Black Screen Issue, Logs included

Status
Not open for further replies.

weewun

In Runtime
Messages
160
Thanks for the reply, I have followed that list through - but I had to perform all of the scans while in XP... I dont know if that makes a difference.

Here are the 3 log files created from running each one if they are usefull.

Malware bytes:

------------------------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3699
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

07/02/2010 16:46:24
mbam-log-2010-02-07 (16-46-24).txt

Scan type: Quick Scan
Objects scanned: 223748
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------------------------------

Hijack this log:

------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:27, on 07/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TEMP\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5417 bytes

------------------------------------------

Combofix log:

------------------------------------------


ComboFix 10-02-06.03 - ian 07/02/2010 16:06:08.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3582.2879 [GMT 0:00]
Running from: c:\documents and settings\TEMP\Desktop\ComboFix.exe
AV: AVG 7.5.503 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-335779782-1840776851-755022586-1000
c:\program files\Common Files\download
c:\program files\Common Files\windows
c:\recycler\S-1-5-21-220523388-746137067-839522115-1003
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\Data
c:\windows\system32\dumphive.exe
c:\windows\system32\gvixilwv.ini
c:\windows\system32\igjuhjjy.ini
c:\windows\system32\ojkxrfts.ini
c:\windows\system32\pppatc~1
c:\windows\system32\Process.exe
c:\windows\system32\qlkefbgn.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\yumdhemo.ini
c:\windows\system32\yyadd.bak1
c:\windows\system32\yyadd.bak2
c:\windows\system32\yyadd.ini
F:\install.exe

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-07 12:58 . 2010-02-07 12:58 -------- d-----w- c:\program files\RogueRemover FREE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-07 16:19 . 2010-02-07 16:19 16160 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 22:57 . 2007-11-07 22:28 -------- d-----w- c:\program files\Steam
2010-01-07 23:10 . 2010-01-07 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 23:10 . 2010-01-07 23:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-07 16:07 . 2010-01-07 23:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2010-01-07 23:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-03-22 00:19 . 2007-03-21 02:38 3472399 ----a-w- c:\program files\ffdshow-rev1056_20070320_xxl.exe
2007-03-22 00:19 . 2006-04-29 19:46 179 ----a-w- c:\program files\Free-Codecs.txt
2007-03-22 00:10 . 2007-03-05 15:15 4145152 ----a-w- c:\program files\mplayerc.exe
2005-06-19 23:38 . 2005-06-19 23:38 109568 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-03-29 01:33 . 2005-02-15 19:31 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-03-29 01:33 . 2005-02-15 19:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-03-29 01:33 . 2007-09-30 22:21 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-03-29 01:33 . 2007-09-30 22:21 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-03-29 01:33 . 2005-02-15 19:31 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^ian.FRANK^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\ian.FRANK\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^ian.FRANK^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\ian.FRANK\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
2007-02-06 12:08 1953792 ------r- c:\windows\system32\JMRaidSetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 00:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 09:43 57344 ----a-w- c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 09:36 267048 ----a-w- f:\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2006-10-30 12:44 36864 ------r- c:\windows\JM\JMInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2006-02-13 16:33 214648 ----a-w- c:\program files\Octoshape Streaming Services\ian\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 22:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-03-21 06:49 16126464 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
2003-05-30 09:42 585728 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2004-05-12 01:03 1038336 ----a-w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 12:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-20 22:55 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-06-14 18:32 132760 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-04-01 17:35 3587120 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Binaries\\UT3.exe"=
"c:\\Program Files\\Electronic Arts\\game.dat"=
"f:\\bfme2\\game.dat"=
"f:\\bfme2\\patchget.dat"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"f:\\soase\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Documents\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"f:\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [09/01/2007 19:37 41025]
S3 gtermddo;gtermddo;c:\docume~1\IAN~1.FRA\LOCALS~1\Temp\gtermddo.sys [07/11/2001 01:33 31744]
.
Contents of the 'Scheduled Tasks' folder

2008-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVG7\avgw.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-Dark Age of Camelot - Shrouded Isles_is1 - c:\mythic\Isles\unins000.exe
AddRemove-Dev-C++ - c:\dev-cpp\uninstall.exe
AddRemove-HijackThis - c:\documents and settings\ian.FRANK\Desktop\HijackThis.exe
AddRemove-Pcsx2_is1 - c:\program files\Pcsx2_0.9.4\unins000.exe
AddRemove-PKR - c:\program files\PKR\uninstall-pkr.exe
AddRemove-RocketCommander - c:\program files\RocketCommander\uninstall.exe
AddRemove-Worldcraft 3 - c:\progra~1\WORLDC~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-07 16:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3680)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-02-07 16:25:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-07 16:25

Pre-Run: 22,893,580,288 bytes free
Post-Run: 23,397,187,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 36E693C031CE703DCD7AC077B15CCF0E

--------------------------------------------
 
Thanks, I have removed the items you said to and here is my new HJT log file.



