problems with pc, specifically, totally unexpected shut downs.

I strongly suggest you carefully follow noahdfear's instructions for now and follow up with answers to his questions. He is truly a wizard with resolving malware issues (and other computer issues as well). Noahdfear asked you a question (which you did not answer yet) followed by a directive.

I suggest you solve your malware problem before you start messing with other stuff, especially because malware can interfere with "normal" operations such as uninstalling/reinstalling legitimate software.

Since there is a LOT of different malware out there and new malware seems to be cropping up all the time, I'm afraid us "normal" computer users must resort to expert guidance from malware analysts who have spent LOTS of time researching malware and removal techniques.

Only a few people on the Internet (such as noahdfear, TeMerc, Blender, and Geri here at Windows BBS) have the expertise necessary to effectively remove malware. If they don't know something about a specific problem, then they have a network of other malware analysts they can call upon for expert-to-expert guidance.

After your current issues are resolved, if you wish to receive training in malware identification/removal, then we can provide some links to "boot camps" dedicated to such training. However, you must be willing (dedicated, passionate, etc.) and be prepared to spend a LOT of time studying (similar to the effort required for a tough college class) and providing feedback to the anti-malware community about your research.

If you are a "beginner" or "intermediate" computer user, then I expect you would have to spend considerable time just learning how a computer works in addition to learning about malware.

I don't mean to discourage you from taking on the challenge of learning how to identify and remove malware. I just want you to have an idea of what you will likely encounter.

If any of my assumptions/opinions above are inaccurate, I'm fairly certain someone will correct me.

 

attempt failed.

I did do as he said, but it was a no go, it had the same problem as before. the blue screen of death occured. After which, I logged back in, and turned off my pc for the time being. I then came back to it later, and the screen would not activate, (display power flowing through it). So, I unplugged everything, and called it a night. I woke up today and plugged everything back in, and the screen showed that it was active again, but not the pc itself. So, I unplugged everything from the pc, and opened it up. I took a look at the inside of the new power source that my friend put in, (I did this by unplugging it and taking it a part). It had little to no dust in it, considering the night before I anti dusted the thing with the can of air I just bought. So, I put it back together and turning it on with only the monitor connected. It still would not load up anything. So, then I unplugged the two drives I have, and turned it on, to see if it would at least show up in a bios, or something. Well, the message, error booting from disk appeared, or something like that. So, with that said, I turned it off, and plugged the main drive in, turned it on, and the same message appeared. I turned it off and plugged in the second drive. and turned it on. It started normally, and I logged in.

This is a part where a question comes into play.

After logging in, I quickly pressed ctrl, alt, del, to bring up the task mannager, to see what was running in the back ground. I do this because I think that I'll catch a program thats not suppose to be there red handed. Anyways, it came up after a second or three, and I kept my eye on it. The normal things loaded up, norton, update messages, i.m. things, but just then, the blue screen of death occured. This does not happen when I just leave the pc alone and let it load up with out me doing anything. It also happens when I quickly click on internet explorer when I log in, but not always. So, my question is this. Could it have something to do with the processor, or the memory, when it comes to the above events?

Now back to my explanation.

Well, I logged back in, and now responding to this forum/thread. So, with that said, what now?

 

Lets see if this one will get through a scan.

Please download System Repair Engineer by Smallfrogs and save it to your desktop.

1. Extract it to it's own folder & double click SREng.exe to run it
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop
5. Post the contents of that log here

 

log post.

I had to uncheck the option to check the running processes because it just didn't go anywhere with this once it got to that point. It simply got through the point to when it simply was scanning the drivers and the processes. So, I had to terminate the process, and restart it with out the processes checked. And here is the results.

Oh, and there was also some stuff that popted up in the past few days, that I want to post here, but I have to find where I put it. Needless to say, I have a mess. I'll post that stuff when I find it.



