Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Trojan/spyware, Cant Get Rid Of It.


  • This topic is locked This topic is locked
12 replies to this topic

#1 Dark_Raker

Dark_Raker

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 27 April 2008 - 04:14 PM

Hi, I'm new here and am hoping you can help me. I've got some program that's opening one or two internet explorer (which I never use. Go Firefox!) windows randomly and displaying ads. I have scanned with multiple programs including Spybot, AVG and ESET Nod32. None of them have found anything out of the ordinary, which worries me seeing as there is definitely something in my system. Also, during the duration of this problem, there was also some program placing dlls in my C:\WINDOWS\system32 folder, but that does not seem to be present any more.

Mod Edit: Topic moved to more appropriate forum~ TMacK

Edit: Oops, forgot to post in the Deckard's System Scan, can a mod move this back to the HijackThis Logs and Malware Removal forum please?

Edit: Topic moved back to original posting location ~ OB

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-27 18:02:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
145: 2008-04-27 22:02:18 UTC - RP232 - Deckard's System Scanner Restore Point
144: 2008-04-27 20:28:45 UTC - RP231 - ComboFix created restore point
143: 2008-04-27 00:48:42 UTC - RP230 - System Checkpoint
142: 2008-04-25 04:52:08 UTC - RP229 - Move file to quarantine: tuvvSIbC.dll
141: 2008-04-25 03:28:03 UTC - RP228 - Installed ESET NOD32 Antivirus


-- First Restore Point --
1: 2008-04-24 04:00:25 UTC - RP88 - Removed Call of Duty® 4 - Modern Warfare™


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:55 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
G:\Data\useful programs\Launchy\Launchy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\cTMP\devdpll.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = G:\Data\useful programs\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 20941 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080427-161640-954 O20 - Winlogon Notify: tuvvSIbC - tuvvSIbC.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 EuMusDesignVirtualAudioCableWdm (Virtual Audio Cable (WDM)) - c:\windows\system32\drivers\vrtaucbl.sys

S3 AR5211 (Belkin Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
S3 DBKDRVR54 - c:\program files\cheat engine\dbk32.sys
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 HackerDefenderDrv100 - c:\documents and settings\administrator\desktop\hxdef100r\hxdefdrv.sys (file missing)
S3 klim5 (Kaspersky Anti-Virus NDIS Filter) - c:\windows\system32\drivers\klim5.sys (file missing)
S3 PBDOWNFORCE_SERVICE - c:\docume~1\admini~1\locals~1\temp\phq89.tmp (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0368&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&51
Service:

Class GUID:
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&88
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&88
Service:

Class GUID:
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&90
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0373&SUBSYS_CB841043&REV_A2\3&2411E6FE&0&90
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart D7400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D7400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g PCI Wireless Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: Ralink Technology, Inc.
Name: 802.11g PCI Wireless Network Adapter
PNP Device ID: ROOT\NET\0000
Service: RT2500