-----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:45, on 07/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\CTFMON.EXE
C:\Documents and Settings\TEMP\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5168 bytes
 
Log looks good.

I would also recommend updating to SP3 and then the updates after them as well updating to IE8.
 
Ok, here are my HJT and combo fix logs ran from vista :D

(both logs together were slightly too large for post so posting seperatly)

HJT log:
------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:47, on 07/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\TEMP\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\power iso\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM)
O15 - Trusted Zone: http://*.buy-is2010.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4266 bytes

--------------------------------
 
Combo fix log:

--------------------------------

ComboFix 10-02-07.05 - ian 07/02/2010 21:43:33.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2309 [GMT 0:00]
Running from: c:\users\TEMP\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\ms32clod.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Adobe\acrotray .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\recycler\S-1-5-21-842925246-562591055-682003330-1003
C:\s
c:\users\sammy1\AppData\Roaming\.#
c:\users\sammy1\AppData\Roaming\AntiVirus Plus
c:\users\sammy1\AppData\Roaming\AntiVirus Plus\AntiVirus Plus.70700.dll
c:\users\sammy1\AppData\Roaming\avp.ico
c:\users\sammy1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk
c:\users\sammy1\AppData\Roaming\SystemProc
c:\users\sammy1\Desktop\AntiVirus Plus.lnk
c:\windows\msa.exe
c:\windows\run.log
c:\windows\system32\helper32.dll
c:\windows\system32\net.net
c:\windows\system32\pst.dat
c:\windows\system32\smss32 .exe
c:\windows\system32\smss32.exe
c:\windows\system32\spool\prtprocs\w32x86\00006f63.tmp
c:\windows\system32\warning.html
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-07 21:52 . 2010-02-07 21:53 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-02-07 21:52 . 2010-02-07 21:52 -------- d-----w- c:\users\sammy1\AppData\Local\temp
2010-02-07 21:52 . 2010-02-07 21:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-02-07 21:52 . 2010-02-07 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-07 21:31 . 2010-02-07 21:31 8 ----a-w- c:\windows\system32\prt.dat
2010-02-07 21:31 . 2010-02-07 21:31 24064 ----a-w- c:\windows\system32\perfc5932.dat
2010-02-07 21:31 . 2010-02-07 21:31 1 ----a-w- c:\windows\system32\perfc7683.dat
2010-02-07 21:24 . 2010-02-07 21:24 -------- d-----w- c:\users\TEMP\AppData\Local\Mozilla
2010-02-07 21:23 . 2010-02-07 21:27 -------- d-----w- c:\users\TEMP\AppData\Local\Google
2010-02-07 21:07 . 2010-02-07 21:07 0 ----a-w- c:\windows\nsreg.dat
2010-02-07 03:01 . 2010-02-07 03:01 -------- d-----w- c:\programdata\Creative
2010-02-07 03:01 . 2009-07-10 09:07 166912 ----a-w- c:\windows\system32\APOMngr.DLL
2010-02-07 03:01 . 2009-02-06 18:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-02-07 02:58 . 2010-02-07 02:58 56320 ----a-w- C:\ojjw.exe
2010-02-04 23:09 . 2010-02-04 23:09 -------- d-----w- c:\users\sammy1\AppData\Local\AliensVsPredator
2010-02-03 09:01 . 2010-01-08 01:20 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2010-02-03 09:01 . 2010-01-08 01:20 3530520 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2010-02-02 23:20 . 2010-02-02 23:20 -------- d-----w- c:\users\sammy1\AppData\Roaming\Malwarebytes
2010-02-02 23:20 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 23:20 . 2010-02-02 23:20 -------- d-----w- c:\programdata\Malwarebytes
2010-02-02 23:20 . 2010-02-02 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 23:20 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:47 . 2010-01-14 00:47 -------- d-----w- C:\Program
2010-01-13 22:42 . 2010-01-13 22:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-13 22:42 . 2010-01-14 02:24 -------- d-----w- c:\users\sammy1\AppData\Local\LogMeIn Hamachi
2010-01-13 22:35 . 2009-09-23 09:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-01-13 00:49 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 00:49 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
28862-11-01 01:26 . 28862-11-01 01:26 11264 ----a-w- c:\windows\system32\lfmej6ot.tmp
2010-02-07 21:02 . 2007-08-21 23:19 -------- d-----w- c:\program files\Google
2010-02-07 20:09 . 2008-08-03 21:34 -------- d-----w- c:\programdata\Google Updater
2010-02-07 02:25 . 2007-08-25 21:25 -------- d-----w- c:\users\sammy1\AppData\Roaming\U3
2010-02-06 12:29 . 2009-02-08 19:45 -------- d-----w- c:\users\sammy1\AppData\Roaming\Spotify
2010-02-04 01:15 . 2008-05-02 21:59 -------- d-----w- c:\users\sammy1\AppData\Roaming\uTorrent
