Solved msnmsgr.exe

[Resolved] msnmsgr.exe

I know this MSN messenger. But I have noticed latly that there is about 25 to 30 of these listed in my task manager. Is this a worm or virus or some thing or am I over reacting ?

 

Welcome to WindowsBBS TexasStormChase

Sounds like a bot infection. Please download the HijackThis Installer from here, then run a scan and save the log. Post the contents of that log here.

 

Hijack this log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:00 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msvs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\My Documents\Moto V3R\p2k-commander_3.3\p2k-commander 3.3.0 Beta\P2kAutostart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashboard.aspx?EHAACHHDAADFCCJDFFBIIGJBEGHHEGFBBBHIE (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashboard.aspx?EHAACHHDAADFCCJDFFBIIGJBEGHHEGFBBBHIE (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.amandastable.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137113942564
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11813 bytes

 

This time there was only 7 last time i counted there was 35 before i reboted my PC

 

Well, I'm not seeing anything bad as I expected. Lets use another tool that will show us a bit more.

Note: You must be logged onto an account with administrator privileges to complete the following.

Download Deckard's System Scanner (dss.exe) to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

 

Deckard's System Scanner v20070905.67
Run by Owner on 2007-09-15 21:19:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-09-16 02:19:48 UTC - RP481 - Deckard's System Scanner Restore Point
15: 2007-09-16 01:22:32 UTC - RP480 - ComboFix created restore point
14: 2007-09-16 00:30:46 UTC - RP479 - Installed Prevx 2.0 Agent
13: 2007-09-15 01:53:37 UTC - RP478 - System Checkpoint
12: 2007-09-14 00:53:42 UTC - RP477 - System Checkpoint


-- First Restore Point --
1: 2007-09-05 02:56:42 UTC - RP466 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:56 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msvs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [DriverMagicLogon] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx2\PXConsole.exe "
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [P2kAutostart] C:\Documents and Settings\Owner\My Documents\Moto V3R\p2k-commander_3.3\p2k-commander 3.3.0 Beta\P2kAutostart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashboard.aspx?EHAACHHDAADFCCJDFFBIIGJBEGHHEGFBBBHIE (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashboard.aspx?EHAACHHDAADFCCJDFFBIIGJBEGHHEGFBBBHIE (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.amandastable.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {02AA9E0F-B4EB-4BE9-A769-FD09543FEEC2} (UniInstaller Class) - http://webcamnow.com/fs5/voice/voice-installer.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/controls/activex_11/en-US/TMSSReportW.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1137113942564
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/fs5/ax/ActiveXWebCam.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: PREVXAgent - Prevx - C:\Program Files\Prevx2\PXAgent.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 11792 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 black - c:\windows\system32\drivers\blackdrv.sys (file missing)
S3 BLKWGD (Belkin Wireless G Desktop Card Service) - c:\windows\system32\drivers\blkwgd.sys (file missing)
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys
S3 PCDRDRV (Pcdr CPU Helper Driver) - c:\windows\system32\drivers\pcdrdrv.sys (file missing)
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/XP>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 LexBceS (LexBce Server) - c:\windows\system32\lexbces.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-15 19:34:12 0 d-------- C:\Documents and Settings\Owner\Application Data\Prevx
2007-09-15 19:31:13 0 d-------- C:\Program Files\Prevx2
2007-09-15 19:31:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-09-15 18:09:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-09-15 18:01:43 0 d-------- C:\Program Files\Spyware Doctor
2007-09-15 18:01:43 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2007-09-15 18:01:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-15 18:01:04 0 d-------- C:\Program Files\Google
2007-09-14 12:38:01 0 d-------- C:\Program Files\IMVU
2007-09-05 20:23:30 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-09-05 20:21:42 0 d-------- C:\Program Files\Charter High-Speed Security Suite
2007-09-05 20:20:26 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-09-05 14:44:53 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-09-05 14:44:38 0 d-------- C:\Program Files\CHARTER
2007-09-04 22:22:43 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-08-23 07:29:12 0 d-------- C:\Program Files\Common Files\xing shared


