Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware! [RESOLVED]

Started by Princesa , Jul 17 2008 05:05 AM

  • This topic is locked This topic is locked

#1
Princesa
Posted 17 July 2008 - 05:05 AM

Princesa

    Member

  • Member
  • PipPip
  • 10 posts
Hello all,

Recently I was infected with the bluescreen joke virus. I was able to get rid of that and I'm able to use my computer again but it's not the same as it was before. Multiple browsers open throughout the day for sites like fubar. Yesterday I left my computer on and came back to it and my task bar was gone and I could only restart it by taking the battery out of my laptop. Here is my HiJack This log file. I hope someone is able to help me. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:55, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [0c3f960e] rundll32.exe "C:\WINDOWS\system32\hgrpulik.dll",b
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: bw+0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 22213 bytes


  • 0

Advertisements

#2
kahdah
Posted 17 July 2008 - 09:44 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Princesa

Welcome to G2Go. :)
=====================

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
Princesa
Posted 17 July 2008 - 10:09 AM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for the welcome! :)

Here is the main.txt file:

[quote]Deckard's System Scanner v20071014.68
Run by Chrissy on 2008-07-17 12:01:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-07-17 16:01:47 UTC - RP13 - Deckard's System Scanner Restore Point
11: 2008-07-16 06:11:03 UTC - RP12 - System Checkpoint
10: 2008-07-15 00:49:06 UTC - RP11 - System Checkpoint
9: 2008-07-13 09:44:34 UTC - RP10 - System Checkpoint
8: 2008-07-11 19:16:46 UTC - RP9 - Installed BlackBerry Device Software v4.5.0 for the BlackBerry 8320 smartphone.


