1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Cannot access control panel

Discussion in 'Malware and Virus Removal Archive' started by Syanide117, 2008/04/14.

  1. 2008/04/14
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    There is another thread (http://www.windowsbbs.com/showthread.php?t=72717) in which someone else is having the same exact problems that I am, but I didn't want to interrupt them with a random HJT log, so I felt that starting a new thread was more appropriate.

    I cannot change my desktop properties, change date/time, open control panel, or access any other control panel extension.

    HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:56 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Folding@Home\FahCore_82.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\SVCH0ST.EXE
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Folding@Home 5.03.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab
    O18 - Protocol: bw+0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: offline-8876480 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O21 - SSODL: zip - {74af81e4-68b2-4726-9fef-0488c0ef77f0} - C:\WINDOWS\Installer\{74af81e4-68b2-4726-9fef-0488c0ef77f0}\zip.dll (file missing)
    O23 - Service: 111 (1) - Unknown owner - C:\WINDOWS\system32\Server_1.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: googlepages - Unknown owner - C:\WINDOWS\system32\Server.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 19200 bytes

    Thanks in advance,
    ~Syanide117

    P.S. it would be nice, if not too much trouble, to not only tell me what to do to fix my problem, but also to tell me why I am doing what I am doing.
     
    Syanide117,
    #1
  2. 2008/04/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Syanide117 :)

    We need to use another tool that will show us more than the HijackThis log. Download Deckard's System Scanner (dss.exe) and save it to your desktop.
    • Close all applications and windows.
    • Double click on dss.exe to run it and follow the prompts.
    • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
    Post the contents of main.txt only for now.
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/04/15
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    Thanks!

    Well, I'm running the disk defragmenter right now (something i havent done in almost a year) and didnt want to interrupt it, so i left it running while i ran dss, hope it doesnt effect anything:

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-04-15 00:19:18
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    11: 2008-04-15 05:19:45 UTC - RP259 - Deckard's System Scanner Restore Point
    10: 2008-04-14 21:33:28 UTC - RP258 - Installed Serious Sam: The First Encounter
    9: 2008-04-13 18:32:16 UTC - RP257 - Installed AVG 7.5
    8: 2008-04-13 18:24:38 UTC - RP256 - Restore Operation
    7: 2008-04-10 01:23:24 UTC - RP255 - System Checkpoint


    -- First Restore Point --
    1: 2008-04-01 08:58:19 UTC - RP249 - Configured FINAL FANTASY XI


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:29:03 AM, on 4/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\mmc.exe
    C:\WINDOWS\system32\DfrgNtfs.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\HJT\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\SVCH0ST.EXE
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Folding@Home 5.03.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab
    O18 - Protocol: bw+0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: offline-8876480 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O21 - SSODL: zip - {74af81e4-68b2-4726-9fef-0488c0ef77f0} - C:\WINDOWS\Installer\{74af81e4-68b2-4726-9fef-0488c0ef77f0}\zip.dll (file missing)
    O23 - Service: 111 (1) - Unknown owner - C:\WINDOWS\system32\Server_1.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: googlepages - Unknown owner - C:\WINDOWS\system32\Server.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 19126 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 MDPMGRNT - c:\windows\system32\drivers\mdpmgrnt.sys <Not Verified; Mediafour Corporation; Mediafour MacDrive>
    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
    R1 MDFSYSNT - c:\windows\system32\drivers\mdfsysnt.sys <Not Verified; Mediafour Corporation; MacDrive>
    R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
    R1 US30Sys - c:\windows\system32\drivers\us30xp.sys
    R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
    R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
    R3 US30Kbd - c:\windows\system32\drivers\us30kbd2k.sys

    S2 LMIInfo (LogMeIn Kernel Information Provider) - c:\program files\logmein\x86\rainfo.sys (file missing)
    S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
    S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys <Not Verified; Logitech, Inc.; Logitech SetPoint(TM)>
    S3 vpn-x - c:\windows\system32\drivers\vpn-x.sys <Not Verified; BirdsSoft; Derived from TAP-Win32 Virtual Network Driver(OpenVPN)>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 DPFUSMgr (Windows XP FUS Manager) - c:\program files\digitalpersona\bin\dpfusmgr.exe <Not Verified; DigitalPersona, Inc.; DPFUSMgr Module>
    R2 DpHost (Biometric Authentication Service) - c:\program files\digitalpersona\bin\dphost.exe <Not Verified; DigitalPersona, Inc.; DPHOST Module>
    R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>

    S2 googlepages - c:\windows\system32\server.exe (file missing)
    S3 1 (111) - c:\windows\system32\server_1.exe (file missing)
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
    S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
    S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S4 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
    S4 mi-raysat_3dsmax9_32 (mental ray 3.5 Satellite (32-bit)) - "c:\program files\autodesk\3ds max 9\mentalray\satellite\raysat_3dsmax9_32server.exe "
    S4 US30Service - c:\program files\universal shield 4.0\us30service.exe
    S4 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
    S4 Windows_ServerDdos - c:\windows\system32\windisup.exe (file missing)
    S4 wmplayer (Media) - c:\windows\system32\wmplayer.exe (file missing)
    S4 wupdmgr (wupdmgr wupdmgr) - c:\windows\system32\server.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2008-04-08 14:49:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-03-15 and 2008-04-15 -----------------------------