2010-01-21 22:46 . 2009-03-27 12:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 11:12 . 2009-10-02 15:55 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2010-01-13 03:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 01:20 . 2008-10-23 16:00 -------- d-----w- c:\programdata\avg8
2010-01-08 01:17 . 2010-01-08 01:17 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 06:38 . 2010-01-21 22:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 22:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 22:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-04 00:13 . 2008-04-20 14:12 1 ----a-w- c:\users\sammy1\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-11-30 18:02 . 2009-11-30 18:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 18:02 . 2009-11-30 18:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-30 01:43 . 2009-09-26 00:43 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-20 03:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
.
Code:
<pre>
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-07 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-02-07 56320]
"PWRISOVM.EXE"="f:\power iso\PowerISO\PWRISOVM.EXE" [2010-02-07 56320]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^ian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
c:\program files\Kontiki\KHost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-09-26 00:43 520024 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arctosa]
2008-10-06 14:03 147456 ----a-w- c:\program files\Razer\Arctosa\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asg984jgkfmgasi8ug98jgkfgfb]
c:\users\ian\AppData\Local\Temp\smss.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollaborationHost]
2008-01-19 07:33 192000 ----a-w- c:\windows\System32\p2phost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
c:\program files\Razer\DeathAdder\razerhid.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro]
c:\program files\Error Repair Professional\autostart.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 13:03 292128 ----a-w- e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
c:\program files\Kontiki\KHost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos]
c:\windows\system32\sshnas.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- e:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]
c:\windows\system32\net.net [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDBPL]
c:\users\ian\AppData\Roaming\SystemProc\lsass.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe]
c:\windows\system32\smss32.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-20 23:01 1217808 ----a-w- f:\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-07 21:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transcode360]
f:\transcode 360\Transcode360\Transcode360Tray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
f:\regboost\uniblue\registrybooster\StartRegistryBooster.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygua8e7yhuiesfha876yfauy8fe]
c:\users\ian\AppData\Local\Temp\xfagjgnv.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):74,4d,31,ab,df,27,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [25/04/2009 00:43 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/10/2008 16:00 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/02/2009 13:51 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/10/2008 16:00 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/10/2008 16:00 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [18/04/2008 16:23 10880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 02:54 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 21:34 1028432]
S3 ArcFltr;Arctosa Keyboard;c:\windows\System32\drivers\Arctosa.sys [12/08/2009 12:19 16896]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [16/09/2008 00:40 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:43]

2010-02-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-21 00:42]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:54]

2010-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 02:54]

2010-02-07 c:\windows\Tasks\User_Feed_Synchronization-{665FBCF0-840B-470D-A683-9D271B519EC8}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
FF - ProfilePath - c:\users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\4vy5u210.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AntiVirus Plus - c:\users\ian\AppData\Roaming\AntiVirus Plus\AntiVirus Plus.70700.dll
AddRemove-EasyBCD - c:\program files\NeoSmart Technologies\EasyBCD\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-07 21:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-07 21:57:35
ComboFix-quarantined-files.txt 2010-02-07 21:57
ComboFix2.txt 2010-02-07 16:25

Pre-Run: 2,658,754,560 bytes free
Post-Run: 3,437,830,144 bytes free

- - End Of File - - 11C152D4F69959E75270DB37BEBBB56E
 
yes, I have changed my back ground - I havent tried re-booting yet incase whatever was wrong comes back :S does it look relatively safe for now?
 