-- First Restore Point --
1: 2008-07-02 20:26:14 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Chrissy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Chrissy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chrissy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1016B142-5097-410F-9CBC-8CDC2E18E15D} - C:\WINDOWS\system32\khfcYOFX.dll
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\mlJYpOEx.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5D9F6431-4529-4A9E-8611-2A64306490C6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A21215C1-0A2C-46A2-AD5C-895FD3E60056} - C:\WINDOWS\system32\opnolIXr.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C9601CC1-3C78-48B1-A32B-DC377634E09F} - (no file)
O2 - BHO: (no name) - {CC9351DF-3218-4AB7-82D9-6208A416B935} - (no file)
O2 - BHO: (no name) - {CF2CEB12-8199-418D-B646-751C79E7B98C} - (no file)
O2 - BHO: (no name) - {EEF1187F-9725-4E16-A714-78DB8547278F} - (no file)
O2 - BHO: (no name) - {FC5C411F-7401-48BF-A1F6-EFF19A571EBD} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [0c3f960e] rundll32.exe "C:\WINDOWS\system32\hgrpulik.dll",b
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: bw+0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlJYpOEx - C:\WINDOWS\SYSTEM32\mlJYpOEx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 23506 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080702-160150-549 O21 - SSODL: axrfgvek - {FBFC02A4-11B1-467B-BFF0-A3887F549498} - C:\WINDOWS\axrfgvek.dll
backup-20080702-160150-591 O21 - SSODL: okmdepgb - {2FF5020C-3CF3-4281-B6D7-5D683D8DB7C5} - C:\WINDOWS\okmdepgb.dll
backup-20080702-160311-102 O3 - Toolbar: nqgpedlr - {1F98C59B-DB4B-454B-98C8-95D0668B11A6} - C:\WINDOWS\nqgpedlr.dll
backup-20080702-160311-279 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20080702-160311-465 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-16 20:30:48 92672 --a------ C:\WINDOWS\system32\hyaokcso.dll
2008-07-16 20:27:48 116352 --a------ C:\WINDOWS\system32\azjkzn.dll
2008-07-16 20:27:47 116352 --a------ C:\WINDOWS\system32\nreqosvn.dll
2008-07-15 20:29:18 116864 --a------ C:\WINDOWS\system32\jiqaoh.dll
2008-07-15 20:29:17 116864 --a------ C:\WINDOWS\system32\ncydmntq.dll
2008-07-14 20:25:15 116352 --a------ C:\WINDOWS\system32\mfdgug.dll
2008-07-14 20:25:13 116352 --a------ C:\WINDOWS\system32\onqmdvkk.dll
2008-07-13 20:24:43 116864 --a------ C:\WINDOWS\system32\jyuqwj.dll
2008-07-13 20:24:42 116864 --a------ C:\WINDOWS\system32\ktjhltrv.dll
2008-07-12 20:26:37 116864 --a------ C:\WINDOWS\system32\nmjtld.dll
2008-07-12 20:26:36 116864 --a------ C:\WINDOWS\system32\vtxudcyk.dll
2008-07-12 14:32:05 0 d-------- C:\Program Files\kSolo
2008-07-11 20:25:36 92672 --a------ C:\WINDOWS\system32\jrftrqfv.dll
2008-07-11 20:22:37 116864 --a------ C:\WINDOWS\system32\avvkme.dll
2008-07-11 20:22:36 116864 --a------ C:\WINDOWS\system32\vkcdjtqa.dll
2008-07-10 20:22:11 116352 --a------ C:\WINDOWS\system32\ntbxmz.dll
2008-07-10 20:22:09 116352 --a------ C:\WINDOWS\system32\bqhoxnmc.dll
2008-07-10 20:21:25 92672 --a------ C:\WINDOWS\system32\ocyfdwcd.dll
2008-07-09 18:41:23 0 --a------ C:\WINDOWS\system32\cqhvfkbk.dll
2008-07-09 18:38:44 0 --a------ C:\WINDOWS\system32\bbxiemjj.dll
2008-07-08 18:39:38 0 --a------ C:\WINDOWS\system32\xeidgbhm.dll
2008-07-05 19:29:04 0 d-------- C:\Program Files\Lavasoft
2008-07-05 19:29:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-05 18:35:34 410579 --ahs---- C:\WINDOWS\system32\XFOYcfhk.ini2
2008-07-05 18:35:30 318720 --a------ C:\WINDOWS\system32\khfcYOFX.dll
2008-07-04 18:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 17:44:42 0 d-------- C:\WINDOWS\pss
2008-07-03 23:01:59 91520 --a------ C:\WINDOWS\system32\cjmtyxqb.dll
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 19:30:44 0 d-------- C:\Program Files\NOS
2008-07-02 19:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:54:46 282012 --ahs---- C:\WINDOWS\system32\rXIlonpo.ini2
2008-07-02 15:52:11 0 d-------- C:\Program Files\Trend Micro
2008-07-02 06:50:22 0 d-------- C:\QUARANTINE
2008-07-02 05:28:44 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-07-02 05:28:44 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-02 05:27:13 0 d-------- C:\Program Files\McAfee
2008-07-02 05:27:13 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-02 01:44:41 28288 --a------ C:\WINDOWS\system32\mlJYpOEx.dll
2008-07-02 01:43:52 0 d-------- C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47
2008-07-02 01:43:10 229376 -----n--- C:\WINDOWS\okmdepgb.dll
2008-07-02 01:43:10 155648 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-02 01:43:10 81920 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-06-25 20:29:43 0 d-------- C:\Program Files\support.com
2008-06-25 20:29:34 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-18 19:17:47 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-07-16 10:11:25 0 d-------- C:\Documents and Settings\Chrissy\Application Data\CoreFTP
2008-07-16 01:36:25 0 d-------- C:\Program Files\Rainlendar2
2008-07-13 03:29:46 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Mozilla
2008-07-11 16:38:40 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-11 01:45:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 20:22:34 0 d-------- C:\Program Files\BearShare
2008-07-04 00:03:57 0 d-------- C:\Documents and Settings\Chrissy\Application Data\U3
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files
2008-07-02 21:27:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-28 13:19:11 3072 --a------ C:\Documents and Settings\Chrissy\Application Data\dvd.bmk
2008-06-20 06:11:56 0 d-------- C:\Program Files\Google
2008-06-18 20:06:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 19:37:10 0 d-------- C:\Program Files\MUSICMATCH
2008-06-18 19:14:23 0 d-------- C:\Program Files\Creative
2008-06-15 02:59:37 0 d-------- C:\Documents and Settings\Chrissy\Application Data\mjusbsp
2008-06-13 16:41:39 3558 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 16:41:37 88 -r-hs--c- C:\WINDOWS\system32\BA59FF42EE.sys
2008-06-06 10:00:09 0 d-------- C:\Program Files\Last.fm
2008-05-02 04:10:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1016B142-5097-410F-9CBC-8CDC2E18E15D}]
07/05/2008 18:35 318720 --a------ C:\WINDOWS\system32\khfcYOFX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
07/02/2008 01:44 28288 --a------ C:\WINDOWS\system32\mlJYpOEx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D9F6431-4529-4A9E-8611-2A64306490C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A21215C1-0A2C-46A2-AD5C-895FD3E60056}]
C:\WINDOWS\system32\opnolIXr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9601CC1-3C78-48B1-A32B-DC377634E09F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC9351DF-3218-4AB7-82D9-6208A416B935}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF2CEB12-8199-418D-B646-751C79E7B98C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF1187F-9725-4E16-A714-78DB8547278F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC5C411F-7401-48BF-A1F6-EFF19A571EBD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/01/2006 10:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [05/01/2006 10:28]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 17:30 C:\WINDOWS\stsystra.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 02:00]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 05:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 05:40]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [08/03/2006 19:51]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [09/26/2005 20:34]
"0c3f960e"="C:\WINDOWS\system32\hgrpulik.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [01/01/2007 09:31]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [09/11/2006 05:40]
"cdloader"="C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" [06/12/2008 15:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 18:43]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 12:15]

C:\Documents and Settings\Chrissy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/24/2006 1:10:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"= C:\WINDOWS\system32\mlJYpOEx.dll [07/02/2008 01:44 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpOEx]
mlJYpOEx.dll 07/02/2008 01:44 28288 C:\WINDOWS\system32\mlJYpOEx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau C:\WINDOWS\system32\khfcYOFX

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c3f960e]
rundll32.exe "C:\WINDOWS\system32\cjmtyxqb.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"C:\Program Files\Logitech\Video\ISStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"C:\Program Files\Logitech\Video\LogiTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
Rundll32 CTMBHA.DLL,MBMon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"C:\Program Files\Google\Gmail Notifier\gnotify.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee57a0e2-9973-11dc-9da3-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-17 12:05:42 ------------[/quote]

and the extra.txt file:

[quote]Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5600 @ 1.83GHz
CPU 1: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.12 MiB / 394.65 MiB
Pagefile Memory (total/avail): 2441.61 MiB / 1750.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.09 MiB