2007-12-16,21:30:18

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS>< "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<Yahoo! Pager>< "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet> [Yahoo! Inc.]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}>< "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "> [Nero AG]
<SpybotSD TeaTimer><G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<hpsysdrv><c:\windows\system\hpsysdrv.exe> [Hewlett-Packard Company]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<KYE_Showicon>< "C:\Program Files\USB Storage RW\shwicon.exe" -t "KYE\USB Storage RW "> [N/A]
<KBD><C:\HP\KBD\KBD.EXE> [Hewlett-Packard Company]
<LVCOMS><C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<LogitechGalleryRepair><C:\Program Files\Logitech\ImageStudio\ISStart.exe> [Logitech Inc.]
<LogitechImageStudioTray><C:\Program Files\Logitech\ImageStudio\LogiTray.exe> [Logitech Inc.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<SunJavaUpdateSched>< "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "> [(Verified) "Sun Microsystems, Inc."]
<QuickTime Task>< "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<WildTangent CDA>< "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "> [N/A]
<BJCFD><C:\Program Files\BroadJump\Client Foundation\CFD.exe> []
<S3TRAY2><S3tray2.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<AlcxMonitor><ALCXMNTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<TkBellExe>< "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<HostManager><C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe> [(Verified) "Americ]
<VTPreset><VTPreset.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIPTA>< "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "> [ATI Technologies, Inc.]
<BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent> [(Verified)Microsoft Windows Publisher]
<ccApp>< "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "> [(Verified)Symantec Corporation]
<dvd43><> [N/A]
<NWEReboot><> [N/A]
<NeroFilterCheck><C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [Nero AG]
<Symantec PIF AlertEng>< "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "> [N/A]
<USB2Check><RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll ",CheckUSBController> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<USBToolTip>< "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<none><C:\Program Files\Video ActiveX Object\pmsngr.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<carbinyl><C:\WINDOWS\system32\gwquvw.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{8d8c2387-7f80-4022-9be6-43630a969558}><C:\WINDOWS\system32\gwquvw.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6>< "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6>< "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[hp psc 2000 Series]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk --> C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [Hewlett-Packard Co.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[officejet 6100]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk --> C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe [Hewlett-Packard Co.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
< "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "><Adobe Systems>
[AOL Connectivity Service / AOL ACS][Running/Auto Start]
<C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe><America Online, Inc.>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler][Running/Auto Start]
< "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "><Symantec Corporation>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "><Symantec Corporation>
[Symantec Internet Security Password Validation / ccISPwdSvc][Stopped/Manual Start]
< "C:\Program Files\Norton Internet Security\ccPwdSvc.exe "><Symantec Corporation>
[Symantec Network Proxy / ccProxy][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe "><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe "><Symantec Corporation>
[COM Host / comHost][Stopped/Manual Start]
< "C:\Program Files\Norton Internet Security\comHost.exe "><Symantec Corporation>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Stopped/Disabled]
<C:\WINDOWS\System32\CTsvcCDA.exe><Creative Technology Ltd>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
< "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "><Symantec Corporation>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll "><Symantec Corporation>
[Content Monitoring Tool / msCMTSrvc][Stopped/Disabled]
<C:\WINDOWS\system32\msCMTSrvc.exe><N/A>
[Norton AntiVirus Auto-Protect Service / navapsvc][Running/Auto Start]
< "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe "><Symantec Corporation>
[Norton Protection Center Service / NSCService][Running/Manual Start]
< "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE "><Symantec Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\System32\HPZipm12.exe><HP>
[Symantec AVScan / SAVScan][Stopped/Manual Start]
< "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe "><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe "><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe "><Symantec Corporation>
[Symantec Core LC / Symantec Core LC][Running/Auto Start]
< "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe "><>
[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]
<C:\WINDOWS\System32\MsPMSPSv.exe><Microsoft Corporation>
[X10 Device Network Service / x10nets][Stopped/Manual Start]
<C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe><N/A>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Bluetooth Audio / BtAudio][Stopped/Manual Start]
<System32\DRIVERS\btaudio.sys><N/A>
[Bluetooth Virtual Communications Driver / BTDriver][Stopped/Manual Start]
<System32\DRIVERS\btport.sys><N/A>
[Bluetooth LAN Access Server / BTWDNDIS][Stopped/Manual Start]
<System32\DRIVERS\btwdndis.sys><N/A>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Stopped/Manual Start]
<System32\Drivers\btwusb.sys><N/A>
[Creative AC3 Software Decoder / ctac32k][Stopped/Manual Start]
<system32\drivers\ctac32k.sys><Creative Technology Ltd>
[Creative Audio Driver (WDM) / ctaud2k][Stopped/Manual Start]
<system32\drivers\ctaud2k.sys><Creative Technology Ltd>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Creative Proxy Driver / ctprxy2k][Stopped/Manual Start]
<system32\drivers\ctprxy2k.sys><Creative Technology Ltd>
[Creative SoundFont Management Device Driver / ctsfm2k][Stopped/Manual Start]
<system32\drivers\ctsfm2k.sys><Creative Technology Ltd>
[Dazzle DVC Video Device / DCamUSBEMPIA][Stopped/Manual Start]
<system32\DRIVERS\emDevice.sys><eMPIA Technology, Inc.>
[dvd43llh / dvd43llh][Running/Manual Start]
<System32\DRIVERS\dvd43llh.sys><RIF>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Dazzle DVC Audio Device / emAudio][Stopped/Manual Start]
<system32\drivers\emAudio.sys><Pinnacle Systems, Inc.>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
<system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
<system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[E-mu Plug-in Architecture Driver / emupia][Stopped/Manual Start]