    2008-04-14 22:47:24 0 d-------- C:\HJT
    2008-04-14 16:33:28 0 d-------- C:\Program Files\Croteam
    2008-04-13 12:51:19 0 d-------- C:\Program Files\File Shredder
    2008-04-13 12:13:56 0 dr-h----- C:\$VAULT$.AVG
    2008-04-13 11:52:13 0 d-------- C:\Program Files\Lavasoft
    2008-04-13 11:52:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-13 11:33:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-04-13 11:33:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-13 11:33:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-13 11:33:34 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-13 11:33:22 12800 --a------ C:\WINDOWS\system32\rpam521.exe
    2008-04-13 11:33:11 14848 --a------ C:\WINDOWS\system32\rpam523.exe <Not Verified; Microsoft Corporation; Microsoft>
    2008-04-13 01:32:05 0 d-------- C:\WINDOWS\privacy_danger
    2008-04-13 01:32:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
    2008-04-13 00:46:48 14813 --ahs---- C:\WINDOWS\system32\OYxxyJlm.ini2
    2008-04-13 00:37:00 9216 --a------ C:\WINDOWS\voiceip.dll
    2008-04-13 00:37:00 11776 --a------ C:\WINDOWS\swin32.dll
    2008-04-13 00:37:00 18432 --a------ C:\WINDOWS\stcloader.exe
    2008-04-13 00:37:00 16128 --a------ C:\WINDOWS\mssvr.exe
    2008-04-13 00:37:00 9216 --a------ C:\WINDOWS\cdsm32.dll
    2008-04-13 00:37:00 16896 --a------ C:\WINDOWS\bokja.exe
    2008-04-13 00:36:59 8448 --a------ C:\WINDOWS\mspphe.dll
    2008-04-13 00:36:59 14592 --a------ C:\WINDOWS\bjam.dll
    2008-04-13 00:36:59 17408 --a------ C:\WINDOWS\2020search2.dll
    2008-04-13 00:36:59 13312 --a------ C:\WINDOWS\2020search.dll
    2008-04-13 00:36:57 22528 --a------ C:\WINDOWS\saiemod.dll
    2008-04-13 00:36:57 15616 --a------ C:\WINDOWS\msapasrc.dll
    2008-04-13 00:36:56 30208 --a------ C:\WINDOWS\shdocpl.dll
    2008-04-13 00:36:56 25344 --a------ C:\WINDOWS\msa64chk.dll
    2008-04-13 00:36:55 29440 --a------ C:\WINDOWS\shdocpe.dll
    2008-04-13 00:36:55 26880 --a------ C:\WINDOWS\ntnut.exe
    2008-04-13 00:36:54 24320 --a------ C:\WINDOWS\winsb.dll
    2008-04-13 00:36:54 16128 --a------ C:\WINDOWS\browserad.dll
    2008-04-13 00:36:54 14336 --a------ C:\WINDOWS\aviwrap32.dll
    2008-04-13 00:36:54 9728 --a------ C:\WINDOWS\avisynthex32.dll
    2008-04-13 00:36:54 17152 --a------ C:\WINDOWS\avifile32.dll
    2008-04-13 00:36:54 21504 --a------ C:\WINDOWS\autodisc32.dll
    2008-04-13 00:36:54 24832 --a------ C:\WINDOWS\audiosrv32.dll
    2008-04-13 00:36:53 26880 --a------ C:\WINDOWS\changeurl_30.dll
    2008-04-13 00:36:53 22272 --a------ C:\WINDOWS\ati2dvag32.dll
    2008-04-13 00:36:53 28928 --a------ C:\WINDOWS\ati2dvaa32.dll
    2008-04-13 00:36:53 18176 --a------ C:\WINDOWS\athprxy32.dll
    2008-04-13 00:36:53 29440 --a------ C:\WINDOWS\asycfilt32.dll
    2008-04-13 00:36:53 28416 --a------ C:\WINDOWS\asferror32.dll
    2008-04-13 00:36:53 11520 --a------ C:\WINDOWS\apphelp32.dll
    2008-04-13 00:35:47 6409 --a------ C:\WINDOWS\system32\rpam483.exe
    2008-04-13 00:35:42 346112 --a------ C:\WINDOWS\system32\rqrsqpp.dll
    2008-04-13 00:35:03 41664 --a------ C:\Documents and Settings\Administrator\cftmon.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\winsystem.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32winsystem.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32sysreq.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32newsd32.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32mssecu.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32emesx.dll
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32bdn.com
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32awtoolb.dll
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32anticipator.dll
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\system32akttzn.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\mssecu.exe
    2008-04-13 00:33:18 4096 --a------ C:\WINDOWS\bdn.com
    2008-04-13 00:33:17 4096 --a------ C:\WINDOWS\system32vbsys2.dll
    2008-04-13 00:33:17 0 d-------- C:\WINDOWS\mslagent
    2008-04-13 00:33:10 10 --a------ C:\WINDOWS\system32\kr_done1
    2008-04-13 00:33:07 27136 --a------ C:\WINDOWS\9129837.exe
    2008-04-13 00:33:04 13824 --a------ C:\WINDOWS\system32\maxpaynowti.exe
    2008-04-13 00:33:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
    2008-04-13 00:33:02 4 --a------ C:\WINDOWS\system32\winfrun32.bin
    2008-04-13 00:33:00 0 d-------- C:\Documents and Settings\All Users\Application Data\qxkzmnux
    2008-04-13 00:32:59 2560 --a------ C:\WINDOWS\system32\itcoe.sys
    2008-04-13 00:32:59 1086376 --a------ C:\Documents and Settings\LocalService\Application Data\Install.dat
    2008-04-13 00:32:58 40310 --a------ C:\WINDOWS\xpupdate.exe
    2008-04-13 00:32:57 6672 --a------ C:\WINDOWS\system32\ibudu.dll
    2008-04-13 00:32:51 40310 --a------ C:\WINDOWS\system32\dllgh8jkd1q2.exe
    2008-04-13 00:32:48 15 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
    2008-04-13 00:32:47 32309 --a------ C:\WINDOWS\system32\rpam504.exe
    2008-04-13 00:32:37 0 d--hs---- C:\WINDOWS\system32\wsnpoem
    2008-04-13 00:32:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
    2008-04-13 00:32:30 235397 --a------ C:\WINDOWS\system32\rpam487.exe
    2008-04-13 00:31:40 102440 --a------ C:\WINDOWS\system32\msvcrt2.dll
    2008-04-13 00:31:26 0 d-------- C:\Documents and Settings\LocalService\Start Menu
    2008-04-13 00:31:26 0 d-------- C:\Documents and Settings\LocalService\Desktop
    2008-04-13 00:31:25 0 d-------- C:\WINDOWS\system32\215651
    2008-04-13 00:31:22 25600 -rah----- C:\WINDOWS\system32\svchqr.exe
    2008-04-13 00:31:12 10752 --a------ C:\WINDOWS\system32\drivers\smss.exe
    2008-04-13 00:30:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
    2008-04-13 00:30:55 0 dr------- C:\Documents and Settings\LocalService\Favorites
    2008-04-13 00:30:47 55218 --a------ C:\WINDOWS\zeqbqwp.sys
    2008-04-13 00:30:45 15360 --a------ C:\WINDOWS\system32\drivers\spools.exe
    2008-04-13 00:30:45 30186 --a------ C:\Documents and Settings\LocalService\cftmon.exe
    2008-04-08 20:10:05 0 d-------- C:\Program Files\Ventrilo
    2008-04-05 17:47:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2008-04-03 20:56:52 0 d-------- C:\Program Files\LiteStep
    2008-03-31 23:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames
    2008-03-31 23:52:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\SolSuite
    2008-03-31 23:52:45 0 d-------- C:\Program Files\SolSuite
    2008-03-29 11:19:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3