Ok, I managed to get back into my origional vista log on by renaming the folder back to it's correct name. It 'looks' fine...

attaching new combo fix and HJT log files.

Combo fix:

ComboFix 10-02-07.06 - ian 08/02/2010 0:52.5.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3582.2461 [GMT 0:00]
Running from: f:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\windows\system32\smss32 .exe
c:\windows\system32\smss32.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-08 01:00 . 2010-02-08 01:01 -------- d-----w- c:\users\ian\AppData\Local\temp
2010-02-08 01:00 . 2010-02-08 01:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-08 01:00 . 2010-02-08 01:00 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-02-08 01:00 . 2010-02-08 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-07 21:31 . 2010-02-07 21:31 8 ----a-w- c:\windows\system32\prt.dat
2010-02-07 21:31 . 2010-02-07 21:31 24064 ----a-w- c:\windows\system32\perfc5932.dat
2010-02-07 21:31 . 2010-02-07 21:31 1 ----a-w- c:\windows\system32\perfc7683.dat
2010-02-07 21:07 . 2010-02-07 21:07 0 ----a-w- c:\windows\nsreg.dat
2010-02-07 03:01 . 2010-02-07 03:01 -------- d-----w- c:\programdata\Creative
2010-02-07 03:01 . 2009-07-10 09:07 166912 ----a-w- c:\windows\system32\APOMngr.DLL
2010-02-07 03:01 . 2009-02-06 18:52 73728 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-02-07 02:58 . 2010-02-07 02:58 56320 ----a-w- C:\ojjw.exe
2010-02-04 23:09 . 2010-02-04 23:09 -------- d-----w- c:\users\ian\AppData\Local\AliensVsPredator
2010-02-03 09:01 . 2010-01-08 01:20 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2010-02-03 09:01 . 2010-01-08 01:20 3530520 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2010-02-02 23:20 . 2010-02-02 23:20 -------- d-----w- c:\users\ian\AppData\Roaming\Malwarebytes
2010-02-02 23:20 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 23:20 . 2010-02-02 23:20 -------- d-----w- c:\programdata\Malwarebytes
2010-02-02 23:20 . 2010-02-02 23:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 23:20 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 00:47 . 2010-01-14 00:47 -------- d-----w- C:\Program
2010-01-13 22:42 . 2010-01-13 22:42 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-13 22:42 . 2010-01-14 02:24 -------- d-----w- c:\users\ian\AppData\Local\LogMeIn Hamachi
2010-01-13 22:35 . 2009-09-23 09:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-01-13 00:49 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 00:49 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 01:02 . 2010-02-08 01:02 56320 ----a-w- c:\windows\system32\smss32.exe
2010-02-07 22:39 . 2006-11-02 08:48 56320 ----a-w- c:\windows\system32\rundll32.exe
2010-02-07 21:02 . 2007-08-21 23:19 -------- d-----w- c:\program files\Google
2010-02-07 20:09 . 2008-08-03 21:34 -------- d-----w- c:\programdata\Google Updater
2010-02-07 02:25 . 2007-08-25 21:25 -------- d-----w- c:\users\ian\AppData\Roaming\U3
2010-02-06 12:29 . 2009-02-08 19:45 -------- d-----w- c:\users\ian\AppData\Roaming\Spotify
2010-02-04 01:15 . 2008-05-02 21:59 -------- d-----w- c:\users\ian\AppData\Roaming\uTorrent
2010-01-21 22:46 . 2009-03-27 12:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 11:12 . 2009-10-02 15:55 181120 ----a-w- c:\windows\system32\MpSigStub.exe
2010-01-13 03:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 01:20 . 2008-10-23 16:00 -------- d-----w- c:\programdata\avg8
2010-01-08 01:17 . 2010-01-08 01:17 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-02 06:38 . 2010-01-21 22:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 22:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 22:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-04 00:13 . 2008-04-20 14:12 1 ----a-w- c:\users\ian\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-11-30 18:02 . 2009-11-30 18:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 18:02 . 2009-11-30 18:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-30 01:43 . 2009-09-26 00:43 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2009-11-20 03:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
.
Code:
<pre>
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Windows Live\Messenger\msnmsgr    .exe
c:\program files\Windows Live\Messenger\msnmsgr   .exe
c:\program files\Windows Live\Messenger\msnmsgr  .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-02-07_21.53.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 23:35 . 2010-02-07 23:35 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
+ 2007-08-08 18:42 . 2010-02-07 23:32 76332 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-02-08 00:50 69284 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-08-08 17:37 . 2010-02-08 00:50 15350 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-335779782-1840776851-755022586-1000_UserData.bin