-- Find3M Report ---------------------------------------------------------------

2007-09-15 19:55:22 0 d-------- C:\Program Files\Trend Micro
2007-09-14 13:04:53 0 d-------- C:\Documents and Settings\Owner\Application Data\IMVU
2007-09-05 20:12:55 0 d-------- C:\Program Files\Common Files\Scanner
2007-09-05 20:12:48 0 d-------- C:\Program Files\Yahoo!
2007-09-05 14:44:53 0 d-------- C:\Program Files\Common Files
2007-08-23 07:31:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-08-23 07:28:58 0 d-------- C:\Program Files\Real
2007-08-23 07:27:57 0 d-------- C:\Program Files\Common Files\Real
2007-07-22 12:26:18 0 d-------- C:\Program Files\Java
2007-07-21 21:43:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 21:43:05 0 d-------- C:\Program Files\QuickTime
2007-07-21 20:20:02 0 d-------- C:\Program Files\SymplisIT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD "= "C:\HP\KBD\KBD.EXE" [02/02/2005 05:44 PM]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [10/25/2004 04:17 PM]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [12/09/2005 03:32 PM]
"LogitechCameraService(E) "= "C:\WINDOWS\system32\ElkCtrl.exe" [11/01/2004 05:22 PM]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [09/14/2007 08:42 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"DriverMagicLogon "= "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [10/14/2005 09:01 AM]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/2007 07:26 AM]
"PrevxOne "= "C:\Program Files\Prevx2\PXConsole.exe" [09/14/2007 03:03 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"P2kAutostart "= "C:\Documents and Settings\Owner\My Documents\Moto V3R\p2k-commander_3.3\p2k-commander 3.3.0 Beta\P2kAutostart.exe" []
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/27/2007 03:22 PM]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlipStream.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SlipStream.lnk
backup=C:\WINDOWS\pss\SlipStream.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
C:\WINDOWS\System32\BMUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Program Files\HDD Health\hddhealth.exe -wl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139540311\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\Msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher]
C:\Program Files\ProfileWatcher\profilewatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"C:\Program Files\SlipStream Web Accelerator\slipcore.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc "=2 (0x2)
"ImapiService "=3 (0x3)
"Fax "=2 (0x2)
"Pctspk "=2 (0x2)
"LexBceS "=2 (0x2)
"AVGEMS "=2 (0x2)
"Avg7UpdSvc "=2 (0x2)
"Avg7Alrt "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe /s

*Newly Created Service* - CATCHME
*Newly Created Service* - PREVXDRIVER
*Newly Created Service* - PREVXTDI
*Newly Created Service* - PXRDDRIVER



-- Hosts -----------------------------------------------------------------------

216.19.0.250 idenupdate.motorola.com


-- End of Deckard's System Scanner: finished at 2007-09-15 21:24:50 ------------

 

Still not seeing anything.

I see you ran ComboFix. Was anything removed? Would you post it's log as well please?

Is the msnmsgr.exe process starting on it's own, or does it just replicate after you've opened it?

Despite not seeing any signs of the infection, lets see if the MSNCleaner tool finds anything.

Download MsnCleaner_eng.zip from here, but don't use it yet.

http://www.forospyware.com/Msncleaner/MsnCleaner_eng.zip

(Copy/Paste the URL into the address bar or use "Save Target As ")

• Now reboot into Safe Mode
• Double-click MsnCleaner_eng.exe to run it.
• Click the Analyze button.
• A report will be created once after you finish scan.
• If it finds an infection, click the Deleted button.
• Now, please reboot back to normal mode.
• Please post the contents of C:\MsnCleaner.txt in a reply here.

 

I have only loged in and out of MSN messenger 2 times today since i rebooted and at last count it was back up to 18 now. I will get you the log file for combo fix and do what you said to do and get back to you in a few min. Thanks for the help.

 

MSNCleaner 1.3.4

- Logfile MSNCleaner 1.3.4
- Created Logfile: 2007-09-15 on 23:26:06
- Operative System: Windows XP
- Boot mode: Normal
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>
I also ran it in safe mode and it came up with the same thing.

 

combofix

ComboFix 07-09-14.2 - "Owner" 2007-09-15 20:22:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.83 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\hosts

.
((((((((((((((((((((((((( Files Created from 2007-08-16 to 2007-09-16 )))))))))))))))))))))))))))))))
.