    -- Find3M Report ---------------------------------------------------------------

    2008-04-14 20:12:35 0 d-------- C:\Program Files\Folding@Home
    2008-04-14 16:33:28 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-13 11:51:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-13 11:03:17 0 d-------- C:\Program Files\BitComet
    2008-04-01 08:04:27 0 d-------- C:\Program Files\Conquer 2.0
    2008-04-01 04:25:29 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-04-01 03:54:13 0 d-------- C:\Program Files\Qonquer Online Client
    2008-04-01 00:45:00 0 d-------- C:\Program Files\Trillian
    2008-03-04 16:39:04 8192 --a------ C:\Program Files\2.hiv
    2008-03-04 16:39:04 8192 --a------ C:\Program Files\1.hiv
    2008-03-03 01:27:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2008-03-03 01:24:03 0 d-------- C:\Program Files\Common Files\Adobe
    2008-03-01 07:32:12 169 ---hs---- C:\Program Files\iicxtbr.inf
    2008-02-19 20:19:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/13/2008 11:33 AM]
    "MSConfig "= "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [02/28/2006 07:00 AM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [03/22/2007 03:50 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/25/2007 05:19 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [11/13/2007 7:30:14 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/29/2007 3:24:59 PM]
     
    Syanide117,
    #3
  5. 2008/04/15
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=1 (0x1)
    "DisableTaskMgr "=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel "=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "zip "= {74af81e4-68b2-4726-9fef-0488c0ef77f0} - C:\WINDOWS\Installer\{74af81e4-68b2-4726-9fef-0488c0ef77f0}\zip.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell "= "Explorer.exe C:\WINDOWS\shell.exe "
    "Userinit "= "C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\SVCH0ST.EXE "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
    C:\WINDOWS\system32\DPWLEvHd.dll 10/13/2004 06:29 PM 102400 C:\WINDOWS\system32\DPWLEvHd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 11:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 10/18/2007 09:47 PM 75064 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages "= scecli DPPWDFLT

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
    backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
    "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
    C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolvs]
    C:\Program Files\Internet Explorer\spoolvs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vpnxserver]
    "C:\Program Files\birdssoft\VPN-X\vpn-x.exe" servermode

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wupdmgr "=2 (0x2)
    "mi-raysat_3dsmax9_32 "=2 (0x2)
    "Windows_ServerDdos "=2 (0x2)
    "Ventrilo "=2 (0x2)
    "US30Service "=2 (0x2)
    "SQLWriter "=2 (0x2)
    "MSSQL$SQLEXPRESS "=2 (0x2)
    "ose "=3 (0x3)
    "NMIndexingService "=3 (0x3)
    "Microsoft Office Groove Audit Service "=3 (0x3)
    "odserv "=3 (0x3)
    "wmplayer "=2 (0x2)
    "IDriverT "=3 (0x3)
    "gusvc "=3 (0x3)
    "ForceWare Intelligent Application Manager (IAM) "=2 (0x2)
    "FLEXnet Licensing Service "=3 (0x3)
    "Autodesk Licensing Service "=2 (0x2)
    "Apple Mobile Device "=2 (0x2)
    "aawservice "=2 (0x2)
    "Bonjour Service "=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    AutoRun\command- E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    AutoRun\command- G:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b6111f-b335-11dc-a53b-00044b033b9c}]
    AutoRun\command- L:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48adc4fc-ffa1-11dc-a590-00044b033b9c}]
    AutoRun\command- E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e742a5ee-b48f-11dc-a53e-00044b033b9c}]
    AutoRun\command- M:\AutoRunCD.exe