-- Scheduled Tasks -------------------------------------------------------------

2008-03-03 10:36:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 16:28:27 68096 --a------ C:\WINDOWS\zip.exe
2008-04-27 16:28:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-27 16:28:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-27 16:28:27 98816 --a------ C:\WINDOWS\sed.exe
2008-04-27 16:28:27 80412 --a------ C:\WINDOWS\grep.exe
2008-04-27 16:28:27 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-27 16:28:26 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-27 16:28:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-27 13:07:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-27 12:34:37 0 d-------- C:\Program Files\AntiFreeze
2008-04-27 03:00:46 0 d-------- C:\Program Files\LimeWire
2008-04-27 02:49:22 0 d-------- C:\Program Files\FrostWire
2008-04-27 02:43:29 0 d-------- C:\Program Files\Alwil Software
2008-04-26 20:59:50 0 d-------- C:\Program Files\Daphne
2008-04-25 00:49:22 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-24 23:32:11 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-24 21:54:03 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-24 21:54:03 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-04-24 21:54:03 0 d-------- C:\Program Files\Cheat Engine
2008-04-24 02:47:29 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-24 02:12:06 0 dr-h----- C:\$VAULT$.AVG
2008-04-24 02:10:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-24 02:10:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-24 02:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-24 02:10:15 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-24 01:56:40 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-24 01:56:40 2551 --a------ C:\WINDOWS\unins000.dat
2008-04-23 23:55:15 0 d-------- C:\WINDOWS\system32\pb1
2008-04-23 23:55:15 0 d-------- C:\WINDOWS\system32\hn3
2008-04-23 23:55:15 0 d-------- C:\WINDOWS\system32\cTMP
2008-04-23 23:55:15 0 d-------- C:\WINDOWS\system32\bx4
2008-04-23 23:55:14 0 d-------- C:\WINDOWS\system32\pnVes18
2008-04-23 17:37:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Launchy
2008-04-23 17:37:09 0 d-------- C:\Program Files\Launchy
2008-04-23 14:32:09 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-04-23 01:26:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\NCH Software
2008-04-22 03:38:00 0 d-------- C:\Program Files\VirtualDJ
2008-04-22 03:04:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-04-22 02:33:21 0 d-------- C:\Program Files\Native Instruments
2008-04-22 02:26:48 0 d-------- C:\Program Files\VstPlugins
2008-04-22 02:26:11 0 d-------- C:\Program Files\Outsim
2008-04-22 02:25:23 0 d-------- C:\Program Files\MixMeister Studio 7.2.2
2008-04-22 01:38:56 1720086 --a------ C:\WINDOWS\system32\TmpA90501531
2008-04-22 00:38:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ableton
2008-04-22 00:38:28 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-04-20 20:27:39 0 d-------- C:\Program Files\Bonjour
2008-04-20 20:22:09 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-20 19:16:04 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-20 18:34:19 0 d-------- C:\Program Files\Audacity
2008-04-18 18:20:11 0 d-------- C:\Program Files\MSXML 4.0
2008-04-15 21:38:42 145408 --a------ C:\WINDOWS\system\msconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-15 15:08:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-14 17:21:20 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-14 17:20:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-14 17:08:51 24576 -ra------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-04-14 17:08:48 0 d-------- C:\Program Files\ASUS
2008-04-14 17:07:19 0 dr------- C:\WINDOWS\AsDmiHtm
2008-04-14 01:47:27 0 d-------- C:\Documents and Settings\Administrator\Shared
2008-04-14 01:47:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\FrostWire
2008-04-14 01:45:42 96577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-13 22:27:09 0 d-------- C:\Documents and Settings\luke\Application Data\OpenOffice.org2
2008-04-13 21:56:44 0 d-------- C:\Program Files\Pandromeda
2008-04-13 17:29:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-04-12 20:39:30 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-12 20:39:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-04-12 20:38:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-12 20:36:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\HPAppData
2008-04-12 20:35:36 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-12 20:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-12 20:35:19 0 d-------- C:\Program Files\Common Files\HP
2008-04-12 20:33:41 0 d-------- C:\Program Files\HP
2008-04-12 20:32:52 5279 -----n--- C:\WINDOWS\hpomdl16.dat
2008-04-12 20:32:52 144001 --a------ C:\WINDOWS\hpoins16.dat
2008-04-12 15:29:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\uk.co.planetside
2008-04-12 15:28:50 0 d-------- C:\Program Files\Terragen
2008-04-12 02:57:21 31616 --a------ C:\WINDOWS\system32\drivers\vrtaucbl.sys
2008-04-12 02:57:21 0 d-------- C:\Program Files\Virtual Audio Cable
2008-04-11 21:35:34 0 d-------- C:\Program Files\VentSrv
2008-04-10 19:28:07 0 d-------- C:\Documents and Settings\luke\Application Data\Ventrilo
2008-04-10 19:26:00 0 d-------- C:\Documents and Settings\luke\Application Data\.clamwin
2008-04-10 18:31:17 0 d-------- C:\Fraps
2008-04-09 21:51:52 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-09 20:49:27 0 d-------- C:\Program Files\Ventrilo
2008-04-09 18:47:21 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-04-09 18:47:21 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-04-09 18:47:20 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-04-09 18:47:20 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-04-08 22:39:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\.clamwin
2008-04-08 22:39:29 0 d-------- C:\Documents and Settings\All Users\.clamwin
2008-04-08 16:49:06 46 --a------ C:\WINDOWS\system32\DonationCoder_urlsnooper_InstallInfo.dat
2008-04-08 16:49:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\DonationCoder
2008-04-08 01:00:55 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-04-06 20:31:47 368912 --a------ C:\WINDOWS\system32\Vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-06 20:31:47 251664 --a------ C:\WINDOWS\system32\Msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 20:31:47 24336 --a------ C:\WINDOWS\system32\Msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 20:31:47 37136 --a------ C:\WINDOWS\system32\Msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 20:31:47 1039360 --a------ C:\WINDOWS\system32\Msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-04-06 20:31:22 304128 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-04-06 20:31:10 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-06 19:49:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-04-06 19:48:18 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-04-06 19:46:44 0 d-------- C:\Documents and Settings\All Users\Application Data\moka5
2008-04-06 19:46:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\moka5
2008-04-05 17:35:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2008-04-05 16:41:04 0 d-------- C:\Program Files\Thinstall.VS
2008-04-04 21:43:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Warsow
2008-04-04 17:27:17 0 d-------- C:\Program Files\Azureus
2008-04-04 17:22:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-03 17:47:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Thinstall
2008-04-03 17:39:22 0 d-------- C:\Program Files\MediaCoder
2008-04-03 02:53:21 27648 ---hs---- C:\WINDOWS\system32\Smab0.dll
2008-04-03 02:53:21 31232 -r-hs---- C:\WINDOWS\system32\msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-04-03 02:53:21 163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-04-03 02:53:19 0 d-------- C:\Program Files\eRightSoft
2008-04-03 02:46:45 0 d-------- C:\Program Files\Orbitdownloader
2008-04-03 01:37:39 0 d-------- C:\Downloads
2008-04-03 01:37:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Orbit
2008-04-03 01:30:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTyrant
2008-04-03 01:30:00 0 d-------- C:\Program Files\BitTyrant
2008-04-03 01:26:54 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-03 01:26:54 408576 --a------ C:\WINDOWS\system32\Smab.dll
2008-04-03 01:26:54 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-04-03 01:26:54 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-04-03 01:26:54 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-04-03 01:26:54 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-04-03 01:26:54 0 d-------- C:\Program Files\AviSynth 2.5
2008-04-01 20:32:12 0 --a------ C:\$RJ$.DAT
2008-03-31 17:25:44 0 d-------- C:\Program Files\Hamachi
2008-03-31 16:19:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\VirtuaWin