C: is Fixed (NTFS) - 49.69 GiB total, 26.86 GiB free.
D: is CDROM (No Media)
G: is Fixed (FAT32) - 149.01 GiB total, 101.75 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG HM060HI - 54.49 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 49.69 GiB - C:
\PARTITION2 - Unknown - 4.74 GiB

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Unknown - 149.05 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1162710711\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1162710711\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Common Files\\AOL\\1162710711\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1162710711\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Last.fm\\LastFM.exe"="C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:LastFM"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Disabled:AIM"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Beacon\\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe"="C:\\Program Files\\Common Files\\TiVo Shared\\Transfer\\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\\Documents and Settings\\Chrissy\\Application Data\\mjusbsp\\magicJack.exe"="C:\\Documents and Settings\\Chrissy\\Application Data\\mjusbsp\\magicJack.exe:*:Enabled:magicJack"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chrissy\Application Data
CLASSPATH=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PRINCESS
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chrissy
LOGONSERVER=\\PRINCESS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chrissy\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chrissy\LOCALS~1\Temp
USERDOMAIN=PRINCESS
USERNAME=Chrissy
USERPROFILE=C:\Documents and Settings\Chrissy
VSEDEFLOGDIR=C:\Docu

Edited by Princesa, 17 July 2008 - 10:11 AM.

  • 0

#4
kahdah
Posted 17 July 2008 - 10:23 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\khfcYOFX.dll
C:\WINDOWS\system32\mlJYpOEx.dll
C:\WINDOWS\system32\hgrpulik.dll
C:\WINDOWS\axrfgvek.dll
C:\WINDOWS\okmdepgb.dll
C:\WINDOWS\nqgpedlr.dll
c:\program files\viewpoint
Viewpoint Manager Service <delete service>
C:\WINDOWS\system32\hyaokcso.dll
C:\WINDOWS\system32\azjkzn.dll
C:\WINDOWS\system32\nreqosvn.dll
C:\WINDOWS\system32\jiqaoh.dll
C:\WINDOWS\system32\ncydmntq.dll
C:\WINDOWS\system32\mfdgug.dll
C:\WINDOWS\system32\onqmdvkk.dll
C:\WINDOWS\system32\jyuqwj.dll
C:\WINDOWS\system32\ktjhltrv.dll
C:\WINDOWS\system32\nmjtld.dll
C:\WINDOWS\system32\vtxudcyk.dll
C:\WINDOWS\system32\jrftrqfv.dll
C:\WINDOWS\system32\avvkme.dll
C:\WINDOWS\system32\vkcdjtqa.dll
C:\WINDOWS\system32\ntbxmz.dll
C:\WINDOWS\system32\bqhoxnmc.dll
C:\WINDOWS\system32\ocyfdwcd.dll
C:\WINDOWS\system32\cqhvfkbk.dll
C:\WINDOWS\system32\bbxiemjj.dll
C:\WINDOWS\system32\xeidgbhm.dll
C:\WINDOWS\system32\XFOYcfhk.ini2
C:\WINDOWS\system32\xeidgbhm.dll
C:\WINDOWS\system32\cjmtyxqb.dll
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47
C:\WINDOWS\mrvtdpqe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\0c3f960e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{28220052-D9A9-44B1-AB98-EDC594D238B6}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpOEx
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c3f960e
emptytemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===============================================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=======================
Post these logs in your next reply:
OT Move it log
Mbam log
new dss log
  • 0

#5
Princesa
Posted 17 July 2008 - 11:08 AM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
While running OTMoveIt my computer froze and the start bar disappeared so I had to reboot it. I'm not sure if this effected the results.