<system32\drivers\emupia2k.sys><Creative Technology Ltd>
[enodpl / enodpl][Running/Auto Start]
<System32\drivers\enodpl.sys><N/A>
[EraserUtilDrvI4 / EraserUtilDrvI4][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI4.sys><N/A>
[USB Device Lower Filter / FiltUSBEMPIA][Stopped/Manual Start]
<system32\DRIVERS\emFilter.sys><eMPIA Technology, Inc.>
[Creative Hardware Abstract Layer Driver / ha10kx2k][Stopped/Manual Start]
<system32\drivers\ha10kx2k.sys><Creative Technology Ltd>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<System32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<System32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<System32\DRIVERS\HPZius12.sys><HP>
[ialm / ialm][Stopped/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Jukebox3 / Jukebox3][Stopped/Manual Start]
<system32\DRIVERS\ctpdusb.sys><Creative Technology Ltd.>
[Lucent Modem Driver / ltmodem5][Stopped/Manual Start]
<System32\DRIVERS\ltmdmnt.sys><LT>
[Pinnacle Marvin Bus / MarvinBus][Running/Manual Start]
<system32\DRIVERS\MarvinBus.sys><Pinnacle Systems GmbH>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071206.018\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071206.018\NavEx15.Sys><Symantec Corporation>
[nv / nv][Stopped/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv][Stopped/Manual Start]
<system32\drivers\ctoss2k.sys><Creative Technology Ltd.>
[Pcdr Helper Driver / PCDRDRV][Stopped/Manual Start]
<\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys><N/A>
[PcdrNt / PcdrNt][Stopped/Manual Start]
<\SystemRoot\System32\drivers\PcdrNt.sys><PC-Doctor Inc.>
[PCLEPCI / PCLEPCI][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\pclepci.sys><Pinnacle Systems GmbH>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[PfModNT / PfModNT][Running/Auto Start]
<\??\C:\WINDOWS\System32\PfModNT.sys><Creative Technology Ltd.>
[Logitech QuickCam Pro 3000(PID_08B0) / PhilCam8116][Running/Manual Start]
<System32\DRIVERS\CamDrL21.sys><Philips Semiconductors>
[D-Link Air Wireless USB Adapter Driver / PRISM_USB][Stopped/Manual Start]
<System32\DRIVERS\PRISMUSB.sys><GlobespanVirata, Inc.>
[Ps2 / Ps2][Running/Manual Start]
<System32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S3Psddr / S3Psddr][Stopped/Manual Start]
<System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[SAVRT / SAVRT][Running/Manual Start]
<\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS><Symantec Corporation>
[USB Still Image Capture Device / ScanUSBEMPIA][Stopped/Manual Start]
<system32\DRIVERS\emScan.sys><eMPIA Technology, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><N/A>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
<system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGP.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SYMDNS / SYMDNS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20071204.001\symidsco.sys><Symantec Corporation>
[symlcbrd / symlcbrd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[tandpl / tandpl][Running/Auto Start]
<System32\drivers\tandpl.sys><N/A>
[Linksys USB 10Base-T Ethernet Adapter / USB10T2B][Stopped/Manual Start]
<System32\DRIVERS\USB10T2B.sys><Linksys>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Running/Manual Start]
<System32\DRIVERS\wanatw4.sys><America Online, Inc.>
[Scientific Atlanta WebSTAR 100 & 200 series Cable Modem / WebSTARXP][Stopped/Manual Start]
<System32\DRIVERS\SACMXP1.sys><Scientific Atlanta>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[ATI Wireless Remote Receiver V2.36 / X10UIF][Stopped/Manual Start]
<System32\Drivers\x10uif.sys><X10 Wireless Technology, Inc.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/System Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <G:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[CNisExtBho Class]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} <C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[CNavExtBho Class]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Java Plug-in 1.5.0_11]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{2499216C-4BA5-11D5-BD9C-000103C116D5} <C:\Program Files\Yahoo!\Common\ylogin.dll, Yahoo! Inc.>
[AOL Toolbar]
{3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} <C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll, Yahoo! Inc.>
[AIM]
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} <C:\Program Files\AIM95\aim.exe, America Online, Inc.>
[Spybot-S&D IE Protection]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <G:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[AOL Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Norton Internet Security 2006]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} <C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Norton AntiVirus]
{C4069E3A-68F1-403E-B40E-20066696354B} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Microsoft Office Template and Media Control]
{02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL, >
[Creative Software AutoUpdate]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} <C:\WINDOWS\DOWNLO~1\CTSUEng.ocx, Creative Technology Ltd>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Java Plug-in 1.5.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[AOL YGP UPF Ctrl]
{98BFD494-F6AD-4794-9038-832C0654CC43} <C:\Program Files\Common Files\aolshare\Pictures\9_2_4_0a\YGPUPF.dll, America Online Inc>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Creative Software AutoUpdate Support Package]
{F6ACF75C-C32C-447B-9BEF-46B766368D29} <C:\WINDOWS\DOWNLO~1\CTPID.ocx, Creative Technology Ltd>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Norton Internet Security 2006]
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} <C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[]
{2499216C-4BA5-11D5-BD9C-000103C116D5} <C:\Program Files\Yahoo!\Common\ylogin.dll, Yahoo! Inc.>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\System32\mshtmled.dll, Microsoft Corporation>
[&Yahoo! Messenger]
{4528BBE0-4E08-11D5-AD55-00010333D0AD} <C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll, Yahoo! Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[Spybot-S&D IE Protection]
{53707962-6F74-2D53-2644-206D7942484F} <G:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[DivXBrowserPlugin Object]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[AOL Toolbar Launcher]
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, Sun Microsystems, Inc.>
[CNisExtBho Class]
{9ECB9560-04F9-4BBC-943D-298DDF1699E1} <C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll, Symantec Corporation>
[CNavExtBho Class]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Symantec RuFSI File information Class]
{C2FCEF4E-ACE9-11D3-BEBD-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Symantec RuFSI Registry Information Class]
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Norton AntiVirus]
{C4069E3A-68F1-403E-B40E-20066696354B} <C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[AOL Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll, America Online, Inc.>
[&AOL Toolbar Search]
<c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
N/A