-- Find3M Report ---------------------------------------------------------------

2008-04-27 18:00:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-04-27 18:00:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-27 16:39:00 16189 --a------ C:\WINDOWS\system32\tablet.dat
2008-04-26 17:12:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth™ II Files
2008-04-26 01:48:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-24 00:03:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-23 20:47:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-23 01:27:13 0 d-------- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-04-23 01:26:34 0 d-------- C:\Program Files\NCH Software
2008-04-22 02:27:26 0 d-------- C:\Program Files\Image-Line
2008-04-21 02:41:48 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-20 20:22:09 0 d-------- C:\Program Files\Common Files
2008-04-19 13:55:31 0 d-------- C:\Program Files\Xfire
2008-04-18 18:19:05 0 d-------- C:\Program Files\Microsoft Games
2008-04-17 17:09:28 0 d-------- C:\Program Files\Java
2008-04-15 22:38:54 0 d-------- C:\Program Files\Google
2008-04-15 22:38:54 1194 --a------ C:\Documents and Settings\Administrator\Application Data\.googlewebacchosts
2008-04-14 17:08:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-11 21:35:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 18:17:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-04-06 20:36:02 0 d-------- C:\Program Files\WinPcap
2008-04-06 20:36:02 0 d-------- C:\Program Files\Cain
2008-04-05 16:44:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-03-31 22:28:06 0 d-------- C:\Program Files\NCH Swift Sound
2008-03-31 18:25:50 0 d-------- C:\Program Files\Activision
2008-03-31 16:47:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-03-25 19:12:36 0 d-------- C:\Program Files\Nsauditor
2008-03-24 19:04:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-03-24 18:57:14 0 d-------- C:\Program Files\uTorrent
2008-03-24 02:33:54 0 d-------- C:\Program Files\Venture Arctic
2008-03-24 02:02:40 0 d-------- C:\Program Files\ReflexiveArcade
2008-03-22 23:32:42 0 d-------- C:\Program Files\LEGO Company
2008-03-14 13:22:54 368640 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-03-10 00:45:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Wireshark
2008-03-10 00:42:34 0 d-------- C:\Program Files\Wireshark
2008-03-10 00:41:50 0 d-------- C:\Program Files\Trend Micro
2008-03-09 13:10:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-08 14:49:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Recordpad
2008-03-05 18:47:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Hamachi
2008-03-04 02:12:11 0 d-------- C:\Program Files\MAIET
2008-02-26 20:16:41 607 --a------ C:\WINDOWS\system32\notepad.vbs
2008-02-26 20:16:41 34 --a------ C:\WINDOWS\system32\mouseswap.bat
2008-02-26 20:16:41 93 --a------ C:\WINDOWS\system32\loltime.bat
2008-02-26 20:16:41 88 --a------ C:\WINDOWS\system32\gf.vbs
2008-02-26 20:16:41 55 --a------ C:\WINDOWS\system32\fontScrewer.bat
2008-02-26 20:16:41 208 --a------ C:\WINDOWS\system32\cdeject.vbs
2008-02-26 20:16:41 95 --a------ C:\WINDOWS\system32\altf4.vbs
2008-02-10 13:33:32 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-02-10 13:33:32 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 09:34 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [07/13/2006 08:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 01:10 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/21/2006 12:09 AM]
"nwiz"="nwiz.exe" [06/21/2006 12:09 AM C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11/29/2007 03:17 AM C:\WINDOWS\KHALMNPR.Exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [03/01/2008 01:10 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 09:34 PM]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [12/28/2006 09:54 PM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/24/2008 02:10 AM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 08:21 AM]
"NvMediaCenter"="NvMCTray.dll" [06/21/2006 12:09 AM C:\WINDOWS\system32\nvmctray.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/28/2008 09:40 PM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [03/24/2008 06:57 PM]
"AntiFreeze"="C:\Program Files\AntiFreeze\AntiFreeze.exe" [12/16/2007 04:57 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 07:46 PM 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
HPService HPSLPSVC