OT log file

Explorer killed successfully
File/Folder C:\WINDOWS\system32\khfcYOFX.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJYpOEx.dll
C:\WINDOWS\system32\mlJYpOEx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlJYpOEx.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\hgrpulik.dll not found.
File/Folder C:\WINDOWS\axrfgvek.dll not found.
File/Folder C:\WINDOWS\okmdepgb.dll not found.
File/Folder C:\WINDOWS\nqgpedlr.dll not found.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\bounce moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\bookwormdeluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\bogglesupreme moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\blasterball2remix moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\blasterball2holidays moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\blasterball2drm3 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\blackhawkstrikerdrm3 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\blackhawkstriker2 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\bigkahunareef moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\bejeweled2deluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\barnyardinvasion moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\ballistik moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots\astropop moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\screenshots moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\zuma moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\wordsymphony moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\wildcards moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\wikandthefableofsouls moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\triviamachine moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\tradewinds2 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\tradewinds moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\swarm moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\supergranny moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\stx moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\sportballchallenge moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\snowboardsuperjam moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\snailmail moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\slyderdrm3 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\slurp moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\slingodeluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\shootingstarspool moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\scrabblerackattack moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\scrabbleblast moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\scrabble moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\ricochetrecharged moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\ricochetlostworlds moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\ricochetextreme moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\puzzleexpress moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\popspipes moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\polargolferpine moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\polargolfer moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\polarbowler moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\phoenixassault moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\overball moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\otto moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\orbital moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\ogrebowler moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\oasis moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\mahjongquest moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\lexiboxdeluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\lemonadetycoon2 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\jewelquest moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\invasion moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\insaniquariumdeluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\grooveomatic moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\glowglowfirefly moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\flipwords moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\fivecardslingo moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\finaldrivenitro moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\fatelow moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\fatedemo moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\familyfeud moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\excavationdrm3 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\digbysdonuts moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\crystalmaze moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\chuzzledeluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\bounce moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\bookwormdeluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\bogglesupreme moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\blasterball2remix moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\blasterball2holidays moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\blasterball2drm3 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\blackhawkstrikerdrm3 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\blackhawkstriker2 moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\bigkahunareef moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\bejeweled2deluxe moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\barnyardinvasion moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\ballistik moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product\astropop moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\product moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\obj\Debug moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\obj moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\js moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\img\btn moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\img moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs\css moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui\htdocs moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\ui moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\Downloads\Updates moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\Downloads\Installers moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console\Downloads moved successfully.
c:\program files\viewpoint\WildTangent\Apps\Dell Game Console moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA\GameData moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA\ControlPanel\WireControl moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA\ControlPanel\Webd moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA\ControlPanel\DRM moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA\ControlPanel\CDA moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA\ControlPanel moved successfully.
c:\program files\viewpoint\WildTangent\Apps\CDA moved successfully.
c:\program files\viewpoint\WildTangent\Apps moved successfully.
c:\program files\viewpoint\WildTangent moved successfully.
c:\program files\viewpoint\Viewpoint Manager\ViewCPData\images moved successfully.
c:\program files\viewpoint\Viewpoint Manager\ViewCPData moved successfully.
c:\program files\viewpoint\Viewpoint Manager moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\UserShell\AOL9 moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\UserShell moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\NewComponents moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMgr_Win moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\DownloadedComponents\SWFView_Win moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\DownloadedComponents\SceneComponent_Win moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology\Components moved successfully.
c:\program files\viewpoint\Viewpoint Experience Technology moved successfully.
c:\program files\viewpoint\Common moved successfully.
c:\program files\viewpoint moved successfully.
Viewpoint Manager Service service deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hyaokcso.dll
C:\WINDOWS\system32\hyaokcso.dll NOT unregistered.
C:\WINDOWS\system32\hyaokcso.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\azjkzn.dll
C:\WINDOWS\system32\azjkzn.dll NOT unregistered.
C:\WINDOWS\system32\azjkzn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nreqosvn.dll
C:\WINDOWS\system32\nreqosvn.dll NOT unregistered.
C:\WINDOWS\system32\nreqosvn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jiqaoh.dll
C:\WINDOWS\system32\jiqaoh.dll NOT unregistered.
C:\WINDOWS\system32\jiqaoh.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ncydmntq.dll
C:\WINDOWS\system32\ncydmntq.dll NOT unregistered.
C:\WINDOWS\system32\ncydmntq.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mfdgug.dll
C:\WINDOWS\system32\mfdgug.dll NOT unregistered.
C:\WINDOWS\system32\mfdgug.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\onqmdvkk.dll
C:\WINDOWS\system32\onqmdvkk.dll NOT unregistered.
C:\WINDOWS\system32\onqmdvkk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jyuqwj.dll
C:\WINDOWS\system32\jyuqwj.dll NOT unregistered.
C:\WINDOWS\system32\jyuqwj.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ktjhltrv.dll
C:\WINDOWS\system32\ktjhltrv.dll NOT unregistered.
C:\WINDOWS\system32\ktjhltrv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nmjtld.dll
C:\WINDOWS\system32\nmjtld.dll NOT unregistered.
C:\WINDOWS\system32\nmjtld.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vtxudcyk.dll
C:\WINDOWS\system32\vtxudcyk.dll NOT unregistered.
C:\WINDOWS\system32\vtxudcyk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jrftrqfv.dll
C:\WINDOWS\system32\jrftrqfv.dll NOT unregistered.
C:\WINDOWS\system32\jrftrqfv.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\avvkme.dll
C:\WINDOWS\system32\avvkme.dll NOT unregistered.
C:\WINDOWS\system32\avvkme.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vkcdjtqa.dll
C:\WINDOWS\system32\vkcdjtqa.dll NOT unregistered.
C:\WINDOWS\system32\vkcdjtqa.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ntbxmz.dll
C:\WINDOWS\system32\ntbxmz.dll NOT unregistered.
C:\WINDOWS\system32\ntbxmz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bqhoxnmc.dll
C:\WINDOWS\system32\bqhoxnmc.dll NOT unregistered.
C:\WINDOWS\system32\bqhoxnmc.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ocyfdwcd.dll
C:\WINDOWS\system32\ocyfdwcd.dll NOT unregistered.
C:\WINDOWS\system32\ocyfdwcd.dll moved successfully.
File/Folder C:\WINDOWS\system32\cqhvfkbk.dll not found.
File/Folder C:\WINDOWS\system32\bbxiemjj.dll not found.
File/Folder C:\WINDOWS\system32\xeidgbhm.dll not found.
C:\WINDOWS\system32\XFOYcfhk.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\xeidgbhm.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cjmtyxqb.dll
C:\WINDOWS\system32\cjmtyxqb.dll NOT unregistered.
C:\WINDOWS\system32\cjmtyxqb.dll moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Packages moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47\Quarantine moved successfully.
C:\Documents and Settings\Chrissy\Application Data\rhc5abj0ev47 moved successfully.
C:\WINDOWS\mrvtdpqe.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\0c3f960e >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\0c3f960e deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{28220052-D9A9-44B1-AB98-EDC594D238B6} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{28220052-D9A9-44B1-AB98-EDC594D238B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28220052-D9A9-44B1-AB98-EDC594D238B6}\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpOEx >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYpOEx\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c3f960e >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c3f960e\\ deleted successfully.
< emptytemp >
File delete failed. C:\DOCUME~1\Chrissy\LOCALS~1\Temp\Perflib_Perfdata_750.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_148.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07172008_123412

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlJYpOEx.dll
C:\WINDOWS\system32\mlJYpOEx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlJYpOEx.dll scheduled to be moved on reboot.
File C:\DOCUME~1\Chrissy\LOCALS~1\Temp\Perflib_Perfdata_750.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_148.dat not found!