2007-09-15 20:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-15 19:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Prevx
2007-09-15 19:31 <DIR> d-------- C:\Program Files\Prevx2
2007-09-15 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-09-15 18:09 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-09-15 18:01 82,248 --a------ C:\WINDOWS\SYSTEM32\drivers\iksyssec.sys
2007-09-15 18:01 57,672 --a------ C:\WINDOWS\SYSTEM32\drivers\iksysflt.sys
2007-09-15 18:01 40,264 --a------ C:\WINDOWS\SYSTEM32\drivers\ikfilesec.sys
2007-09-15 18:01 29,000 --a------ C:\WINDOWS\SYSTEM32\drivers\kcom.sys
2007-09-15 18:01 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-09-15 18:01 <DIR> d-------- C:\Program Files\Google
2007-09-15 18:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-09-15 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-15 18:00 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-09-14 12:38 <DIR> d-------- C:\Program Files\IMVU
2007-09-05 20:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
2007-09-05 20:21 <DIR> d-------- C:\Program Files\Charter High-Speed Security Suite
2007-09-05 20:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\fssg
2007-09-05 14:44 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-09-05 14:44 <DIR> d-------- C:\Program Files\CHARTER
2007-08-23 07:29 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 19:55 --------- d-------- C:\Program Files\Trend Micro
2007-09-15 18:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-14 13:04 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\IMVU
2007-09-05 20:12 --------- d-------- C:\Program Files\Yahoo!
2007-09-05 20:12 --------- d-------- C:\Program Files\Common Files\Scanner
2007-08-23 07:31 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Real
2007-08-23 07:28 --------- d-------- C:\Program Files\Real
2007-08-23 07:27 --------- d-------- C:\Program Files\Common Files\Real
2007-08-15 07:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\SYSTEM32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\dllcache\wups.dll
2007-07-21 21:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-21 21:43 --------- d-------- C:\Program Files\QuickTime
2007-07-21 20:20 --------- d-------- C:\Program Files\SymplisIT
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\SYSTEM32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\SYSTEM32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\SYSTEM32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\SYSTEM32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\SYSTEM32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\SYSTEM32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\SYSTEM32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\SYSTEM32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\SYSTEM32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\SYSTEM32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\SYSTEM32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\SYSTEM32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\SYSTEM32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\SYSTEM32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\SYSTEM32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\SYSTEM32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\SYSTEM32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\SYSTEM32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\SYSTEM32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\SYSTEM32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\SYSTEM32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\dllcache\gdi32.dll
2007-02-01 13:09 9232 --a------ C:\DOCUME~1\Owner\mqdmmdfl.sys
2007-02-01 13:09 92064 --a------ C:\DOCUME~1\Owner\mqdmmdm.sys
2007-02-01 13:09 79328 --a------ C:\DOCUME~1\Owner\mqdmserd.sys
2007-02-01 13:09 66656 --a------ C:\DOCUME~1\Owner\mqdmbus.sys
2007-02-01 13:09 6208 --a------ C:\DOCUME~1\Owner\mqdmcmnt.sys
2007-02-01 13:09 5936 --a------ C:\DOCUME~1\Owner\mqdmwhnt.sys
2007-02-01 13:09 4048 --a------ C:\DOCUME~1\Owner\mqdmcr.sys
2007-02-01 13:09 25600 --a------ C:\DOCUME~1\Owner\usbsermptxp.sys
2007-02-01 13:09 22768 --a------ C:\DOCUME~1\Owner\usbsermpt.sys
2006-02-01 17:48 218112 --a------ C:\Program Files\HijackThis.exe
2006-02-01 17:33 212849 --a------ C:\Program Files\hijackthis.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD "= "C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17]
"LVCOMSX "= "C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32]
"LogitechCameraService(E) "= "C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 08:42]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"DriverMagicLogon "= "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" [2005-10-14 09:01]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-23 07:26]
"PrevxOne "= "C:\Program Files\Prevx2\PXConsole.exe" [2007-09-14 15:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"P2kAutostart "= "C:\Documents and Settings\Owner\My Documents\Moto V3R\p2k-commander_3.3\p2k-commander 3.3.0 Beta\P2kAutostart.exe" [2007-05-07 20:06]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
AutoPlay.exe [2001-09-17 14:22:52]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SlipStream.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SlipStream.lnk
backup=C:\WINDOWS\pss\SlipStream.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TrueAssistant.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TrueAssistant.lnk
backup=C:\WINDOWS\pss\TrueAssistant.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMUpdate]
C:\WINDOWS\System32\BMUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Program Files\HDD Health\hddhealth.exe -wl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1139540311\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
C:\Program Files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\McAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\Msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher]
C:\Program Files\ProfileWatcher\profilewatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
S3tray2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
"C:\Program Files\SlipStream Web Accelerator\slipcore.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc "=2 (0x2)
"ImapiService "=3 (0x3)
"Fax "=2 (0x2)
"Pctspk "=2 (0x2)
"LexBceS "=2 (0x2)
"AVGEMS "=2 (0x2)
"Avg7UpdSvc "=2 (0x2)
"Avg7Alrt "=2 (0x2)