    -- Hosts -----------------------------------------------------------------------

    10.18.250.4 ad.doubleclick.net
    10.18.250.4 ad.fastclick.net
    10.18.250.4 ads.fastclick.net
    10.18.250.4 ar.atwola.com
    10.18.250.4 atdmt.com
    10.18.250.4 avp.ch
    10.18.250.4 avp.com
    10.18.250.4 avp.ru
    10.18.250.4 awaps.net
    10.18.250.4 banner.fastclick.net

    90 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-04-15 00:33:50 ------------

    EDIT: well darn, it was too big for one post, so i cut it about in half, the second half came up immediately but the first half needs to be approved by an mod first.

    ~Syanide117
     
    Syanide117,
    #4
  6. 2008/04/15
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Quite a number of infections present. Let's run a tool that targets many of them. Download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #5
  7. 2008/04/15
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    ComboFix 08-04-15.1 - Administrator 2008-04-15 21:36:33.1 - NTFSx86
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url
    C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url
    C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\All Users.\documents\settings
    C:\Documents and Settings\All Users.\documents\settings\config.ini
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
    C:\Documents and Settings\LocalService\Application Data\install.dat
    C:\Documents and Settings\LocalService\Desktop\bravesentry.lnk
    C:\Documents and Settings\LocalService\Favorites\Online Security Test.url
    C:\Documents and Settings\LocalService\Start Menu\Programs\Brave-Sentry
    C:\Documents and Settings\LocalService\Start Menu\Programs\Brave-Sentry\BraveSentry.lnk
    C:\Documents and Settings\LocalService\Start Menu\Programs\Brave-Sentry\Uninstall.lnk
    C:\WINDOWS\123messenger.per
    C:\WINDOWS\2020search.dll
    C:\WINDOWS\2020search2.dll
    C:\WINDOWS\9129837.exe
    C:\WINDOWS\apphelp32.dll
    C:\WINDOWS\asferror32.dll
    C:\WINDOWS\asycfilt32.dll
    C:\WINDOWS\athprxy32.dll
    C:\WINDOWS\ati2dvaa32.dll
    C:\WINDOWS\ati2dvag32.dll
    C:\WINDOWS\audiosrv32.dll
    C:\WINDOWS\autodisc32.dll
    C:\WINDOWS\avifile32.dll
    C:\WINDOWS\avisynthex32.dll
    C:\WINDOWS\aviwrap32.dll
    C:\WINDOWS\bdn.com
    C:\WINDOWS\bjam.dll
    C:\WINDOWS\bokja.exe
    C:\WINDOWS\browserad.dll
    C:\WINDOWS\cdsm32.dll
    C:\WINDOWS\changeurl_30.dll
    C:\WINDOWS\conf.inf
    C:\WINDOWS\default.htm
    C:\WINDOWS\didduid.ini
    C:\WINDOWS\Installer\{74af81e4-68b2-4726-9fef-0488c0ef77f0}\zip.dll
    C:\WINDOWS\ky.sxc
    C:\WINDOWS\licencia.txt
    C:\WINDOWS\msa64chk.dll
    C:\WINDOWS\msapasrc.dll
    C:\WINDOWS\mscon.sio
    C:\WINDOWS\mslagent
    C:\WINDOWS\mslagent\2_mslagent.dll
    C:\WINDOWS\mslagent\mslagent.exe
    C:\WINDOWS\mslagent\uninstall.exe
    C:\WINDOWS\mspphe.dll
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\mssvr.exe
    C:\WINDOWS\nivavir.config
    C:\WINDOWS\ntnut.exe
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\rs.txt
    C:\WINDOWS\saiemod.dll
    C:\WINDOWS\shdocpe.dll
    C:\WINDOWS\shdocpl.dll
    C:\WINDOWS\stcloader.exe
    C:\WINDOWS\swin32.dll
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\WINDOWS\system32\drivers\asc3550p.sys
    C:\WINDOWS\system32\drivers\spools.exe
    C:\WINDOWS\system32\iSecurity.cpl
    C:\WINDOWS\system32\kr_done1
    C:\WINDOWS\system32\maxpaynowti.exe
    C:\WINDOWS\system32\ntos.exe
    C:\WINDOWS\system32\OYxxyJlm.ini
    C:\WINDOWS\system32\OYxxyJlm.ini2
    C:\WINDOWS\system32\rqrsqpp.dll
    C:\WINDOWS\system32\sexit.dat
    C:\WINDOWS\system32\svchost.t__
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\vx.tll
    C:\WINDOWS\system32\winfrun32.bin
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\wsnpoem
    C:\WINDOWS\system32\wsnpoem\audio.dll
    C:\WINDOWS\system32\wsnpoem\video.dll
    C:\WINDOWS\system32akttzn.exe
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\telefonos.txt
    C:\WINDOWS\textos.txt
    C:\WINDOWS\voiceip.dll
    C:\WINDOWS\Web\def.htm
    C:\WINDOWS\winsb.dll
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\xpupdate.exe

    ----- BITS: Possible infected sites -----

    hxxp://flyvideonetwork.com
    .
    ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
    .

