Kasperksy Scanner Log

After removing a virus from my computer with the help of noar my cmputer was runnign fine etc etc. Now it is going slow, I rescanned useing Kasperksys online scanner and this is the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 29, 2007 3:43:57 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 29/09/2007
Kaspersky Anti-Virus database records: 425114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 110492
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:55:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04062007-204957.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Matt\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{61A20E88-BF20-409C-AE5D-5C9895CCC31C} Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\History\History.IE5\MSHist012007092920070930\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\fb_240.lck Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\Perflib_Perfdata_d80.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\Perflib_Perfdata_fd8.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\~DF927B.tmp Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matt\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\L0000006.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Matt\Data\storydb.idx Object is locked skipped
C:\Program Files\Valve\Steam\Steam.log Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\base source engine 2.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\counter-strike source client.gcf Object is locked skipped
C:\Program Files\Valve\Steam\SteamApps\counter-strike source shared.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{914142CC-9EC1-4E44-92B6-592477001834}\RP239\A0110756.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{914142CC-9EC1-4E44-92B6-592477001834}\RP239\A0110756.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{914142CC-9EC1-4E44-92B6-592477001834}\RP239\A0110756.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{914142CC-9EC1-4E44-92B6-592477001834}\RP246\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FA267BF3-83B3-4B90-AF9D-EC4390E9D0A5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_160.lck Object is locked skipped
C:\WINDOWS\Temp\mcafee_DhTTlaW2RhqGQVA Object is locked skipped
C:\WINDOWS\Temp\mcafee_SQVLIbfK72MEYfb Object is locked skipped
C:\WINDOWS\Temp\mcmsc_KpI8Ao11IDL1KeL Object is locked skipped
C:\WINDOWS\Temp\mcmsc_LS8A51EgWsTvC10 Object is locked skipped
C:\WINDOWS\Temp\sqlite_d9ZO52uiofPzy6s Object is locked skipped
C:\WINDOWS\Temp\sqlite_NeMJME8gcp4UrnN Object is locked skipped
C:\WINDOWS\Temp\sqlite_Qa96STbNJwsjF8k Object is locked skipped
C:\WINDOWS\Temp\sqlite_qPeabXOZIay0RhK Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Can you see anything wrong with it?

 

Hi 1 Duck,

Just a couple things in System Restore, all associated with SmitfraudFix and no threat. Lets get a new Deckard's System Scanner log and see if there's anything we can do to help.

Note: You must be logged onto an account with administrator privileges to complete the following.​

Download Deckard's System Scanner (dss.exe) to your desktop.

• Close all applications and windows.
• Double click on dss.exe to run it and follow the prompts.
• When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

If you have HijackThis, it will use it to create a HijackThis log. If you do not, it will automatically download and install HijackThis. Please keep your internet connection active and allow access through your firewall if applicable.

 

Main:


Deckard's System Scanner v20070905.67
Run by Matt on 2007-10-04 15:27:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2007-10-04 14:27:58 UTC - RP250 - Deckard's System Scanner Restore Point
11: 2007-10-03 19:52:57 UTC - RP249 - Software Distribution Service 3.0
10: 2007-10-02 14:59:37 UTC - RP248 - System Checkpoint
9: 2007-09-30 09:50:13 UTC - RP247 - System Checkpoint
8: 2007-09-28 18:09:02 UTC - RP246 - Installed Java(TM) 6 Update 2


-- First Restore Point --
1: 2007-09-17 20:22:44 UTC - RP239 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.05 GiB (less than 15%) free.


-- HijackThis (run as Matt.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:28:34, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Matt\Desktop\dss.exe
C:\PROGRA~1\ANTIVI~1\HIJACK~1\Matt.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe "
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Matt\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: bw+0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {F012FA1E-7623-4E73-ABA0-470BE9467006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Envy24HFS (ICE Envy24 Family Audio Controller WDM) - c:\windows\system32\drivers\envy24hf.sys <Not Verified; VIA - IC Ensemble, Inc.; Envy24 Family Audio Controller WDM>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 catchme - c:\docume~1\matt\locals~1\temp\catchme.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 RT73 (Belkin USB Network Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-04 15:21:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-10-02 18:00:01 404 --a------ C:\WINDOWS\Tasks\Pareto UNS.job
2007-05-03 17:48:30 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-05-03 17:48:29 350 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-09-04 and 2007-10-04 -----------------------------