R0 PrevxDriver;PREVX Kernel Mode Agent;C:\WINDOWS\system32\DRIVERS\pxfsf.sys
R1 PREVXTdi;PREVX TDI filter;C:\WINDOWS\system32\DRIVERS\pxtdi.sys
R1 PXRDDriver;PREVX Rootkitscan driver;C:\WINDOWS\system32\DRIVERS\pxrd.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys
S0 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys
S3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 DCamUSBVeo532;Veo Web Camera;C:\WINDOWS\system32\Drivers\ubVeo532.sys
S3 PCDRDRV;Pcdr CPU Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys
S3 PREVXEmulator;PREVX Emulator driver;C:\WINDOWS\system32\DRIVERS\PxEmu.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\wlanndi5.SYS
S4 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup.exe /s

*Newly Created Service* - CATCHME
*Newly Created Service* - PREVXDRIVER
*Newly Created Service* - PREVXTDI
*Newly Created Service* - PXRDDRIVER
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-15 20:29:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = C:\Documents and Settings\Owner\My Documents\Moto V3R\p2k-commander_3.3\p2k-commander 3.3.0 Beta\P2kAutostart.exe?0???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-15 20:33:07
C:\ComboFix-quarantined-files.txt ... 2007-09-15 20:33
.
--- E O F ---

 

Again, I see nothing to indicate a problem.

So if you log out and end task on all instances of msnmsgr.exe, does it restart itself?

 

Hmmm... judging from what I just read, by default Microsoft has made it so that only one msn client can run at a time. In other words, msnmsgr.exe when started, checks to see if it's already running and fails to start again if it is. There is a viable hack to this, which bypasses the check. I'm begining to think your msnmsgr.exe file has been replaced, hacked, is corrupted, or something along those lines. So here's my recommendation.

First, end task on all instances of msnmsgr.exe, then upload the file to my submission channel. Leave a link back to this topic.

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

Now, uninstall it via Add/Remove programs. Reboot, then delete the Messenger folder. Empty the recycle bin.

Now re-install it and see if the problem persists.

 

Does not restart it self. when i go to shut down my pc to reboot it keeps telling me that msnmsgr.exe needs to shut down over and over agin until all runnig have been stoped.

 

I dont know if this means any thing but I have 2 PCs only one is doing this both with msn messenger on them

 

I tried to send the file but it said it was to big that it was more than 3MB

 

If you haven't deleted it yet, please right click the file and select Send To>Compressed (zipped) Folder. It will create msnmsgr.zip within the same folder that should be approx. 2.3 MB. That should upload OK.

Thanks!

 

Ok the file was sent.

 

Got it. Thanks! Not sure when I'll get around to checking it, so go ahead and remove/reinstall and let me know if anything changes.

 

Ok Now i am having trouble removing anything with windows live in the add or remove folder. I click on it a few times and it does not even give me the option to remove it. I go in and try to remove from the program folder and it wont let me do that eather. Not even in safe mode. I now cant update my clock to the time server aswell.

 

Hmmm ......... copy the bolded command below, then click Start>Run and paste it in, hit enter. Does it start the uninstaller?

MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}