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Autorun.exe

*Newly Created Service* - NETLOGON
*Newly Created Service* - RSVP



-- End of Deckard's System Scanner: finished at 2008-04-27 18:03:33 ------------

And here is the extra logfile:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 16%
Physical Memory (total/avail): 3326.48 MiB / 2777.69 MiB
Pagefile Memory (total/avail): 5210.43 MiB / 4876.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 465.75 GiB total, 375.64 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00YGA0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.75 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 3.76 GiB - 1 partition
\PARTITION0 - Unknown - 3.76 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LUKEFAST
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\LUKEFAST
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=LUKEFAST
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

luke (admin)
LogMeInRemoteUser (admin)
LogMeInRemoteUser.LUKEFAST (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AntiFreeze 1.01 --> "C:\Program Files\AntiFreeze\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Barbarian Invasion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}\setup.exe" -l0x9
Battle for Wesnoth 1.4 --> "C:\Documents and Settings\Administrator\Desktop\portable games\Wesnoth\unins000.exe"
Battlefield 2: Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Belkin 802.11g Wireless PCI Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C2635E-336A-4CDF-8936-994F989E67D1}\Setup.exe"
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
BitTyrant --> C:\Program Files\BitTyrant\Uninstall.exe
Cain & Abel v4.9.14 --> C:\PROGRA~1\Cain\UNINSTAL.EXE C:\PROGRA~1\Cain\Install.log
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.2 Patch --> C:\Program Files\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch --> C:\Program Files\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
ClamWin Free Antivirus 0.92 --> "G:\Data\useful programs\ClamWin\unins000.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Daphne 1.34 --> C:\Program Files\Daphne\uninst.exe
Debut Video Recorder --> C:\Program Files\NCH Software\Debut\uninst.exe
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}
FL Studio 8 --> C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Free FLV Converter V 4.3 --> "G:\Data\useful programs\Free FLV Converter\unins000.exe"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GEAR 32bit Driver Installer --> MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GPGNet --> MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Photosmart Printer Software 9.0 --> C:\Program Files\HP\Digital Imaging\{47253C9A-7269-4be7-8BFE-50470F6897FE}\setup\hpzscr01.exe -datfile hposcr16.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LADSPA_plugins-win-0.4.15 --> "C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Launchy 2.0 --> "G:\Data\useful programs\Launchy\unins000.exe"
LimeWire PRO 4.17.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) --> "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Nsauditor 1.7.3 --> "C:\Program Files\Nsauditor\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Rise Of Legends --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CADDE354-C78C-46CB-A006-E2B178EFC271}
Rome - Total War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SUPER © Version 2008.bld.30 (Mar 22, 2008) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Supreme Commander --> C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Tablet --> C:\Program Files\Tablet\Remove.exe /u
Terragen --> MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}
The Battle for Middle-earth ™ II --> C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\EAUninstall.exe
Thinstall Virtualization Suite 3.128 --> MsiExec.exe /X{92F04F8D-D798-48A6-A746-CB74CBDDD19E}
Tom Clancy's Ghost Recon Advanced Warfighter® 2 --> "C:\Program Files\InstallShield Installation Information\{F78AC3C0-578C-49AB-BD4E-3107A6036A13}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"
Unreal Tournament 3 --> MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
UT2004 Editor's Choice Edition Mod Installer --> MsiExec.exe /I{88D5B052-13BF-44FE-8C17-AC416B323BFE}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Virtual Audio Cable 4.04 --> C:\Program Files\Virtual Audio Cable\setup.exe -u
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
VirtuaWin v4.0 --> "G:\Data\VirtuaWin\unins000.exe"
VST Bridge 1.1 --> "C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireshark 0.99.8 --> "C:\Program Files\Wireshark\uninstall.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4433 / Error
Event Submitted/Written: 04/27/2008 04:53:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqtra08.exe, version 90.0.146.0, faulting module hpzidr12.dll, version 12.1.1.54, fault address 0x00004843.
Processing media-specific event for [hpqtra08.exe!ws!]

Event Record #/Type4422 / Error
Event Submitted/Written: 04/27/2008 04:05:18 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hpqste08.exe, version 90.0.146.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4420 / Error
Event Submitted/Written: 04/27/2008 03:38:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application utility.exe, version 1.0.0.10, faulting module mfc42.dll, version 6.0.8665.0, fault address 0x0005e396.
Processing media-specific event for [utility.exe!ws!]

Event Record #/Type4323 / Error
Event Submitted/Written: 04/27/2008 02:31:22 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpqtra08.exe, version 90.0.146.0, faulting module hpzidr12.dll, version 12.1.1.54, fault address 0x0000641d.
Processing media-specific event for [hpqtra08.exe!ws!]

Event Record #/Type4313 / Error
Event Submitted/Written: 04/26/2008 10:54:11 PM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17076 / Warning
Event Submitted/Written: 04/27/2008 05:44:59 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17075 / Warning
Event Submitted/Written: 04/27/2008 05:30:26 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type17044 / Error
Event Submitted/Written: 04/27/2008 04:39:38 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type17043 / Error
Event Submitted/Written: 04/27/2008 04:39:38 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.

Event Record #/Type17042 / Error
Event Submitted/Written: 04/27/2008 04:39:38 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.



-- End of Deckard's System Scanner: finished at 2008-04-27 18:03:33 ------------

Edited by Orange Blossom, 27 April 2008 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 08 May 2008 - 06:23 AM

Hello Dark_Raker

Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to. If you have not resolved this issue and still need assistance, post a new HJT log as your system may have changed since your original post.


Download Trendmicros Hijackthis to your desktop.
Double click it to install
Follow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exe
  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 Dark_Raker

Dark_Raker
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 10 May 2008 - 08:46 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:11 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AntiFreeze\AntiFreeze.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\Documents and Settings\Administrator\Desktop\Tweakui\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = G:\Data\useful programs\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 20635 bytes

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 10 May 2008 - 09:56 PM

Hello,

Your HJT log looks fine with the exception of the file sharing programs you have, you never know whats attached to the song or movie you download using a P2P program, myself I would uninstall them.

Lets see what Malwarebytes comes up with.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 Dark_Raker

Dark_Raker
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 11 May 2008 - 01:58 PM

here's the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:56 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AntiFreeze\AntiFreeze.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\Documents and Settings\Administrator\Desktop\Tweakui\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = G:\Data\useful programs\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 20537 bytes

and the anti-malware:

Malwarebytes' Anti-Malware 1.12
Database version: 740

Scan type: Quick Scan
Objects scanned: 38791
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bndblock4.band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\dsaip32b.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dsaip32b.Video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HackerDefenderDrv100 (Rootkit.HacDef) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\bx4 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hn3 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pb1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\luke\Application Data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 11 May 2008 - 04:42 PM

Malwarebytes removed some nasty stuff, I am sure there is more lurking, lets run Combofix.

Download ComboFix from Here or Here to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.



1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net

2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 Dark_Raker

Dark_Raker
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 11 May 2008 - 06:21 PM

ComboFix 08-05-11.1 - Administrator 2008-05-11 19:12:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2824 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-11 14:47 . 2008-05-11 14:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-11 14:47 . 2008-05-11 14:47 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-11 14:47 . 2008-05-11 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-11 14:47 . 2008-05-11 14:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-11 14:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-11 14:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-09 16:29 . 2008-05-09 16:29 <DIR> d-------- C:\Program Files\Grand Theft Auto 5 - San Andreas
2008-05-09 15:35 . 2008-05-09 15:35 <DIR> d-------- C:\Program Files\Rockstar Games
2008-05-08 23:24 . 2008-05-08 23:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-08 23:19 . 2008-05-08 23:19 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-08 23:18 . 2008-05-08 23:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-08 17:31 . 2008-05-08 17:31 <DIR> d-------- C:\Program Files\CRS-MegaDev
2008-05-08 02:18 . 2008-05-08 02:18 <DIR> d-------- C:\Program Files\Grand Theft Auto 4 - Vice City [v1.1 PC-Multilang NoCD]1
2008-05-07 23:27 . 2008-05-08 23:34 <DIR> d-------- C:\Program Files\Grand Theft Auto 5 - San Andreas1
2008-05-07 20:11 . 2008-05-07 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Camtech
2008-05-06 20:49 . 2008-05-06 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Petroglyph
2008-05-06 20:43 . 2008-05-06 20:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LucasArts
2008-05-06 20:03 . 2008-05-06 20:03 <DIR> d-------- C:\Program Files\LucasArts
2008-05-05 21:37 . 2008-05-05 21:37 1,510 --a------ C:\WINDOWS\Sketchpad Preferences.dat
2008-05-05 18:22 . 2008-05-05 18:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Download Manager
2008-05-05 16:11 . 2008-05-05 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-05 16:11 . 2008-05-05 16:11 262,144 --a------ C:\Documents and Settings\LOGMEI~3.LUK
2008-05-05 16:11 . 2008-05-05 16:11 262,144 --a------ C:\Documents and Settings\LOGMEI~3
2008-05-05 16:06 . 2008-05-05 16:06 262,144 --a------ C:\Documents and Settings\LOGMEI~2.LUK
2008-05-05 16:06 . 2008-05-05 16:06 262,144 --a------ C:\Documents and Settings\LOGMEI~2
2008-05-02 01:42 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-05-02 01:42 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-05-02 01:30 . 2008-05-02 01:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-01 23:55 . 2008-05-01 23:56 <DIR> d-------- C:\Program Files\iTunes
2008-05-01 23:55 . 2008-05-01 23:55 <DIR> d-------- C:\Program Files\iPod
2008-04-30 19:00 . 2008-04-30 19:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-28 23:43 . 2008-05-11 13:28 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2008-04-28 21:57 . 2008-04-29 00:22 <DIR> d-------- C:\Program Files\Sauerbraten
2008-04-28 21:13 . 2008-04-28 21:13 <DIR> d-------- C:\Program Files\VirtualDJ
2008-04-28 20:40 . 2008-04-28 20:54 <DIR> d-------- C:\Program Files\Cube
2008-04-27 20:46 . 2007-04-04 18:39 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-27 17:25 . 2008-04-27 17:25 <DIR> d-------- C:\Deckard
2008-04-27 15:36 . 2008-05-11 19:12 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-27 13:07 . 2008-04-27 15:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-27 12:34 . 2008-04-27 12:34 <DIR> d-------- C:\Program Files\AntiFreeze
2008-04-27 02:49 . 2008-05-11 14:48 <DIR> d-------- C:\Program Files\FrostWire
2008-04-27 02:43 . 2008-04-27 02:43 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-26 20:59 . 2008-04-26 20:59 <DIR> d-------- C:\Program Files\Daphne
2008-04-25 00:49 . 2008-04-26 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-24 23:32 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-24 23:28 . 2008-04-24 23:28 <DIR> d-------- C:\Program Files\ESET
2008-04-24 21:54 . 2008-05-11 13:10 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-24 21:54 . 2008-04-26 19:57 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-24 21:54 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-24 14:57 . 2008-04-26 15:58 109,734 --a------ C:\WINDOWS\BMbffc2035.xml
2008-04-24 02:47 . 2008-04-24 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-24 02:27 . 2008-05-02 18:46 644 --a------ C:\WINDOWS\wininit.ini
2008-04-24 02:09 . 2008-04-24 02:10 8,192 --a------ C:\Documents and Settings\LOGMEI~1.LUK
2008-04-24 02:09 . 2008-04-24 02:10 8,192 --a------ C:\Documents and Settings\LOGMEI~1
2008-04-24 01:56 . 2008-04-24 01:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-24 01:56 . 2008-04-24 01:56 2,551 --a------ C:\WINDOWS\unins000.dat
2008-04-23 23:55 . 2008-04-24 01:41 <DIR> d-------- C:\WINDOWS\system32\cTMP
2008-04-23 23:55 . 2008-04-23 23:55 <DIR> d-------- C:\temp\zvebs14
2008-04-23 23:55 . 2008-04-23 23:55 <DIR> d-------- C:\temp\kvebs14
2008-04-23 17:37 . 2008-04-23 17:38 <DIR> d-------- C:\Program Files\Launchy
2008-04-23 17:37 . 2008-04-23 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Launchy
2008-04-23 14:32 . 2008-01-16 21:42 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-04-23 01:26 . 2008-04-23 01:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\NCH Software
2008-04-22 18:29 . 2008-04-22 18:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-04-22 04:07 . 2008-04-22 04:07 51 --a------ C:\plug_in.ini
2008-04-22 03:04 . 2008-04-22 03:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-04-22 02:33 . 2008-04-22 02:47 <DIR> d-------- C:\Program Files\Native Instruments
2008-04-22 02:26 . 2008-04-22 02:26 <DIR> d-------- C:\Program Files\VstPlugins
2008-04-22 02:26 . 2008-04-22 02:26 <DIR> d-------- C:\Program Files\Outsim
2008-04-22 02:25 . 2008-04-22 03:06 <DIR> d-------- C:\Program Files\MixMeister Studio 7.2.2
2008-04-22 01:38 . 2008-04-22 01:38 1,720,086 --a------ C:\WINDOWS\system32\TmpA90501531
2008-04-22 00:38 . 2008-04-22 00:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ableton
2008-04-22 00:38 . 2008-03-14 13:22 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-04-20 20:27 . 2008-04-20 20:27 <DIR> d-------- C:\Program Files\Bonjour
2008-04-20 20:22 . 2008-04-20 20:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-20 19:16 . 2008-04-27 14:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-20 18:34 . 2008-04-20 18:38 <DIR> d-------- C:\Program Files\Audacity
2008-04-18 18:20 . 2008-04-18 18:20 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-17 19:40 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-17 19:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-17 19:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-17 19:40 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-15 21:38 . 2008-04-15 21:38 145,408 --a------ C:\WINDOWS\system\msconfig.exe
2008-04-15 17:45 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-15 17:45 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-15 15:08 . 2008-04-15 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-04-14 17:21 . 2008-04-20 20:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-14 17:08 . 2008-04-16 20:02 <DIR> d-------- C:\Program Files\ASUS
2008-04-14 17:08 . 2006-01-10 04:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-04-14 17:08 . 2006-10-18 15:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-04-14 17:07 . 2008-04-14 17:07 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-04-14 17:06 . 2008-04-14 17:06 33,527 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-14 01:47 . 2008-04-14 01:56 <DIR> d-------- C:\Documents and Settings\Administrator\Shared
2008-04-14 01:47 . 2008-05-11 13:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\FrostWire
2008-04-14 01:45 . 2008-04-14 01:45 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-13 22:27 . 2008-04-13 22:27 <DIR> d-------- C:\Documents and Settings\luke\Application Data\OpenOffice.org2
2008-04-13 21:56 . 2008-04-13 21:56 <DIR> d-------- C:\Program Files\Pandromeda
2008-04-13 17:29 . 2008-05-11 19:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-04-12 20:39 . 2008-04-12 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-12 20:39 . 2008-04-12 20:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-04-12 20:38 . 2008-04-12 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-12 20:38 . 2007-04-04 03:47 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-04-12 20:38 . 2007-04-04 03:47 267,864 -ra------ C:\hpzids01.dll
2008-04-12 20:38 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-04-12 20:36 . 2008-04-12 20:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HPAppData
2008-04-12 20:35 . 2008-04-12 20:35 <DIR> d-------- C:\Program Files\Common Files\HP
2008-04-12 20:35 . 2008-04-12 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-12 20:35 . 2008-04-12 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-04-12 20:33 . 2008-04-14 01:45 <DIR> d-------- C:\Program Files\HP
2008-04-12 20:32 . 2008-04-12 20:39 144,001 --a------ C:\WINDOWS\hpoins16.dat
2008-04-12 20:32 . 2007-05-15 06:10 5,279 --------- C:\WINDOWS\hpomdl16.dat
2008-04-12 15:29 . 2008-04-12 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uk.co.planetside
2008-04-12 15:28 . 2008-04-15 09:59 <DIR> d-------- C:\Program Files\Terragen
2008-04-12 02:57 . 2008-04-12 02:57 <DIR> d-------- C:\Program Files\Virtual Audio Cable
2008-04-12 02:57 . 2006-12-31 15:38 31,616 --a------ C:\WINDOWS\system32\drivers\vrtaucbl.sys
2008-04-11 21:35 . 2008-04-11 21:37 <DIR> d-------- C:\Program Files\VentSrv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-11 20:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-11 20:08 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-05-11 19:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Xfire
2008-05-10 16:58 --------- d-----w C:\Program Files\Xfire
2008-05-09 19:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 00:50 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-02 23:36 --------- d-----w C:\Program Files\Microsoft Games
2008-05-02 19:52 --------- d-----w C:\Program Files\Apple Software Update
2008-05-02 02:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-30 23:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-30 01:37 --------- d-----w C:\Program Files\EA GAMES
2008-04-29 23:34 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Orbit
2008-04-29 21:44 --------- d-----w C:\Program Files\uTorrent
2008-04-28 22:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-04-27 02:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 21:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\My Battle for Middle-earth™ II Files
2008-04-24 06:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-24 06:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-24 05:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-23 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-04-23 05:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-04-23 05:26 --------- d-----w C:\Program Files\NCH Software
2008-04-22 06:27 --------- d-----w C:\Program Files\Image-Line
2008-04-17 21:09 --------- d-----w C:\Program Files\Java
2008-04-16 02:38 --------- d-----w C:\Program Files\Google
2008-04-14 21:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-12 01:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 23:28 --------- d-----w C:\Documents and Settings\luke\Application Data\Ventrilo
2008-04-10 23:26 --------- d-----w C:\Documents and Settings\luke\Application Data\.clamwin
2008-04-10 22:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-04-10 01:51 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-04-10 00:49 --------- d-----w C:\Program Files\Ventrilo
2008-04-09 23:59 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-04-09 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 02:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.clamwin
2008-04-08 20:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DonationCoder
2008-04-08 05:09 --------- d-----w C:\Program Files\Thinstall.VS
2008-04-07 00:36 --------- d-----w C:\Program Files\WinPcap
2008-04-07 00:36 --------- d-----w C:\Program Files\Cain
2008-04-07 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-04-06 23:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-04-06 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\moka5
2008-04-06 23:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\moka5
2008-04-05 01:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Warsow
2008-04-04 21:27 --------- d-----w C:\Program Files\Azureus
2008-04-04 20:10 --------- d-----w C:\Program Files\Hamachi
2008-04-03 23:05 --------- d-----w C:\Program Files\Unlocker
2008-04-03 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thinstall
2008-04-03 21:43 --------- d-----w C:\Program Files\MediaCoder
2008-04-03 06:53 --------- d-----w C:\Program Files\eRightSoft
2008-04-03 06:50 --------- d-----w C:\Program Files\BitTyrant
2008-04-03 06:46 --------- d-----w C:\Program Files\Orbitdownloader
2008-04-03 05:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTyrant
2008-04-03 05:26 --------- d-----w C:\Program Files\AviSynth 2.5
2008-04-02 00:32 0 ----a-w C:\$RJ$.DAT
2008-04-01 02:28 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-31 22:25 --------- d-----w C:\Program Files\Activision
2008-03-31 21:25 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-31 20:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VirtuaWin
2008-03-25 23:56 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-03-25 23:41 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-03-25 23:12 --------- d-----w C:\Program Files\Nsauditor
2008-03-24 06:33 --------- d-----w C:\Program Files\Venture Arctic
2008-03-24 06:02 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-23 03:32 --------- d-----w C:\Program Files\LEGO Company
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 17:22 368,640 ----a-w C:\WINDOWS\system32\rewire.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-26 19:19 22,328 ----a-w C:\Documents and Settings\luke\Application Data\PnkBstrK.sys
2008-01-06 18:54 10 ----a-w C:\Program Files\.autoreg
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-27_16.41.24.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 20:33:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 23:07:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 03:49:59 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-05-02 03:56:10 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2006-09-19 19:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2008-04-24 06:52:18 1,478,592 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-03 19:20:30 1,487,752 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-10-04 00:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 16:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 1998-05-08 04:57:22 143,872 ------w C:\WINDOWS\system32\iacenc.dll
+ 1997-06-14 02:56:08 56,832 ------w C:\WINDOWS\system32\iyvu9_32.dll
- 2008-04-27 02:26:04 70,828 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-29 22:03:34 71,544 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-27 02:26:04 422,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-29 22:03:34 424,416 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-27 19:38:02 16,189 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-05-11 23:07:52 16,189 ----a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-28 21:40 32768]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-03-24 18:57 219952]
"AntiFreeze"="C:\Program Files\AntiFreeze\AntiFreeze.exe" [2007-12-16 16:57 139776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 09:34 868352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-21 00:09 7618560]
"nwiz"="nwiz.exe" [2006-06-21 00:09 1519616 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 03:17 55824 C:\WINDOWS\KHALMNPR.Exe]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 01:10 15872]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-28 21:54 363008]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"NvMediaCenter"="NvMCTray.dll" [2006-06-21 00:09 86016 C:\WINDOWS\system32\nvmctray.dll]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"CoolSwitch"="C:\Documents and Settings\Administrator\Desktop\Tweakui\taskswitch.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2006-02-28 08:00 158208]

C:\Documents and Settings\luke\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-22 18:29:52 2998608]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-04-22 18:29:52 2998608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2007-11-17 20:18:17 340054]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"msacm.fraunhoferacm"= l3codecp.acm
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare 1.1\\iw3mp.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe [2006-02-28 08:00]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2006-12-31 15:38]
S3 DBKDRVR54;DBKDRVR54;C:\Program Files\Cheat Engine\dbk32.sys [2007-12-27 05:45]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 13:10]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 PBDOWNFORCE_SERVICE;PBDOWNFORCE_SERVICE;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PHQ89.tmp []
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2006-12-26 02:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-02 03:49:58 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 19:15:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AntiFreeze = C:\Program Files\AntiFreeze\AntiFreeze.exe /splash???????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PBDOWNFORCE_SERVICE]
"ImagePath"="\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\PHQ89.tmp"
.
Completion time: 2008-05-11 19:17:53
ComboFix-quarantined-files.txt 2008-05-11 23:17:28
ComboFix2.txt 2008-04-27 20:41:55

Pre-Run: 358,813,540,352 bytes free
Post-Run: 359,201,423,360 bytes free

343 --- E O F --- 2008-04-14 21:22:03






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:02 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\AntiFreeze\AntiFreeze.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\Documents and Settings\Administrator\Desktop\Tweakui\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AntiFreeze] C:\Program Files\AntiFreeze\AntiFreeze.exe /splash
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = G:\Data\useful programs\Launchy\Launchy.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D012527-30A6-49A0-BAAD-635CCEC55C4E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 20547 bytes

#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 11 May 2008 - 07:26 PM

Dark_Raker,

Combofix did not find anything bad and the rest of your HJT log looks clean :thumbsup:

You have ESET Anti Virus installed and I also see the beta of Kaspersky running, two anti virus programs are not recommended as they will slow up your system and sometimes cause issues as the two butt heads, so I would recommend uninstalling one of them,



Please download ATF Cleaner by Atribune to your desktop.
  • This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up




  • Your Java is out of date and leaving your system vulnerable.
  • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
  • It should have an icon next to it:
    Posted Image
    Select it and click Remove.
  • Reboot your system.
  • Then go to the Sun Microsystems and install the update
  • Java Runtime Environment (JRE) 6 Update 6 <--This is what you need to download and install.
  • If you chose the online installation, it will prompt you to run the program.
  • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
  • Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future


How is your system running now???

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#9 Dark_Raker

Dark_Raker
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 12 May 2008 - 09:08 PM

hey, i have used atf cleaner and am now re-installing java. was the kaspersky actually running? because it does not show up in the task manager and is not present in windows add or remove programs (i think i may have uninstalled it but traces were left behind). also, a little while ago my spybot resident stopped finding registry changes, and the random internet explorer popups stopped, but i am afraid there might be something running in the background.

the java update went fine and it was verified correctly.

Edited by Dark_Raker, 12 May 2008 - 09:27 PM.


#10 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 13 May 2008 - 04:04 AM

Good Morning,

Kaspersky is not running , these are all just leftover entries we can remove

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (file missing)

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll




C:\Program Files\Logitech\Desktop Messenger <-- You can uninstall this program only, it will not uninstall your keyboard and mouse, the reason its installed is because when you installed the Logitech software you did not read the (EULA) End Users License Agreement.



The rest of your log looks fine :thumbsup: What do you feel is running in the background that your concerned about? For windows to run you most likely have around 40 or so programs running in the background that are needed .


You can run this free online Virus scanner and post the report, if something is still lurking it will pick it up

Run this free online scan using Internet Explorer:
Kaspersky Online Virus Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Post the log along with a New HJT Log into your next reply.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#11 Dark_Raker

Dark_Raker
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 15 May 2008 - 05:56 PM

Thanks for the info about removing the kaspersky stuff. I don't think there is actually anything running in the background, but I'm just being paranoid because my dad is a computer person and so am I, and I know that there could be something but there probably isn't.

#12 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 15 May 2008 - 07:46 PM

Run Kaspersky and post the log, its very good at picking bad things up if there present.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:03 PM

Posted 31 May 2008 - 10:02 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users