MBAM log file

Malwarebytes' Anti-Malware 1.20
Database version: 961
Windows 5.1.2600 Service Pack 2

12:59:15 PM 7/17/2008
mbam-log-7-17-2008 (12-59-15).txt

Scan type: Quick Scan
Objects scanned: 44691
Time elapsed: 9 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qybduwgl.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\yayvUlmm.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mlJYpOEx.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65e0cbed-8ae2-45b6-9d90-bf8ebce106b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65e0cbed-8ae2-45b6-9d90-bf8ebce106b1} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc5abj0ev47 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{28220052-d9a9-44b1-ab98-edc594d238b6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28220052-d9a9-44b1-ab98-edc594d238b6} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljypoex (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0c3f960e (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{28220052-d9a9-44b1-ab98-edc594d238b6} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvulmm -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvulmm -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayvUlmm.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mmlUvyay.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mmlUvyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qybduwgl.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lgwudbyq.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lagptg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rpwiekev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chrissy\Local Settings\Temporary Internet Files\Content.IE5\62H70TVT\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Chrissy\Local Settings\Temporary Internet Files\Content.IE5\QBFZGTV4\kb767887[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Chrissy\Local Settings\Temporary Internet Files\Content.IE5\RQCVIGBM\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYpOEx.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Chrissy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.


dss log file

Deckard's System Scanner v20071014.68
Run by Chrissy on 2008-07-17 13:06:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chrissy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06, on 7/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chrissy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chrissy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1016B142-5097-410F-9CBC-8CDC2E18E15D} - C:\WINDOWS\system32\khfcYOFX.dll (file missing)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5D9F6431-4529-4A9E-8611-2A64306490C6} - (no file)
O2 - BHO: (no name) - {65E0CBED-8AE2-45B6-9D90-BF8EBCE106B1} - (no file)
O2 - BHO: {312b965b-da23-98db-7504-310f32b31976} - {67913b23-f013-4057-bd89-32adb569b213} - C:\WINDOWS\system32\lagptg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A21215C1-0A2C-46A2-AD5C-895FD3E60056} - C:\WINDOWS\system32\opnolIXr.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {C9601CC1-3C78-48B1-A32B-DC377634E09F} - (no file)
O2 - BHO: (no name) - {CC9351DF-3218-4AB7-82D9-6208A416B935} - (no file)
O2 - BHO: (no name) - {CF2CEB12-8199-418D-B646-751C79E7B98C} - (no file)
O2 - BHO: (no name) - {EEF1187F-9725-4E16-A714-78DB8547278F} - (no file)
O2 - BHO: (no name) - {FC5C411F-7401-48BF-A1F6-EFF19A571EBD} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: bw+0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlJYpOEx - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 23258 bytes

-- Files created between 2008-06-17 and 2008-07-17 -----------------------------

2008-07-17 12:42:03 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Malwarebytes
2008-07-17 12:42:02 92672 -----n--- C:\WINDOWS\system32\qybduwgl.dll
2008-07-17 12:41:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 12:41:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 12:41:10 637942 --ahs---- C:\WINDOWS\system32\mmlUvyay.ini2
2008-07-17 12:41:03 322816 -----n--- C:\WINDOWS\system32\yayvUlmm.dll
2008-07-12 14:32:05 0 d-------- C:\Program Files\kSolo
2008-07-05 19:29:04 0 d-------- C:\Program Files\Lavasoft
2008-07-05 19:29:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 18:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 17:44:42 0 d-------- C:\WINDOWS\pss
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 19:30:44 0 d-------- C:\Program Files\NOS
2008-07-02 19:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:54:46 282012 --ahs---- C:\WINDOWS\system32\rXIlonpo.ini2
2008-07-02 15:52:11 0 d-------- C:\Program Files\Trend Micro
2008-07-02 06:50:22 0 d-------- C:\QUARANTINE
2008-07-02 05:28:44 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-07-02 05:28:44 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-02 05:27:13 0 d-------- C:\Program Files\McAfee
2008-07-02 05:27:13 0 d-------- C:\Program Files\Common Files\McAfee
2008-07-02 01:44:41 28288 -----n--- C:\WINDOWS\system32\mlJYpOEx.dll
2008-06-25 20:29:43 0 d-------- C:\Program Files\support.com
2008-06-25 20:29:34 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-18 19:17:47 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-07-17 13:03:06 0 d-------- C:\Program Files\Rainlendar2
2008-07-16 10:11:25 0 d-------- C:\Documents and Settings\Chrissy

Edited by Princesa, 17 July 2008 - 11:10 AM.