    2008-04-15 02:49 . 2008-04-15 02:49 <DIR> d-------- C:\Program Files\Oxin's Style!
    2008-04-15 02:45 . 2008-04-15 02:45 <DIR> d-------- C:\WINDOWS\speech
    2008-04-15 02:45 . 2008-04-15 02:47 <DIR> d-------- C:\WINDOWS\Lhsp
    2008-04-15 02:45 . 2008-04-15 02:45 <DIR> d-------- C:\Program Files\KARI2
    2008-04-15 02:45 . 2008-04-15 02:45 172,479 --a------ C:\WINDOWS\KARI2 Uninstaller.exe
    2008-04-15 02:33 . 2008-04-15 02:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-15 02:33 . 2008-04-15 02:33 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-15 02:27 . 2008-04-15 02:27 <DIR> d-------- C:\SIRENS2
    2008-04-15 00:18 . 2008-04-15 00:18 <DIR> d-------- C:\Deckard
    2008-04-14 22:47 . 2008-04-15 02:07 <DIR> d-------- C:\HJT
    2008-04-14 20:07 . 2008-04-14 20:07 2,004 --a------ C:\WINDOWS\IMM02B.ini
    2008-04-14 19:55 . 2008-04-14 19:55 2,004 --a------ C:\WINDOWS\IMM02A.ini
    2008-04-14 16:33 . 2008-04-14 16:33 <DIR> d-------- C:\Program Files\Croteam
    2008-04-13 12:51 . 2008-04-13 12:51 <DIR> d-------- C:\Program Files\File Shredder
    2008-04-13 11:52 . 2008-04-13 11:52 <DIR> d-------- C:\Program Files\Lavasoft
    2008-04-13 11:52 . 2008-04-13 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-13 11:33 . 2008-04-13 11:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-13 11:33 . 2008-04-13 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-13 11:33 . 2008-04-13 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-13 11:33 . 2008-04-15 08:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-04-13 11:33 . 2008-04-13 11:33 14,848 --a------ C:\WINDOWS\system32\rpam523.exe
    2008-04-13 11:33 . 2008-04-13 11:33 12,800 --a------ C:\WINDOWS\system32\rpam521.exe
    2008-04-13 01:32 . 2008-04-13 01:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
    2008-04-13 00:35 . 2006-02-28 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-04-13 00:35 . 2008-04-13 13:24 41,664 --a------ C:\Documents and Settings\Administrator\cftmon.exe
    2008-04-13 00:35 . 2008-04-13 00:35 6,409 --a------ C:\WINDOWS\system32\rpam483.exe
    2008-04-13 00:33 . 2008-04-13 00:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qxkzmnux
    2008-04-13 00:32 . 2008-04-13 00:32 235,397 --a------ C:\WINDOWS\system32\rpam487.exe
    2008-04-13 00:32 . 2008-04-13 00:32 32,309 --a------ C:\WINDOWS\system32\rpam504.exe
    2008-04-13 00:32 . 2008-04-13 00:32 6,672 --a------ C:\WINDOWS\system32\ibudu.dll
    2008-04-13 00:32 . 2008-04-13 13:23 2,560 --a------ C:\WINDOWS\system32\itcoe.sys
    2008-04-13 00:32 . 2008-04-13 00:32 29 --a------ C:\WINDOWS\system32\urqodpae.tmp
    2008-04-13 00:31 . 2008-04-14 08:46 <DIR> d-------- C:\WINDOWS\system32\215651
    2008-04-13 00:31 . 2008-04-13 00:31 102,440 --a------ C:\WINDOWS\system32\msvcrt2.dll
    2008-04-13 00:31 . 2008-04-13 00:31 25,600 -rah----- C:\WINDOWS\system32\svchqr.exe
    2008-04-13 00:31 . 2008-04-13 00:31 10,752 --a------ C:\WINDOWS\system32\drivers\smss.exe
    2008-04-13 00:30 . 2008-04-13 00:30 55,218 --a------ C:\WINDOWS\zeqbqwp.sys
    2008-04-13 00:30 . 2008-04-13 11:33 30,186 --a------ C:\Documents and Settings\LocalService\cftmon.exe
    2008-04-13 00:30 . 2008-04-13 11:47 732 --a------ C:\WINDOWS\system32\llxkjb.tmp
    2008-04-08 20:10 . 2008-04-08 20:10 <DIR> d-------- C:\Program Files\Ventrilo
    2008-04-05 17:47 . 2008-04-05 17:47 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
    2008-04-03 20:56 . 2008-04-03 20:57 <DIR> d-------- C:\Program Files\LiteStep
    2008-04-03 20:28 . 2008-04-03 20:41 3,932,214 --a------ C:\WINDOWS\WCHANGER.BMP
    2008-03-31 23:52 . 2008-03-31 23:52 <DIR> d-------- C:\Program Files\SolSuite
    2008-03-31 23:52 . 2008-03-31 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames
    2008-03-31 23:52 . 2008-03-31 23:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SolSuite
    2008-03-29 11:19 . 2008-04-05 20:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 01:12 --------- d-----w C:\Program Files\Folding@Home
    2008-04-14 21:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-13 16:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-13 16:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-13 16:03 --------- d-----w C:\Program Files\BitComet
    2008-04-01 13:04 --------- d-----w C:\Program Files\Conquer 2.0
    2008-04-01 09:25 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-04-01 08:54 --------- d-----w C:\Program Files\Qonquer Online Client
    2008-04-01 05:45 --------- d-----w C:\Program Files\Trillian
    2008-03-04 21:39 8,192 ----a-w C:\Program Files\2.hiv
    2008-03-04 21:39 8,192 ----a-w C:\Program Files\1.hiv
    2008-03-03 06:24 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-01 12:32 169 --sh--w C:\Program Files\iicxtbr.inf
    2008-02-20 01:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
    2007-12-27 15:36 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
    2007-08-20 06:07 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2007-08-20 06:07 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
    @=Mediafour Mac Volume Icons