+ 2010-02-07 21:02 . 2010-02-08 00:25 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2010-02-07 21:02 . 2010-02-07 21:12 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2006-11-02 13:02 . 2010-02-07 21:31 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-02-08 00:48 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-08 00:33 . 2010-02-08 00:07 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2006-11-02 13:02 . 2010-02-07 21:31 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2010-02-08 00:48 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-07 22:43 . 2010-02-08 00:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-02-08 00:26 . 2010-02-08 00:26 9202 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
+ 2010-02-07 23:30 . 2010-02-08 00:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-07 20:56 . 2010-02-07 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-07 20:56 . 2010-02-07 21:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-07 23:30 . 2010-02-08 00:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 10:33 . 2010-02-07 21:26 656164 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-02-08 00:55 656164 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-02-08 00:55 127862 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-02-07 21:26 127862 c:\windows\System32\perfc009.dat
+ 2009-08-09 19:23 . 2010-02-08 00:48 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-09 19:23 . 2010-02-07 21:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 13:02 . 2010-02-07 21:31 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-02-08 00:48 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-30 21:05 . 2009-08-28 12:59 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-08-30 21:05 . 2010-02-07 22:42 245760 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-07 23:35 . 2010-02-07 23:35 331264 c:\windows\Installer\5347d.msi
+ 2006-11-02 10:22 . 2010-02-07 23:35 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2010-01-27 14:21 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-05 00:17 . 2010-02-07 23:35 245063821 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\windows live\messenger\msnmsgr .exe" [2010-02-08 56320]
"PlayNC Launcher"="" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-07 39408]
"smss32.exe"="c:\windows\system32\smss32.exe" [2010-02-08 56320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-02-08 56320]
"PWRISOVM.EXE"="f:\power iso\PowerISO\PWRISOVM.EXE" [2010-02-08 56320]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-02-08 56320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^ian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
c:\program files\Kontiki\KHost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-09-26 00:43 520024 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Arctosa]
2008-10-06 14:03 147456 ----a-w- c:\program files\Razer\Arctosa\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asg984jgkfmgasi8ug98jgkfgfb]
c:\users\ian\AppData\Local\Temp\smss.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CollaborationHost]
2008-01-19 07:33 192000 ----a-w- c:\windows\System32\p2phost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
c:\program files\Razer\DeathAdder\razerhid.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro]
c:\program files\Error Repair Professional\autostart.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 13:03 292128 ----a-w- e:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
c:\program files\Kontiki\KHost.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LosAlamos]
c:\windows\system32\sshnas.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 11:54 5674352 ----a-w- e:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\net]
c:\windows\system32\net.net [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDBPL]
c:\users\ian\AppData\Roaming\SystemProc\lsass.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smss32.exe]
2010-02-08 01:02 56320 ----a-w- c:\windows\System32\smss32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-20 23:01 1217808 ----a-w- f:\steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-07 21:25 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Transcode360]
f:\transcode 360\Transcode360\Transcode360Tray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
f:\regboost\uniblue\registrybooster\StartRegistryBooster.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ygua8e7yhuiesfha876yfauy8fe]
c:\users\ian\AppData\Local\Temp\xfagjgnv.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):74,4d,31,ab,df,27,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [25/04/2009 00:43 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23/10/2008 16:00 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/02/2009 13:51 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/10/2008 16:00 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/10/2008 16:00 297752]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [18/04/2008 16:23 10880]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [06/01/2010 02:54 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 21:34 1028432]
S3 ArcFltr;Arctosa Keyboard;c:\windows\System32\drivers\Arctosa.sys [12/08/2009 12:19 16896]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [16/09/2008 00:40 21504]

-- log too large for single post
 
Status
Not open for further replies.
Back
Top Bottom