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. [ "%1" %*]
.COM OK. [ "%1" %*]
.PIF OK. [ "%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. [ "%1" %*]
.SCR OK. [ "%1" /S]
.CHM OK. [ "C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [ "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .vb1]
.JS Error. [ "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .js1]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
[D:\]
[AUTORUN]
OPEN=Info.exe folder.htt 480 480
[G:\]
[autorun]
icon=shell32.dll,186
label=BIN

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 456, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 496, C:\PROGRAM FILES\USB STORAGE RW\SHWICON.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 524, C:\HP\KBD\KBD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 936, C:\PROGRAM FILES\LOGITECH\IMAGESTUDIO\LOGITRAY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1220, C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1272, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1104, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1432, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2068, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2196, C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1140, C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE]
Special Privilege Enabled: SeDebugPrivilege [PID = 3524, C:\DOCUME~1\ORION\LOCALS~1\TEMP\TEMPORARY DIRECTORY 2 FOR SRENG2.ZIP\SRENGPS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3524, C:\DOCUME~1\ORION\LOCALS~1\TEMP\TEMPORARY DIRECTORY 2 FOR SRENG2.ZIP\SRENGPS.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

 

Great! Now provided dss.exe is on your desktop as instructed, highlight and copy the following bolded command.

"%userprofile%\desktop\dss.exe" /config

Now click Start then Run and paste the command on the Run line then hit Enter. The Deckard's System Scanner interface will open. Click 'Uncheck All'. Now select the following.

HijackThis -All 3
Files created/modified
Registry dump.

Click Scan and post the resulting log.

 

as you asked.

Here are the results. You know, I'm surprised that dss worked. All the other times it just caughnt out when I started a scan with it, but I assume he gave me those specific instructions because he might have an idea of what the problem source may be. Oh, and just to add a side note, I tried running spybot S&D, to see if it could find anything new, and possibly delete some of the things you all told me to delete, but it had the blue screen of death each time I ran. So, I stopped running it, and made sure I could log in with out the pc dying on me, before doing anything else.

Anyways, here is the results.

 

Deckard's System Scanner v20071014.68
Run by Orion on 2007-12-17 00:03:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Orion.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:29 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLServiceHost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Orion\desktop\dss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Orion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t "KYE\USB Storage RW "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll ",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O18 - Protocol: bw+0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CD9EAA1E-5826-442C-B81E-109D9B8F04E0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 25727 bytes

-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-16 23:48:11 1073270784 --ahs---- C:\hiberfil.sys
2007-12-15 15:26:47 0 d------c- C:\Documents and Settings\Guest\Application Data\Lavasoft
2007-12-15 01:42:42 0 d-------- C:\WINDOWS\ERDNT
2007-12-15 01:42:12 0 d------c- C:\Deckard
2007-12-15 01:12:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-15 01:12:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-15 01:12:57 77824 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-15 01:12:56 79360 --a------ C:\WINDOWS\system32\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2007-12-15 01:12:56 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-12-15 01:12:56 135168 --a------ C:\WINDOWS\system32\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2007-12-15 01:12:56 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-15 01:12:56 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-15 01:12:56 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-14 18:42:12 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-12-02 22:26:55 0 d------c- C:\Documents and Settings\Guest\Application Data\Symantec
2007-11-30 09:12:21 0 dr------- C:\Documents and Settings\Orion\Favorites
2007-11-26 06:54:38 0 d--hs--c- C:\Config.Msi
2007-11-17 07:04:25 0 d--h---c- C:\WINDOWS\$NtUninstallKB943460$