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-25 17:19 171448]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 09:29 579584]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-03-22 03:50 8425472]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-13 11:33 219136]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-11-13 19:30:14 323584]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-29 15:24:59 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
    C:\WINDOWS\system32\DPWLEvHd.dll 2004-10-13 18:29 102400 C:\WINDOWS\system32\DPWLEvHd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 2007-10-18 21:47 75064 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
    backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    -r------- 2005-05-03 21:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-03-12 15:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2006-02-28 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 05:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
    --a------ 2004-10-13 18:24 913408 C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2006-10-27 02:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    --a------ 2006-03-20 18:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    --a------ 2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
    -ra------ 2005-04-15 16:54 106496 C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
    -ra------ 2002-12-17 16:43 61440 C:\Program Files\Common Files\Mediafour\MACVNTFY.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
    -ra------ 2004-09-27 15:11 94208 C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-09 20:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2007-03-22 03:50 8425472 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    --a------ 2006-10-13 10:14 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2007-03-22 03:50 81920 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2007-03-22 03:50 1622016 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    --a------ 2007-04-09 07:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    -r------- 2007-01-30 21:54 16116224 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    -r------- 2006-05-16 21:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolvs]
    C:\Program Files\Internet Explorer\spoolvs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-25 17:19 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    -ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vpnxserver]
    C:\Program Files\birdssoft\VPN-X\vpn-x.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wupdmgr "=2 (0x2)
    "mi-raysat_3dsmax9_32 "=2 (0x2)
    "Windows_ServerDdos "=2 (0x2)
    "Ventrilo "=2 (0x2)
    "US30Service "=2 (0x2)
    "SQLWriter "=2 (0x2)
    "MSSQL$SQLEXPRESS "=2 (0x2)
    "ose "=3 (0x3)
    "NMIndexingService "=3 (0x3)
    "Microsoft Office Groove Audit Service "=3 (0x3)
    "odserv "=3 (0x3)
    "wmplayer "=2 (0x2)
    "IDriverT "=3 (0x3)
    "gusvc "=3 (0x3)
    "ForceWare Intelligent Application Manager (IAM) "=2 (0x2)
    "FLEXnet Licensing Service "=3 (0x3)
    "Autodesk Licensing Service "=2 (0x2)
    "Apple Mobile Device "=2 (0x2)
    "aawservice "=2 (0x2)
    "Bonjour Service "=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
    "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
    "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
    "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
    "C:\\Program Files\\iTunes\\iTunes.exe "=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe "=
    "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe "=
    "C:\\WINDOWS\\system32 "=\\Server_1.exe
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "=
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "=
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18801:TCP "= 18801:TCP:BitComet 18801 TCP
    "18801:UDP "= 18801:UDP:BitComet 18801 UDP

    R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2005-07-20 17:35]
    R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 13:53]
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 02:53]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 11:20]
    R3 dpK0Bx01;Fingerprint Reader Filter Driver;C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys [2004-08-04 16:58]
    R3 US30Kbd;US30Kbd;C:\WINDOWS\system32\Drivers\US30Kbd2K.sys [2005-03-31 14:20]
    R3 UsbdpFP;Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-08-04 16:59]
    S2 googlepages;googlepages;C:\WINDOWS\system32\Server.exe []
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
    S3 1;111;C:\WINDOWS\system32\Server_1.exe []
    S3 vpn-x;vpn-x;C:\WINDOWS\system32\DRIVERS\vpn-x.sys [2007-07-18 03:58]
    S4 SQLWriter;SQL Server VSS Writer; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
    S4 Windows_ServerDdos;Windows_ServerDdos;C:\WINDOWS\system32\windisup.exe []
    S4 wmplayer;Media;C:\WINDOWS\system32\wmplayer.exe []
    S4 wupdmgr;wupdmgr wupdmgr;C:\WINDOWS\system32\Server.exe []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b6111f-b335-11dc-a53b-00044b033b9c}]
    \Shell\AutoRun\command - L:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48adc4fc-ffa1-11dc-a590-00044b033b9c}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-15 19:49:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-15 21:41:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    C:\Program Files\Folding@Home\FahCore_82.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-15 21:46:41 - machine was rebooted [Administrator]
    ComboFix-quarantined-files.txt 2008-04-16 02:46:38

