Logfile of HijackThis v1.99.1
Scan saved at 11:14:58 PM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Chris\Desktop\AntiVirus Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108w.bay108.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177258613250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171083299846
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)

[mauserme]

Have you ever used Microsoft Remote Assistance on this computer?  It, or something trying to look like it, has been allowed through the Windows Firewall.


Oh, and BTW, wares and crack sites are often the source of the sort of malware you have (had?).  Careful what you download and where you download from.

Just thought I would mention it ...