2007-09-28 19:10:02 0 d-------- C:\Program Files\Java
2007-09-28 19:09:06 0 d-------- C:\Program Files\Common Files\Java
2007-09-21 21:47:47 0 d-------- C:\HammerAutosave
2007-09-15 19:22:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-15 19:22:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-08 20:47:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-09-08 20:36:51 0 d-------- C:\Program Files\Antivirus Programs
2007-09-08 20:00:57 0 d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-09-08 19:39:05 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2007-10-04 15:21:20 0 d-------- C:\Documents and Settings\Matt\Application Data\Xfire
2007-10-04 15:20:54 0 d-------- C:\Documents and Settings\Matt\Application Data\Hamachi
2007-10-03 15:23:13 0 d---s---- C:\Program Files\Xfire
2007-10-01 20:38:52 0 d-------- C:\Documents and Settings\Matt\Application Data\Adobe
2007-09-30 10:09:39 0 d-------- C:\Program Files\McAfee
2007-09-28 19:09:06 0 d-------- C:\Program Files\Common Files
2007-09-25 15:08:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 16:17:48 0 d-------- C:\Program Files\DivX
2007-09-08 16:13:27 0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-07 18:00:05 0 d-------- C:\Program Files\BT Home Hub
2007-09-07 17:58:26 0 d-------- C:\Program Files\Fraps
2007-09-03 16:32:40 0 d-------- C:\Program Files\ATI Technologies
2007-09-02 22:29:25 0 d-------- C:\Documents and Settings\Matt\Application Data\ATI
2007-08-07 12:04:32 0 d-------- C:\Documents and Settings\Matt\Application Data\McAfee
2007-08-04 14:56:25 0 d-------- C:\Program Files\pakrat-095
2007-07-27 21:05:00 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnvyHFCPL "= "C:\Program Files\Audio Deck\EnMixCPL.exe" [09/01/2005 19:24]
"IntelliType "= "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [22/03/2002 05:41]
"ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [06/08/2005 02:07]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [29/03/2007 19:22]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
"MskAgentexe "= "C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 16:30]
"McAfee Backup "= "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook "= "C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"YBrowser "= "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [21/07/2006 16:19]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\valve\steam\steam.exe" [28/06/2007 15:17]
"msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [29/07/2006 20:34]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"LDM "= "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [13/04/2007 20:54]
"eyeBeam SIP Client "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Matt\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [28/07/2007 13:54:49]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [12/09/2007 23:25:18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [02/12/2006 23:41:20]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [06/08/2005 02:07:30]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [13/04/2007 20:54:30]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [13/04/2007 20:53:32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc




-- End of Deckard's System Scanner: finished at 2007-10-04 15:30:10 ------------

 

Lets get rid of this service that's not needed. Highlight and copy the bolded command below.

sc delete catchme

Click Start>Run then paste the command in and hit Enter.

You log is clean otherwise.


I also recommend you go to Add/Remove programs and uninstall Logitech Desktop Messenger, unless you enjoy it's functionality. A brief description below if you're unsure of what it does.

Are you using a Logiteck keyboard? Do you use any of the special multimedia keys? The following line from your log shows that the software for that functionality is started every time you start your computer and logon.

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

I've just found an interesting read regarding the setpoint.exe process.

http://www.damber.net/blog/blog.asp?id=35 scroll down a bit. Try removing that entry with HijackThis, or uncheck it in msconfig and reboot.

Let me know how things are after the above and we can go from there. Post a new HijackThis log if the problem remains.

 

It wouldd't let me remove the logitect setpoint:

Cannot delete setpoint:access is denied.

Make sure the disk is not full or write protected and that the file is not currently in use.

Edit: I removed it using hijack this, love that program .


As for the keyboard, it does have special keys which are used.

 

Sorry for the bump, do I need to do anything else?

 

How's your computer's performance? Did it help to remove the logitech junk?

 

It seems quicker and it did remove it, starting up once I go into my username is much quicker.

 

Provided you're satisfied with it, delete dss.exe and C:\Deckard then empty the recycle bin. That should wrap things up.