  • 0

#6
kahdah
Posted 17 July 2008 - 11:11 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please visit this web page for instructions for downloading and running Combofix >ComboFix Instructions
We now suggest that you install the Windows Recovery Console.
The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

Post the log from ComboFix when you've accomplished all of that, along with a new HijackThis log.
  • 0

#7
Princesa
Posted 17 July 2008 - 12:17 PM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran combofix and rebooted my computer. I can no longer log on. When trying to enter my password I get a logon message saying the system cannot log you on now because the domain is not available.
  • 0

#8
kahdah
Posted 17 July 2008 - 05:28 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Let's try this first:

1: Start your computer.

2: Start to tap almost immediately the F8 button until a boot menu comes up.

3: Use the arrow keys and select Last Known Good Configuration from that menu.

Let me know what happens.
  • 0

#9
Princesa
Posted 17 July 2008 - 07:48 PM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm able to log on to my computer now but combofix doesn't work.

I have Windows XP Professional SP2 but it's the Media Center edition. I don't know if that changes anything.

Edited by Princesa, 17 July 2008 - 07:50 PM.

  • 0

#10
kahdah
Posted 17 July 2008 - 07:56 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Have you tried to run combofix again?

The reason that this happened wasn't because of Combofix it happened because of an entry in your registry placed by malware.
Sometimes when it is removed it can cause log in trouble.

For now please just run dss again and post the log it produces.
It will only be one this time.
  • 0

Advertisements

#11
Princesa
Posted 18 July 2008 - 02:59 AM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I ran combo fix again and here is the log:

ComboFix 08-07-15.4 - Chrissy 2008-07-17 22:01:44.3 - NTFSx86
Running from: C:\Documents and Settings\Chrissy\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-17 12:42 . 2008-07-17 12:42 <DIR> d-------- C:\Documents and Settings\Chrissy\Application Data\Malwarebytes
2008-07-17 12:41 . 2008-07-17 12:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-17 12:41 . 2008-07-17 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 12:41 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-17 12:41 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 16:02 . 2008-07-16 07:53 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-15 16:02 . 2008-07-15 16:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 14:32 . 2008-07-12 14:32 <DIR> d-------- C:\Program Files\kSolo
2008-07-05 19:29 . 2008-07-05 19:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-05 19:29 . 2008-07-05 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 18:41 . 2008-07-04 18:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-04 18:41 . 2008-07-04 19:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 00:02 . 2008-07-04 00:02 0 --a------ C:\LOG55.tmp
2008-07-02 21:28 . 2008-07-02 21:28 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 19:30 . 2008-07-03 01:03 <DIR> d-------- C:\Program Files\NOS
2008-07-02 19:30 . 2008-07-03 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:52 . 2008-07-02 15:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 06:50 . 2008-07-17 22:01 <DIR> d-------- C:\QUARANTINE
2008-07-02 05:28 . 2008-07-02 05:28 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-02 05:28 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-07-02 05:28 . 2007-02-22 20:50 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-02 05:28 . 2006-11-30 08:50 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-02 05:28 . 2006-11-30 08:50 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-07-02 05:28 . 2006-11-30 08:50 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-07-02 05:28 . 2006-11-30 08:50 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-02 05:28 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-07-02 05:27 . 2008-07-02 05:28 <DIR> d-------- C:\Program Files\McAfee
2008-07-02 05:27 . 2008-07-02 05:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-06-25 20:30 . 2008-06-26 02:49 1,102 --a------ C:\net_save.dna
2008-06-25 20:29 . 2008-06-25 20:29 <DIR> d-------- C:\Program Files\support.com
2008-06-25 20:29 . 2008-06-25 20:29 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-06-24 17:57 . 2008-06-24 17:57 0 --a------ C:\LOG8B.tmp
2008-06-21 20:15 . 2008-06-21 20:15 0 --a------ C:\LOG1C7.tmp
2008-06-21 19:53 . 2008-06-21 19:53 0 --a------ C:\LOG1BC.tmp
2008-06-21 19:22 . 2008-06-21 19:22 0 --a------ C:\LOG1AD.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 02:09 --------- d-----w C:\Program Files\Rainlendar2
2008-07-16 14:11 --------- d-----w C:\Documents and Settings\Chrissy\Application Data\CoreFTP
2008-07-11 05:45 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 00:22 --------- d-----w C:\Program Files\BearShare
2008-07-04 04:03 --------- d-----w C:\Documents and Settings\Chrissy\Application Data\U3
2008-07-03 01:27 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-02 09:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-02 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-06-20 10:11 --------- d-----w C:\Program Files\Google
2008-06-19 00:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-18 23:37 --------- d-----w C:\Program Files\MUSICMATCH
2008-06-18 23:14 --------- d-----w C:\Program Files\Creative
2008-06-15 06:59 --------- d-----w C:\Documents and Settings\Chrissy\Application Data\mjusbsp
2008-06-13 20:41 3,558 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 14:00 --------- d-----w C:\Program Files\Last.fm
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-01 01:41 256 -c--a-w C:\Documents and Settings\Chrissy\pool.bin
2007-03-21 06:45 1,586 -c--a-w C:\Documents and Settings\Chrissy\Application Data\wklnhst.dat
2005-05-13 22:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13 66,560 -csha-r C:\WINDOWS\MOTA113.exe
2005-10-14 02:27 422,400 -csha-r C:\WINDOWS\x2.64.exe
2005-07-14 17:31 27,648 -csha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32 616,448 -csha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37 45,568 -csha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 05:00 70,656 -csha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 15:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 18:16 240,128 -csha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 09:31 986112]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"cdloader"="C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 15:37 50520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28 602182]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40 86960]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-03 19:51 1032192]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-26 20:34 169984]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\Chrissy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-24 01:10:56 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Security Packages REG_SZ kerberos