    Pre-Run: 91,655,196,672 bytes free
    Post-Run: 91,587,477,504 bytes free
     
    Syanide117,
    #6
  8. 2008/04/15
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:49:48 PM, on 4/15/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Folding@Home\winFAH.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Folding@Home\FahCore_82.exe
    C:\WINDOWS\explorer.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Folding@Home 5.03.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab
    O18 - Protocol: bw+0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: offline-8876480 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O21 - SSODL: zip - {74af81e4-68b2-4726-9fef-0488c0ef77f0} - (no file)
    O23 - Service: 111 (1) - Unknown owner - C:\WINDOWS\system32\Server_1.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: googlepages - Unknown owner - C:\WINDOWS\system32\Server.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 19034 bytes
     
    Syanide117,
    #7
  9. 2008/04/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Wow, still a number of nasties left. Lets see what we can get with an anti-malware app before we go ripping it out with ComboFix. Please download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select 'Perform Quick Scan', then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh Deckard's log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
     
    noahdfear,
    #8
  10. 2008/04/16
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.11
    Database version: 636

    Scan type: Quick Scan
    Objects scanned: 31744
    Time elapsed: 3 minute(s), 25 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 14

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Clicker) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\WINDOWS\Installer\{74af81e4-68b2-4726-9fef-0488c0ef77f0} (Trojan.Alphabet) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\215651 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Start Menu\Programs\VirusHeat 4.3 (Rogue.VirusHeat) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\system32\rpam483.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rpam487.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\svchqr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Start Menu\Programs\VirusHeat 4.3\Uninstall VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3 Website.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Start Menu\Programs\VirusHeat 4.3\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\WINDOWS\zeqbqwp.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\itcoe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ibudu.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rpam504.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Start Menu\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Desktop\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.
     
    Syanide117,
    #9
  11. 2008/04/16
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-04-16 20:00:50
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:00:53 PM, on 4/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\HJT\ADMINI~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Startup: Folding@Home 5.03.lnk = ?
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistryscan/onlineRegCleaner.cab
    O18 - Protocol: bw+0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: offline-8876480 - {4020310E-535A-4161-B3E2-6AA88D612F80} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dll
    O23 - Service: 111 (1) - Unknown owner - C:\WINDOWS\system32\Server_1.exe (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: googlepages - Unknown owner - C:\WINDOWS\system32\Server.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 18808 bytes

    -- Files created between 2008-03-16 and 2008-04-16 -----------------------------

    2008-04-16 19:22:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-04-16 19:22:47 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-04-16 19:22:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-15 21:35:57 68096 --a------ C:\WINDOWS\zip.exe
    2008-04-15 21:35:57 49152 --a------ C:\WINDOWS\VFind.exe
    2008-04-15 21:35:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
    2008-04-15 21:35:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
    2008-04-15 21:35:57 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
    2008-04-15 21:35:57 98816 --a------ C:\WINDOWS\sed.exe
    2008-04-15 21:35:57 80412 --a------ C:\WINDOWS\grep.exe
    2008-04-15 21:35:57 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
    2008-04-15 02:45:42 0 d-------- C:\WINDOWS\Lhsp
    2008-04-15 02:45:34 0 d-------- C:\WINDOWS\speech
    2008-04-15 02:45:34 172479 --a------ C:\WINDOWS\KARI2 Uninstaller.exe
    2008-04-15 02:36:05 47744 -ra------ C:\WINDOWS\VIEWER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:05 17536 -ra------ C:\WINDOWS\VIEWENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:05 73360 -ra------ C:\WINDOWS\system\QTOLE.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:05 4128 -ra------ C:\WINDOWS\system\QTNOTIFY.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:05 8320 -ra------ C:\WINDOWS\system\QTHNDLR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:05 172066 -ra------ C:\WINDOWS\README.EXE <Not Verified; No Hands Software Inc.; No Hands Common Ground>
    2008-04-15 02:36:05 60992 -ra------ C:\WINDOWS\PLAYER.EXE <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:05 16912 -ra------ C:\WINDOWS\PLAYENU.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:04 14336 -ra------ C:\WINDOWS\system\QTIMCMGR.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:04 357088 -ra------ C:\WINDOWS\system\QTIM.DLL <Not Verified; Apple Computer, Inc.; QuickTime for Windows>
    2008-04-15 02:36:04 3888 -ra------ C:\WINDOWS\system\MCIQTENU.DLL
    2008-04-14 22:47:24 0 d-------- C:\HJT
    2008-04-14 16:33:28 0 d-------- C:\Program Files\Croteam
    2008-04-13 12:51:19 0 d-------- C:\Program Files\File Shredder
    2008-04-13 12:13:56 0 dr-h----- C:\$VAULT$.AVG
    2008-04-13 11:52:13 0 d-------- C:\Program Files\Lavasoft
    2008-04-13 11:52:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-13 11:33:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
    2008-04-13 11:33:50 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-04-13 11:33:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-13 11:33:34 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-04-13 01:32:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\TmpRecentIcons
    2008-04-13 00:33:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
    2008-04-13 00:33:00 0 d-------- C:\Documents and Settings\All Users\Application Data\qxkzmnux
    2008-04-13 00:32:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
    2008-04-13 00:31:26 0 d-------- C:\Documents and Settings\LocalService\Start Menu
    2008-04-13 00:31:26 0 d-------- C:\Documents and Settings\LocalService\Desktop
    2008-04-13 00:30:57 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
    2008-04-13 00:30:55 0 dr------- C:\Documents and Settings\LocalService\Favorites
    2008-04-08 20:10:05 0 d-------- C:\Program Files\Ventrilo
    2008-04-05 17:47:31 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2008-04-03 20:56:52 0 d-------- C:\Program Files\LiteStep
    2008-03-31 23:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames
    2008-03-31 23:52:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\SolSuite
    2008-03-31 23:52:45 0 d-------- C:\Program Files\SolSuite
    2008-03-29 11:19:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3


    -- Find3M Report ---------------------------------------------------------------

    2008-04-14 20:12:35 0 d-------- C:\Program Files\Folding@Home
    2008-04-14 16:33:28 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-04-13 11:51:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-13 11:03:17 0 d-------- C:\Program Files\BitComet
    2008-04-01 08:04:27 0 d-------- C:\Program Files\Conquer 2.0
    2008-04-01 04:25:29 0 d-------- C:\Program Files\Microsoft Silverlight
    2008-04-01 03:54:13 0 d-------- C:\Program Files\Qonquer Online Client
    2008-04-01 00:45:00 0 d-------- C:\Program Files\Trillian
    2008-03-04 16:39:04 8192 --a------ C:\Program Files\2.hiv
    2008-03-04 16:39:04 8192 --a------ C:\Program Files\1.hiv
    2008-03-03 01:27:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
    2008-03-03 01:24:03 0 d-------- C:\Program Files\Common Files\Adobe
    2008-03-01 07:32:12 169 ---hs---- C:\Program Files\iicxtbr.inf
    2008-02-19 20:19:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [10/19/2007 09:16 PM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/15/2008 09:29 AM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [03/22/2007 03:50 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/25/2007 05:19 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [11/13/2007 7:30:14 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [6/29/2007 3:24:59 PM]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=1 (0x1)
    "HideStartupScripts "=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLegacyLogonScripts "=0 (0x0)
    "HideLogoffScripts "=0 (0x0)
    "RunLogonScriptSync "=1 (0x1)
    "RunStartupScriptSync "=1 (0x1)
    "HideStartupScripts "=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DPWLN ]
    C:\WINDOWS\system32\DPWLEvHd.dll 10/13/2004 06:29 PM 102400 C:\WINDOWS\system32\DPWLEvHd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 11/15/2007 11:10 AM 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 10/18/2007 09:47 PM 75064 C:\WINDOWS\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
    backup=C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
    backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPAgnt]
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    KHALMNPR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDDiskProtect.exe]
    C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]
    "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour XPlay Tray Notification Icon]
    C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolvs]
    C:\Program Files\Internet Explorer\spoolvs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vpnxserver]
    "C:\Program Files\birdssoft\VPN-X\vpn-x.exe" servermode

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wupdmgr "=2 (0x2)
    "mi-raysat_3dsmax9_32 "=2 (0x2)
    "Windows_ServerDdos "=2 (0x2)
    "Ventrilo "=2 (0x2)
    "US30Service "=2 (0x2)
    "SQLWriter "=2 (0x2)
    "MSSQL$SQLEXPRESS "=2 (0x2)
    "ose "=3 (0x3)
    "NMIndexingService "=3 (0x3)
    "Microsoft Office Groove Audit Service "=3 (0x3)
    "odserv "=3 (0x3)
    "wmplayer "=2 (0x2)
    "IDriverT "=3 (0x3)
    "gusvc "=3 (0x3)
    "ForceWare Intelligent Application Manager (IAM) "=2 (0x2)
    "FLEXnet Licensing Service "=3 (0x3)
    "Autodesk Licensing Service "=2 (0x2)
    "Apple Mobile Device "=2 (0x2)
    "aawservice "=2 (0x2)
    "Bonjour Service "=2 (0x2)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\Startup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17b6111f-b335-11dc-a53b-00044b033b9c}]
    AutoRun\command- L:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48adc4fc-ffa1-11dc-a590-00044b033b9c}]
    AutoRun\command- E:\LaunchU3.exe -a




    -- End of Deckard's System Scanner: finished at 2008-04-16 20:01:08 ------------
     
    Syanide117,
    #10
  12. 2008/04/16
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Great! A bit more to remove and a few things to take a closer look at. Lets use ComboFix again.

    Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
C:\Program Files\iicxtbr.inf
Folder::
C:\Documents and Settings\All Users\Application Data\qxkzmnux
DirLook::
C:\WINDOWS\Lhsp
C:\WINDOWS\speech
FileLook::
C:\WINDOWS\KARI2 Uninstaller.exe
Driver::
1
Windows_ServerDdos
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolvs]
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
    noahdfear,
    #11
  13. 2008/04/17
    Syanide117

    Syanide117 Inactive Thread Starter

    Joined:
    2008/04/14
    Messages:
    8
    Likes Received:
    0
    hmmm ComboFix began to run, (it did the small green loading bar) but once the loading bar closed, it did not continue to do anything.

    also, when I came back from school today my computer had turned off, and later, i went away from my computer for a few minutes and came back and it had turned itself off again. I checked my fans and temperatures, and they all checked out, so I'm not sure what the problem is. Is there anything that could have been deleted that might cause this?

    Thanks again,

    ~Syanide117
     
    Syanide117,
    #12
  14. 2008/04/17
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I don't see anything that could have been the result of ComboFix. Please right click the desktop and select Properties. Click the ScreenSaver tab, then the Power button. Regardless of what Power Scheme is shown, check the Settings for Turn off monitor, Turn off hard disk and System Standby. They should be set to an appropriate time, else Never.

    Please download a fresh copy of ComboFix from here, replacing the one you currently have, then create another CFScript.txt as outlined above and run it as prescribed.
     
    noahdfear,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...