-- Find3M Report ---------------------------------------------------------------

2007-12-16 23:54:39 2048 --a-s---- C:\WINDOWS\bootstat.dat
2007-12-16 23:54:28 402653184 --ahs---- C:\pagefile.sys
2007-12-16 23:42:55 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-12-16 21:26:31 0 d------c- C:\Program Files\Common Files\Symantec Shared
2007-12-15 01:21:28 5110 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 00:07:53 0 d-------- C:\Program Files\Norton Internet Security
2007-12-04 16:45:51 0 d------c- C:\Program Files\Trend Micro
2007-11-26 06:55:23 0 d------c- C:\Program Files\Symantec
2007-11-26 06:55:22 60800 --a----c- C:\WINDOWS\system32\S32EVNT1.DLL <Not Verified; Symantec Corporation; SYMEVENT>
2007-11-26 06:14:31 298848 --a------ C:\WINDOWS\system32\FNTCACHE.DAT
2007-11-26 06:14:24 0 d--h---c- C:\Program Files\InstallShield Installation Information
2007-11-26 02:28:23 0 d-------- C:\Documents and Settings\Orion\Application Data\Microsoft
2007-11-26 01:12:07 365076 --a----c- C:\WINDOWS\system32\perfh009.dat
2007-11-26 01:12:07 46080 --a------ C:\WINDOWS\system32\perfc009.dat
2007-11-19 23:47:05 502272 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-02 02:12:57 18238072 --a------ C:\WINDOWS\system32\MRT.exe <Not Verified; Microsoft Corporation; Microsoft Windows Malicious Software Removal Tool>
2007-10-29 05:26:53 115712 --a------ C:\WINDOWS\system32\xpsp3res.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-25 22:36:51 8454656 --a------ C:\WINDOWS\system32\shell32.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-23 15:38:42 0 d------c- C:\Program Files\SmartSound Software
2007-10-23 15:37:40 95 --a----c- C:\AUTOEXEC.BAT
2007-10-22 20:29:06 84232 --a------ C:\Documents and Settings\Orion\Application Data\GDIPFONTCACHEV1.DAT
2007-10-19 23:06:41 0 d------c- C:\Program Files\AdorageI-GfxDatas
2007-10-19 23:05:20 0 d------c- C:\Program Files\AdorageI-SAL
2007-10-19 22:40:19 0 d------c- C:\Program Files\DivX
2007-10-01 14:49:38 542088 --a------ C:\WINDOWS\system32\SymNeti.dll <Not Verified; Symantec Corporation; Symantec Security Drivers>
2007-10-01 14:49:36 161160 --a------ C:\WINDOWS\system32\SymRedir.dll <Not Verified; Symantec Corporation; Symantec Security Drivers>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [09/09/2002 10:05 AM]
"KYE_Showicon "= "C:\Program Files\USB Storage RW\shwicon.exe" [10/25/2002 06:33 PM]
"KBD "= "C:\HP\KBD\KBD.EXE" [07/06/2001 11:56 PM]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [09/20/2002 03:16 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [09/11/2002 12:58 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [09/11/2002 12:57 PM]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [11/17/2003 09:33 AM]
"nwiz "= "nwiz.exe" [11/17/2003 09:33 AM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 02:23 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"WildTangent CDA "= "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [03/28/2005 08:24 PM]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"S3TRAY2 "= "S3tray2.exe" [02/25/2003 03:33 AM C:\WINDOWS\system32\S3tray2.exe]
"AlcxMonitor "= "ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/2005 02:27 AM]
"HostManager "= "C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe" [08/02/2005 02:33 PM]
"VTPreset "= "VTPreset.exe" [02/24/2004 07:17 PM C:\WINDOWS\system32\VTPreset.exe]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/14/2005 09:05 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [08/04/2004 02:56 AM C:\WINDOWS\system32\bthprops.cpl]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 09:19 PM]
"dvd43 "=" " []
"NWEReboot "=" " []
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"USB2Check "= "C:\WINDOWS\system32\PCLECoInst.dll" [12/21/2005 09:14 AM]
"USBToolTip "= "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\ypager.exe" [02/24/2005 10:57 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 12:32 PM]
"SpybotSD TeaTimer "= "G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi "=MIDIDEF.EXE
"PlayCenter2 "= "C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2 "
"RunNarrator "=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 1:20:58 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 1:21:30 AM]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none "=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558} "= C:\WINDOWS\system32\gwquvw.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"carbinyl "= {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc "=2 (0x2)
"Creative Service for CDROM Access "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-12-17 00:04:03 ------------

 

just out of curiousity, if you all see a specific thing that you know of to watch out for, could you tell me too? I just want to know in order to improve, thats all.

 

Download ATF Cleaner by Atribune and save it to your Desktop.


Scan again with HijackThis and place a check next to the following entries. Close all other windows then click Fix Checked.

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll ",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)


Just so you know, the items I've listed in red are optional, and I've included them to cut down on the number of things starting up when you logon to your computer. It will help to free up system resources. Should a problem arise from disabling anything, any one or all of the entries can be put back via HijackThis>misc tools>backups.

Close HijackThis when done.

If you do not use the Logitech Desktop Messenger software, open Add/Remove programs and uninstall it.


Delete the following files and folder in bold, if present.

C:\Program Files\Video ActiveX Object <<folder
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\swxcacls.exe
C:\WINDOWS\system32\swsc.exe
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
SmitfraudFix.exe and the SmitfraudFix folder

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Try to run dss again and post the log. Give it a fair amount time to complete before deciding it has hung and aborting. If it does hang, repeat the previous method and this time select Drivers and Services in addition to the other options.

 

Quick things before reboot.

One, thanks to all who posted here helping me out.

Two, what do all of those files in hijackthis and the ones I manually deleted do? I'm asking out of curiousity because I want to know if they were anything that I might use later on.

Also, where do I get to the backups for hijackthis?

I could not find video activex objects folder. I remember having a problem with that sort of thing a few years ago on this same pc, but I think I deleted it entirely. Although, after thinking about it for a little while, I'm pretty sure when I was doing a search on my own at first with this problem, I think I went looking for that, and found it, but nothing seemed to be new, or modified. But, like I said, I'm pretty sure, meaning, I'm not one hundred percent on that. I'll do a scan for it tomorrow morning, but for now, I'll just do a reboot, and see what happens.

I did not select the recycle bin, because, just in case something goes wrong, I can put those files back, for now. In the mean time, they will be in the recycle bin, untill I'm positive, that they need to go for sure.

If it is not obvious by now, I'm very cautious to the point of being paranoid.

With that all said, i'm posting this, rebooting, and hopefully, running dss. Man, I'm such a night owl.

 

one more thing.

When running the atf cleaner, it did everything smoothly except for the all users temp option. I only did as I was instructed.

 

Notice.

I tried to restart, but the BSOD happened. I manually restarted, and a check of drive D: happened prior to the log in screen. There are three drives to my pc, C: (main), D: (Backup, although, hasn't been updated in a while), and G: (the game drive). I never gave it that command to check drive D: in the past day. The last time I did, it ran well. for both, drive C:, and D:. Anyways,, it automatically restarted and got back to the checking of drive D:. I let it do it, and it went through, and smooth. No problem were displayed. I logged back in o.k. I then ran the dss program, it went smooth. I saved, and copied the log. Here it is.

 

Deckard's System Scanner v20071014.68
Run by Orion on 2007-12-17 03:20:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Orion.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:25 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLServiceHost.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Orion\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Orion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t "KYE\USB Storage RW "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe "
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll ",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 13505 bytes

-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-15 15:26:47 0 d------c- C:\Documents and Settings\Guest\Application Data\Lavasoft
2007-12-02 22:26:55 0 d------c- C:\Documents and Settings\Guest\Application Data\Symantec
2007-11-30 09:12:21 0 dr------- C:\Documents and Settings\Orion\Favorites


-- Find3M Report ---------------------------------------------------------------

2007-12-17 02:18:43 0 d------c- C:\Program Files\Logitech
2007-12-16 23:42:55 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-12-16 21:26:31 0 d------c- C:\Program Files\Common Files\Symantec Shared
2007-12-15 01:21:28 5110 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 00:07:53 0 d-------- C:\Program Files\Norton Internet Security
2007-12-04 16:45:51 0 d------c- C:\Program Files\Trend Micro
2007-11-26 06:55:23 0 d------c- C:\Program Files\Symantec
2007-11-26 06:14:24 0 d--h---c- C:\Program Files\InstallShield Installation Information
2007-10-23 15:38:42 0 d------c- C:\Program Files\SmartSound Software
2007-10-23 15:37:40 95 --a----c- C:\AUTOEXEC.BAT
2007-10-22 20:29:06 84232 --a------ C:\Documents and Settings\Orion\Application Data\GDIPFONTCACHEV1.DAT
2007-10-19 23:06:41 0 d------c- C:\Program Files\AdorageI-GfxDatas
2007-10-19 23:05:20 0 d------c- C:\Program Files\AdorageI-SAL
2007-10-19 22:40:19 0 d------c- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [09/09/2002 10:05 AM]
"KYE_Showicon "= "C:\Program Files\USB Storage RW\shwicon.exe" [10/25/2002 06:33 PM]
"KBD "= "C:\HP\KBD\KBD.EXE" [07/06/2001 11:56 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 02:23 AM]
"HostManager "= "C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe" [08/02/2005 02:33 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [08/04/2004 02:56 AM C:\WINDOWS\system32\bthprops.cpl]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 09:19 PM]
"dvd43 "=" " []
"NWEReboot "=" " []
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"LVCOMS "= "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [09/20/2002 03:16 PM]
"LogitechGalleryRepair "= "C:\Program Files\Logitech\ImageStudio\ISStart.exe" [09/11/2002 12:58 PM]
"LogitechImageStudioTray "= "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [09/11/2002 12:57 PM]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [11/17/2003 09:33 AM]
"nwiz "= "nwiz.exe" [11/17/2003 09:33 AM C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"WildTangent CDA "= "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" [03/28/2005 08:24 PM]
"BJCFD "= "C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/10/2002 08:26 PM]
"S3TRAY2 "= "S3tray2.exe" [02/25/2003 03:33 AM C:\WINDOWS\system32\S3tray2.exe]
"AlcxMonitor "= "ALCXMNTR.EXE" [09/07/2004 12:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/2005 02:27 AM]
"VTPreset "= "VTPreset.exe" [02/24/2004 07:17 PM C:\WINDOWS\system32\VTPreset.exe]
"ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/14/2005 09:05 PM]
"USB2Check "= "C:\WINDOWS\system32\PCLECoInst.dll" [12/21/2005 09:14 AM]
"USBToolTip "= "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\ypager.exe" [02/24/2005 10:57 AM]
"SpybotSD TeaTimer "= "G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 12:32 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi "=MIDIDEF.EXE
"PlayCenter2 "= "C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2 "
"RunNarrator "=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 1:20:58 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 1:21:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc "=2 (0x2)
"Creative Service for CDROM Access "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-12-17 03:21:30 ------------

 

The files were left there by SmitfraudFix. I will not tell you to delete anything unless I am quite sure it can be safely deleted.

Either you did not fix the items I indicated with HijackThis, because nothing has changed, or Spybot's TeaTimer prevented the changes (which happens often). Please disable TeaTimer for now. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident ".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Reboot.

Now scan again and fix the entries I previously indicated, then reboot and run dss again and post the log.

Notice the option to go to Misc Tools when you start HijackThis?

 

here, like you asked.

Deckard's System Scanner v20071014.68
Run by Orion on 2007-12-17 19:04:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Orion.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:31 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124821099\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Orion\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Orion.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t "KYE\USB Storage RW "
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak06.pictures.aol.com/ygp/aol/plugin/upf/YGPUPF.en-US.9.2.4.0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15016/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 11488 bytes

-- Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-15 15:26:47 0 d------c- C:\Documents and Settings\Guest\Application Data\Lavasoft
2007-12-02 22:26:55 0 d------c- C:\Documents and Settings\Guest\Application Data\Symantec
2007-11-30 09:12:21 0 dr------- C:\Documents and Settings\Orion\Favorites


-- Find3M Report ---------------------------------------------------------------

2007-12-17 18:58:37 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-12-17 03:21:25 0 d------c- C:\Program Files\Common Files\Symantec Shared
2007-12-17 02:18:43 0 d------c- C:\Program Files\Logitech
2007-12-15 01:21:28 5110 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 00:07:53 0 d-------- C:\Program Files\Norton Internet Security
2007-12-04 16:45:51 0 d------c- C:\Program Files\Trend Micro
2007-11-26 06:55:23 0 d------c- C:\Program Files\Symantec
2007-11-26 06:14:24 0 d--h---c- C:\Program Files\InstallShield Installation Information
2007-10-23 15:38:42 0 d------c- C:\Program Files\SmartSound Software
2007-10-23 15:37:40 95 --a----c- C:\AUTOEXEC.BAT
2007-10-22 20:29:06 84232 --a------ C:\Documents and Settings\Orion\Application Data\GDIPFONTCACHEV1.DAT
2007-10-19 23:06:41 0 d------c- C:\Program Files\AdorageI-GfxDatas
2007-10-19 23:05:20 0 d------c- C:\Program Files\AdorageI-SAL
2007-10-19 22:40:19 0 d------c- C:\Program Files\DivX


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [05/07/1998 07:04 PM]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [09/09/2002 10:05 AM]
"KYE_Showicon "= "C:\Program Files\USB Storage RW\shwicon.exe" [10/25/2002 06:33 PM]
"KBD "= "C:\HP\KBD\KBD.EXE" [07/06/2001 11:56 PM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 02:23 AM]
"HostManager "= "C:\Program Files\Common Files\AOL\1124821099\ee\AOLHostManager.exe" [08/02/2005 02:33 PM]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [08/04/2004 02:56 AM C:\WINDOWS\system32\bthprops.cpl]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/22/2007 09:19 PM]
"dvd43 "=" " []
"NWEReboot "=" " []
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 03:40 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\ypager.exe" [02/24/2005 10:57 AM]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi "=MIDIDEF.EXE
"PlayCenter2 "= "C:\Program Files\Creative\SBLive\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBLive\PlayCenter2 "
"RunNarrator "=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 3:44:06 AM]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [6/27/2002 1:20:58 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [6/27/2002 1:21:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=C:\WINDOWS\pss\AOL Companion.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"msCMTSrvc "=2 (0x2)
"Creative Service for CDROM Access "=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2007-12-17 19:05:22 ------------

 

To noahdfear.