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 12:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 11:51 57344 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 04:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-12-13 17:41 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-12-13 17:45 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-12-13 17:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-12-14 05:29 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 18:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-26 02:22 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2007-09-25 11:33 1195008 C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 18:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
--a------ 2005-07-15 17:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2006-06-29 00:12 1355042 C:\WINDOWS\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2004-12-22 05:40 24576 C:\WINDOWS\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\1162710711\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Chrissy\\Application Data\\mjusbsp\\magicJack.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2007-09-25 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee57a0e2-9973-11dc-9da3-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{1016B142-5097-410F-9CBC-8CDC2E18E15D} - C:\WINDOWS\system32\khfcYOFX.dll
BHO-{28220052-D9A9-44B1-AB98-EDC594D238B6} - (no file)
BHO-{5D9F6431-4529-4A9E-8611-2A64306490C6} - (no file)
BHO-{65E0CBED-8AE2-45B6-9D90-BF8EBCE106B1} - (no file)
BHO-{67913b23-f013-4057-bd89-32adb569b213} - C:\WINDOWS\system32\lagptg.dll
BHO-{A21215C1-0A2C-46A2-AD5C-895FD3E60056} - C:\WINDOWS\system32\opnolIXr.dll
BHO-{C9601CC1-3C78-48B1-A32B-DC377634E09F} - (no file)
BHO-{CC9351DF-3218-4AB7-82D9-6208A416B935} - (no file)
BHO-{CF2CEB12-8199-418D-B646-751C79E7B98C} - (no file)
BHO-{EEF1187F-9725-4E16-A714-78DB8547278F} - (no file)
BHO-{FC5C411F-7401-48BF-A1F6-EFF19A571EBD} - (no file)
Notify-mlJYpOEx - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 22:09:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-07-17 22:17:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-18 02:17:38

Pre-Run: 29,824,843,776 bytes free
Post-Run: 29,782,130,688 bytes free

254 --- E O F --- 2008-06-20 07:01:23



Here is the dss log

Deckard's System Scanner v20071014.68
Run by Chrissy on 2008-07-18 04:55:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chrissy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:55, on 2008-07-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Chrissy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chrissy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: bw+0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 22103 bytes

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-17 22:01:02 68096 --a------ C:\WINDOWS\zip.exe
2008-07-17 22:01:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-17 22:01:01 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-17 22:01:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-17 22:01:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-17 22:01:01 98816 --a------ C:\WINDOWS\sed.exe
2008-07-17 22:01:01 80412 --a------ C:\WINDOWS\grep.exe
2008-07-17 22:01:01 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-17 13:26:54 0 d-------- C:\cmdcons
2008-07-17 12:42:03 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Malwarebytes
2008-07-17 12:41:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 12:41:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 14:32:05 0 d-------- C:\Program Files\kSolo
2008-07-05 19:29:04 0 d-------- C:\Program Files\Lavasoft
2008-07-05 19:29:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 18:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 17:44:42 0 d-------- C:\WINDOWS\pss
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 19:30:44 0 d-------- C:\Program Files\NOS
2008-07-02 19:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:52:11 0 d-------- C:\Program Files\Trend Micro
2008-07-02 06:50:22 0 d-------- C:\QUARANTINE
2008-07-02 05:28:44 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-07-02 05:28:44 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-02 05:27:13 0 d-------- C:\Program Files\McAfee
2008-07-02 05:27:13 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-25 20:29:43 0 d-------- C:\Program Files\support.com
2008-06-25 20:29:34 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-18 19:17:47 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-07-17 22:09:19 0 d-------- C:\Program Files\Rainlendar2
2008-07-16 10:11:25 0 d-------- C:\Documents and Settings\Chrissy\Application Data\CoreFTP
2008-07-13 03:29:46 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Mozilla
2008-07-11 16:38:40 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-11 01:45:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 20:22:34 0 d-------- C:\Program Files\BearShare
2008-07-04 00:03:57 0 d-------- C:\Documents and Settings\Chrissy\Application Data\U3
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files
2008-07-02 21:27:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-28 13:19:11 3072 --a------ C:\Documents and Settings\Chrissy\Application Data\dvd.bmk
2008-06-20 06:11:56 0 d-------- C:\Program Files\Google
2008-06-18 20:06:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 19:37:10 0 d-------- C:\Program Files\MUSICMATCH
2008-06-18 19:14:23 0 d-------- C:\Program Files\Creative
2008-06-15 02:59:37 0 d-------- C:\Documents and Settings\Chrissy\Application Data\mjusbsp
2008-06-13 16:41:39 3558 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 16:41:37 88 -r-hs--c- C:\WINDOWS\system32\BA59FF42EE.sys
2008-06-06 10:00:09 0 d-------- C:\Program Files\Last.fm
2008-05-02 04:10:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-03 19:51]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2005-09-26 20:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 09:31]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40]
"cdloader"="C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 15:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15]

C:\Documents and Settings\Chrissy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-24 01:10:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C

Edited by Princesa, 18 July 2008 - 03:00 AM.

