Tech Pro,
Sorry for using too many words.
Here is the Main txt. from DDS.
I will post the extra in the next post.
Thanks,
Freddy
Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-25 11:36:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
109: 2008-06-25 18:36:25 UTC - RP1895 - Deckard's System Scanner Restore Point
108: 2008-06-24 08:43:40 UTC - RP1894 - System Checkpoint
107: 2008-06-23 07:59:49 UTC - RP1893 - Removed Medal of Honor Allied Assault
106: 2008-06-23 06:23:59 UTC - RP1892 - Installed AVG Free 8.0
105: 2008-06-23 05:14:24 UTC - RP1891 - Removed Java(TM) SE Runtime Environment 6 Update 1
-- First Restore Point --
1: 2008-03-27 20:25:51 UTC - RP1787 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:30, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\winlogon.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\MOMSCL~1\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-21-1707882242-1971481716-257188867-1009\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'scott')
O4 - HKUS\S-1-5-21-1707882242-1971481716-257188867-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'scott')
O4 - HKUS\S-1-5-21-1707882242-1971481716-257188867-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'scott')
O4 - HKUS\S-1-5-21-1707882242-1971481716-257188867-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'scott')
O4 - HKUS\S-1-5-21-1707882242-1971481716-257188867-1009\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'scott')
O4 - HKUS\S-1-5-21-1707882242-1971481716-257188867-1011\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'QBDataServiceUser17')
O4 - S-1-5-21-1707882242-1971481716-257188867-1011 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'QBDataServiceUser17')
O4 - S-1-5-21-1707882242-1971481716-257188867-1011 User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'QBDataServiceUser17')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} -
http://ra.intuit.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} -
http://ra.intuit.com/sdccommon/download/ssrc.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) -
http://h20278.www2.hp.com/CSMWeb/Cus...ataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...35/mcfscan.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) -
http://h30155.www3.hp.com/ediags/hpn...p.cab?1,0,0,94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = teamiw
O17 - HKLM\Software\..\Telephony: DomainName = teamiw
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = teamiw
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = teamiw
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)
--
End of file - 7642 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
S0 black - c:\windows\system32\drivers\blackdrv.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 fixustor - c:\windows\system32\drivers\fixustor.sys <Not Verified; Genesys Logic; USB storage patch driver>
S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 STV673 (WebCam II) - c:\windows\system32\drivers\stv673.sys <Not Verified; STMicroelectronics; ST-VIBU STV673 Camera Driver>
S3 XIRLINK (IBM PC Camera) - c:\windows\system32\drivers\c-itnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>
S4 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S4 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20061113.031\symidsco.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 QBCFMonitorService (QuickBooks Database Manager Service) - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs. exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-05-25 and 2008-06-25 -----------------------------
2008-06-24 21:11:13 0 d-------- C:\Documents and Settings\scott\Application Data\Macromedia
2008-06-24 21:11:13 0 d-------- C:\Documents and Settings\scott\Application Data\Adobe
2008-06-24 21:07:03 0 d-------- C:\Documents and Settings\scott\Application Data\Talkback
2008-06-24 21:06:46 0 d-------- C:\Documents and Settings\scott\Application Data\Mozilla
2008-06-24 01:27:40 0 dr------- C:\Documents and Settings\scott\My Documents
2008-06-24 01:27:40 0 d-------- C:\Documents and Settings\scott\Application Data\AVGTOOLBAR
2008-06-23 10:21:46 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 00:52:44 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-23 00:11:08 0 d-------- C:\VundoFix Backups
2008-06-22 23:51:54 0 d--h----- C:\$AVG8.VAULT$
2008-06-22 23:50:13 1526 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-22 23:48:09 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-22 23:48:09 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-22 23:48:09 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-22 23:48:09 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-22 23:42:13 0 d-------- C:\Program Files\MSConfig CleanUp
2008-06-22 23:39:02 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-22 23:39:02 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-22 23:39:02 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-22 23:39:02 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-22 23:39:02 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-22 23:39:01 0 d-------- C:\Program Files\Trojan Remover
2008-06-22 23:39:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2008-06-22 23:39:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-22 23:37:37 0 d-------- C:\Program Files\CCleaner
2008-06-22 23:37:13 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-22 23:37:13 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-22 23:37:08 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-22 23:24:07 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-22 23:24:07 0 d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-06-22 23:24:00 0 d-------- C:\Program Files\AVG
2008-06-22 23:23:59 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-22 00:58:04 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-22 00:56:54 0 d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-06-07 10:22:14 0 d-------- C:\Documents and Settings\Owner\Application Data\ACD Systems
2008-06-02 13:09:18 16 --a------ C:\WINDOWS\system32\syspvm-03.dll
2008-06-02 13:09:17 0 d-------- C:\Program Files\MVP Software
-- Find3M Report ---------------------------------------------------------------
2008-06-23 16:40:58 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-23 16:40:41 0 d-------- C:\Program Files\Yahoo!
2008-06-23 11:38:00 93184 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-06-22 23:35:45 0 d-------- C:\Program Files\Common Files
2008-06-22 23:20:01 0 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-06-22 22:14:43 0 d-------- C:\Program Files\Java
2008-06-22 14:40:25 0 d-------- C:\Program Files\Real
2008-06-22 14:39:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 14:36:47 0 d-------- C:\Program Files\HP
2008-06-22 14:36:31 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-22 14:27:43 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-06-22 14:21:38 0 d-------- C:\Program Files\Click'N Design 3D (V5)
2008-05-14 16:29:34 0 d-------- C:\Documents and Settings\Owner\Application Data\GameHouse
2008-05-14 16:27:19 0 d-------- C:\Documents and Settings\Owner\Application Data\Eyeblaster
2008-05-01 12:22:37 0 d-------- C:\Program Files\CrossLoop
2008-04-09 10:30:44 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-04-09 10:30:44 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-03-27 22:05:41 96577 --a------ C:\WINDOWS\hpqins16.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/22/2008 23:24 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/22/2008 23:24]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [06/03/2008 20:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 15:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{04b74c36-9d34-11db-978e-0050da616570}]
AutoRun\command- G:\LaunchU3.exe -a
-- Hosts -----------------------------------------------------------------------
192.168.1.4 HP001560495FD5
192.168.1.3 HP0017A4225C1B
192.168.1.4 HP00187160CCDA
-- End of Deckard's System Scanner: finished at 2008-06-25 11:40:30 ------------
Can someone here analyze my Hijack log please? [F] 
Linear Mode