Just so you know, I never once doubted you on what you know, and what you were telling me. I did make it clear that I am paranoid at times, but that did not stop me from doing as you said. After doing as you said, I told you what I did, and asked what do those files did/do, and what were they for. I'm very picky when it comes to what I do, and who I associate with. I don't care about what people say, or look like, or are viewed, or even what anyone has done. I care only about the actions of the person/group in question. I've checked out this site before registering here, I saw that you all whom associate with this site are up front, and tried and true. That, I can trust, so I logged in, and gave you all a shot, and you showed me what I expected. People who will help a person as much as that person is willing to trust them, and nothing will be said by another here, without raw experience behind it. With that all said, needless to say, I trust your words of guidance. So, don't think for a second that I thought you were giving me falsified information. Because by that point that you told me what to do, I knew you knew perfectly well what it was I had to do. I only left those files in the recycle bin as a back up, but I thought I made it clear that I was very much willing to delete them at the drop of a hat.

So please, don't doubt the fact that I take your words of advice seriously. Cause with out actually knowing you, I know enough to say you that you can handle this problem.

There, now onto the reason why I have not posted till this point in the day.

 

O.k., here is what happened.

I did everything like I was told to do, and logged back in to do some side things I needed the internet for. I finished with what I needed to do quickly, and decided to test out, whether or not, gaming was still out of the question at this point. So, I opened the only online game I play, and it loaded perfectly fine. I was even able to get to the point where I could click on the server I usually go to. It downloaded the map just fine, and displayed the loading screen as it usually does. Although, just after a few seconds, the pc suddenly restarted, with out showing a BSOD. So, after several attempts for my pc to load up properly, it finally did. It sometimes did the automatic, unexpected restart a little while after getting to the loading windows screen, and other times, it just gave me the BSOD when it got to the log in screen, and I tried to type in my password. I tried unplugging the power cord while it was turned off, and pressing the power button in order to get rid of any energy and any temp files that could cause it to be glitchy. That worked for a bit, but the only thing that worked was just trial and error. Needless to say, I did not stop attempting it till I could log in. I then shut it down properly, and it did so. I then loaded it back up, and logged in. I left the pc alone, to see if it would get the BSOD just by being idle. Sure enough, when I woke up, it did. and I turned it back on, but it was clear that it had problems. I tried, and tried, but it would not load up properly. I tried going to f8 and going into safe mode, and logging out, but it did not work. I tried going into safe mode with command prompt, and did a CHKDSK /F, to check the drive the next time the pc is started up. That went through well, until the pc unexpectedly restarted, it got back to that point, and completed the scan, but did not go straight to the log in screen. Instead, it restarted, (I'm pretty sure its suppose to go to the log in screen after that, but I could be wrong). So, I turned it off for a while. I came back to the pc, and turned it on. The same thing occured this time too. So, turned off the pc, unplugged everthing, and opened the case. I took a ***** driver, and took off the fan thats attached to the hearsink. The dust at the top was thick enough to make a new carpet with. I took the can of air spray I bought, and cleaned that sucker. I cleaned out the general area of the inside of the pc the other day, and did a bit of the inside of some hard to reach places too. Anyways, after that, I plugged in the power, and monitor plug, and turned it on. It did not go. So, I turned it off, and unplugged the drives, to see if the disk read error message would appear, It did not. So then, after seeing that the grean light did not go on when I turned on the pc, only the orange one, I unplugged the back side of the pc, and flipped the little switch under the power source shocket. and flipped it back to where it should be. After that, I turned it on, and it loaded normally. So, I plugged everthing in, after it loaded all the way to the log in screen that is. and logged in, and so, here is the pc, back to needing to be fixed status again.

Oh, and I found those things I wanted to post, that I meantioned before. Some of it I may have posted already, but most of it I didn't. If anyone can identify what they are, or elaborate what they may be, please do so.

 

You should notice quite a difference with the carpet removed from the CPU heatsink.

You Java is outdated, and outdated Java can be exploited if left on the system, even after updating to a newer version. Recommend you go to Add/Remove programs and uninstall ALL versions of Java (JRE or SE), then install the latest version from here.

Lets run an online scan now. Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

 

a problem.

Hey, I'm typing this from school. I have a problem. The other day, after logging out properly out of my home pc, and coming back to it later on that same day, it wouldn't load up at all. I can hear the pc load up like it is suppose to, but nothing apears on the screen. In addition, with the two lights on the front of my pc, only one now appears. The two are, from left to right, its green and orange. The orange one lights up, displaying that work is being done, but nothing comes up. I tried doing what I posted before, but that didn't work. So, I don't know what to do, since the problem is on a physical level. So, could someone post an idea of what I should do? I'll be checking be for the next three hours, then, I'm out of here till tomarrow. So please, someone post an idea of how to fix that problem, I'll print it and do it at home. Oh, and I'll take more than one idea on what to do, in order to have my pc start loading up again. So, if more than one person responds, that'll help.