  • 0

#12
kahdah
Posted 18 July 2008 - 03:13 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
Princesa
Posted 18 July 2008 - 06:19 AM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the report from the online scan:

KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 18, 2008 10:27:49
Records in database: 968157
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
G:\
Scan statistics
Files scanned 134580
Threat name 4
Infected objects 4
Suspicious objects 7
Duration of the scan 02:06:19

File name Threat name Threats count
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3bb5c6cc.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-764bea50.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-25641c34.zip Infected: Exploit.Java.Gimsh.a 1
G:\My Documents\sd\backup-4.20.2006_21-48-18_chrissy.tar.gz Infected: Trojan-Spy.HTML.Fraud.av 1
G:\My Documents\sd\backup-4.20.2006_21-48-18_chrissy.tar.gz Suspicious: Trojan-Spy.HTML.Fraud.gen 7
The selected area was scanned.
  • 0

#14
kahdah
Posted 18 July 2008 - 08:31 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3bb5c6cc.zip 
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-764bea50.zip 
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-25641c34.zip
G:\My Documents\sd\backup-4.20.2006_21-48-18_chrissy.tar.gz
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
==========
Post the Ot Move it log and a new dss log and we will wrap it up.
  • 0

#15
Princesa
Posted 18 July 2008 - 02:14 PM

Princesa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OT Move It Log:

C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-3bb5c6cc.zip moved successfully.
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-764bea50.zip moved successfully.
C:\Documents and Settings\Chrissy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d00d9f7-25641c34.zip moved successfully.
G:\My Documents\sd\backup-4.20.2006_21-48-18_chrissy.tar.gz moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07182008_161126

DSS Log:

Deckard's System Scanner v20071014.68
Run by Chrissy on 2008-07-18 16:13:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Chrissy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13, on 2008-07-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Chrissy\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chrissy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...ystempopup=true
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: bw+0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {55EA4D94-B334-4B9F-B5F5-DFBB57409427} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 22394 bytes

-- Files created between 2008-06-18 and 2008-07-18 -----------------------------

2008-07-17 22:01:02 68096 --a------ C:\WINDOWS\zip.exe
2008-07-17 22:01:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-17 22:01:01 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-17 22:01:01 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-17 22:01:01 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-17 22:01:01 98816 --a------ C:\WINDOWS\sed.exe
2008-07-17 22:01:01 80412 --a------ C:\WINDOWS\grep.exe
2008-07-17 22:01:01 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-17 13:26:54 0 d-------- C:\cmdcons
2008-07-17 12:42:03 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Malwarebytes
2008-07-17 12:41:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 12:41:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 14:32:05 0 d-------- C:\Program Files\kSolo
2008-07-05 19:29:04 0 d-------- C:\Program Files\Lavasoft
2008-07-05 19:29:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-04 18:41:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 17:44:42 0 d-------- C:\WINDOWS\pss
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-02 19:30:44 0 d-------- C:\Program Files\NOS
2008-07-02 19:30:44 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-02 15:52:11 0 d-------- C:\Program Files\Trend Micro
2008-07-02 06:50:22 0 d-------- C:\QUARANTINE
2008-07-02 05:28:44 1495552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2008-07-02 05:28:44 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-07-02 05:27:13 0 d-------- C:\Program Files\McAfee
2008-07-02 05:27:13 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-25 20:29:43 0 d-------- C:\Program Files\support.com
2008-06-25 20:29:34 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-06-18 19:17:47 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-07-17 22:09:19 0 d-------- C:\Program Files\Rainlendar2
2008-07-16 10:11:25 0 d-------- C:\Documents and Settings\Chrissy\Application Data\CoreFTP
2008-07-13 03:29:46 0 d-------- C:\Documents and Settings\Chrissy\Application Data\Mozilla
2008-07-11 16:38:40 256 --a------ C:\WINDOWS\system32\pool.bin
2008-07-11 01:45:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-04 20:22:34 0 d-------- C:\Program Files\BearShare
2008-07-04 00:03:57 0 d-------- C:\Documents and Settings\Chrissy\Application Data\U3
2008-07-02 21:28:21 0 d-------- C:\Program Files\Common Files
2008-07-02 21:27:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-28 13:19:11 3072 --a------ C:\Documents and Settings\Chrissy\Application Data\dvd.bmk
2008-06-20 06:11:56 0 d-------- C:\Program Files\Google
2008-06-18 20:06:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 19:37:10 0 d-------- C:\Program Files\MUSICMATCH
2008-06-18 19:14:23 0 d-------- C:\Program Files\Creative
2008-06-15 02:59:37 0 d-------- C:\Documents and Settings\Chrissy\Application Data\mjusbsp
2008-06-13 16:41:39 3558 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 16:41:37 88 -r-hs--c- C:\WINDOWS\system32\BA59FF42EE.sys
2008-06-06 10:00:09 0 d-------- C:\Program Files\Last.fm
2008-05-02 04:10:08 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 10:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 05:40]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-08-03 19:51]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2005-09-26 20:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 09:31]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 05:40]
"cdloader"="C:\Documents and Settings\Chrissy\Application Data\mjusbsp\cdloader2.exe" [2008-06-12 15:37]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15]

C:\Documents and Settings\Chrissy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-24 01:10:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"C:\Program Files\Dell\Media Experience\DMXLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"C:\Program Files\Logitech\Video\ISStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"C:\Program Files\Logitech\Video\LogiTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
Rundll32 CTMBHA.DLL,MBMon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
MIDIDef.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
"C:\Program Files\Google\Gmail Notifier\gnotify.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee57a0e2-9973-11dc-9da3-00038a000015}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-07-18 16:14:14 ------------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP