Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rlai.dll Error


  • This topic is locked This topic is locked
26 replies to this topic

#1 Dubsman35

Dubsman35

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 23 June 2008 - 11:49 PM

Hello everyone, i am new to this forum and these types of problems so please bare with me. recently, i was downloading some programs and i think i might have come across an infected program. my computer started to run very slow, my heat sensor was reading at about 145 degrees Fahrenheit, higher than i have ever seen it go before by about 10 degrees. windows explorer kept on suddenly ending and my internet connection seemed to be dying. i was not sure what was going on, so instinctivly i restarted my computer. when it came up, everything showed up as normal, then i started getting errors that looked something like this (this is not word for word though, it is very long and hard to copy, i can try to get it though if needed)

___.exe - bad image

c\window\system32\rlai.dll cannot run with windows or is corrupt. please reinstall the program


now this window poped up for every application that started with windows, and every application that i started personally. eventaully, windows explorer ended and did not restart, so all my icons and the whole task bar was gone. i found some thing or forums such as HJT and smitfraudfix. after running smitfraudfix and having it clean (option 2) everything was restored, well windows explorer restarted and the computer ran much cooler again. when ran a couple virus scans and fixed what ever they came across, i restarted only to find that the rlai.dll error would come up again and windows explorer ended but restarted by itself a minute later. the computer is still running cooler, and i am able to open any program and use it even though every time i open it i get the rlai.dll error. i am guessing that it got removed from my system but there are still some traces of it left? i want to make sure i have nothing left on my system, i really would like to keep it clean, and have for over a year, so if anyone could help me, that would be great. i will post my HJT results just incase, i hear it helps? im not really sure what any of it means. if you ahve any more info you need, please feel free to ask. im running vista home basic

EDIT: I recently ran some spyware removal tools such as SuperAnitSpyware. the computer is running much nicer now, the rlai.dll isnt showing up anymore, but i really want to be sure. Im trying to post a new DSS/HJT log but only main.txt pops up, and no extra.txt. so i know i wasnt supposed to do anything after posting this, or atleast now i do, so i want to update it so no one tells me something wrong


Deckard's System Scanner v20071014.68
Run by Brian on 2008-06-24 00:37:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-06-24 01:29:19 UTC - RP779 - Removed WebUpdater
4: 2008-06-24 01:25:23 UTC - RP777 - Removed Garmin WebUpdater
3: 2008-06-23 21:42:18 UTC - RP776 - Installed Kaspersky Internet Security 2009.
2: 2008-06-23 04:53:10 UTC - RP775 - Scheduled Checkpoint
1: 2008-06-22 00:59:54 UTC - RP774 - Removed Battlefield 1942


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Brian.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:02 AM, on 6/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Laser Printer 1110\LocalSM\jbDetect.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Brian\Desktop\dss.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Dell Laser Printer 1110 SM_JB] C:\Program Files\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Brian\AppData\Local\Temp\rqRHwXNh.dll,c
O4 - HKCU\..\Run: [BM35c690c2] Rundll32.exe "C:\Users\Brian\AppData\Local\Temp\kqghpdyt.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: bw+0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\rlai.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: RelevantKnowledge - RelevantKnowledge - C:\Windows\system32\rlservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 24585 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Windows\system32\imageres.dll,-68
.inf - inffile - DefaultIcon - C:\Windows\system32\imageres.dll,-69
.ini - inifile - DefaultIcon - C:\Windows\system32\imageres.dll,-69
.js - JSFile - DefaultIcon - C:\Windows\System32\WScript.exe,3
.reg - regfile - DefaultIcon - C:\Windows\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\Windows\system32\imageres.dll,-102
.vbs - VBSFile - DefaultIcon - C:\Windows\system32\WScript.exe,2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 hmonitor - \??\c:\windows\system32\drivers\hmonitor.sys

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - \??\c:\windows\system32\drivers\bvrpmpr5.sys
S3 DNIMp50 (DNIMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\dnimp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >
S3 DNISp50 (DNISp50 NDIS Protocol Driver) - c:\windows\system32\drivers\dnisp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >
S3 SIoctl - \??\c:\windows\system32\drivers\sioctl.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe"
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 RelevantKnowledge - c:\windows\system32\rlservice.exe /service <Not Verified; RelevantKnowledge; RelevantKnowledge>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 rcp_service (ReaConverter scheduler service) - c:\program files\reaconverter 5.0 pro\rcp_scheduler.exe <Not Verified; ReaSoft; >
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" (file missing)
S3 Webcam Corp. Service Starter - c:\program files\webcam\webcam123\dogsvc.exe (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-24 00:40:01 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{9F019700-EEE7-4132-8342-42D801CEC8CA}.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 00:14:43 56 --ah----- C:\Users\All Users\ezsidmv.dat
2008-06-24 00:13:45 0 d-------- C:\Program Files\Common Files\Skype
2008-06-23 21:16:47 691545 --a------ C:\Windows\unins000.exe
2008-06-23 21:16:47 2545 --a------ C:\Windows\unins000.dat
2008-06-23 20:54:33 4510 --a------ C:\Windows\system32\tmp.reg
2008-06-23 20:49:46 0 d-------- C:\Program Files\Trend Micro
2008-06-23 17:50:03 96966 --a------ C:\Windows\system32\drivers\klin.dat
2008-06-23 17:50:03 88774 --a------ C:\Windows\system32\drivers\klick.dat
2008-06-23 17:46:13 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-06-23 17:46:13 0 d-------- C:\Program Files\Kaspersky Lab
2008-06-23 17:45:22 802848 --ahs---- C:\Windows\system32\drivers\fidbox2.dat
2008-06-23 17:45:22 3494432 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-06-23 17:40:24 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-06-23 17:03:44 24576 --a------ C:\Windows\system32\ljJDWOiI.dll
2008-06-18 20:09:29 0 d-------- C:\Program Files\EA Sports
2008-06-18 14:42:47 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-15 20:04:08 0 d-------- C:\Windows\system32\iosubsys
2008-06-15 19:54:33 10536 --a------ C:\Windows\system32\drivers\Hmonitor.sys
2008-06-15 19:54:33 0 d-------- C:\Program Files\Hmonitor
2008-06-15 19:17:09 0 d-------- C:\Garmin
2008-06-14 14:17:16 49152 --a------ C:\Windows\system32\ArmAccess.dll
2008-06-13 15:29:08 0 d-------- C:\Program Files\CureROM
2008-06-07 23:25:36 0 d-------- C:\Program Files\BrainWave Generator
2008-06-07 23:25:28 303616 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-05 23:04:11 0 d-------- C:\Program Files\Sony
2008-06-05 18:22:40 0 d-------- C:\Program Files\Steinberg
2008-06-05 18:22:38 0 d-------- C:\Program Files\Common Files\Acon Digital Media
2008-06-05 18:22:36 0 d-------- C:\Program Files\Acon Digital Media
2008-06-03 15:04:50 0 d-------- C:\Program Files\Common Files\Steam
2008-06-01 19:59:51 0 d-------- C:\Program Files\Power Tab Software
2008-05-29 23:16:01 0 d-------- C:\Program Files\NETGEAR
2008-05-29 19:07:21 20480 --a------ C:\Windows\system32\drivers\DNISP50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >
2008-05-29 19:07:21 21504 --a------ C:\Windows\system32\drivers\DNIMP50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); >
2008-05-24 12:21:27 0 d-------- C:\Users\All Users\Ubisoft
2008-05-24 11:57:58 0 d-------- C:\Program Files\Ubisoft


-- Find3M Report ---------------------------------------------------------------

2008-06-24 00:14:43 0 d-------- C:\Users\Brian\AppData\Roaming\skypePM
2008-06-24 00:14:26 0 d-------- C:\Users\Brian\AppData\Roaming\Skype
2008-06-24 00:13:45 0 d-------- C:\Program Files\Common Files
2008-06-24 00:03:24 0 d-------- C:\Users\Brian\AppData\Roaming\uTorrent
2008-06-23 23:51:47 118784 --a------ C:\Windows\system32\rlai.dll <Not Verified; RelevantKnowledge; RelevantKnowledge>
2008-06-23 23:19:02 0 d-------- C:\Users\Brian\AppData\Roaming\Vidalia
2008-06-23 23:18:58 0 d-------- C:\Users\Brian\AppData\Roaming\tor
2008-06-23 21:33:32 0 d-------- C:\Program Files\Yahoo!
2008-06-23 21:01:33 35 --a------ C:\Users\Brian\AppData\Roaming\SetValue.bat
2008-06-23 21:01:33 691 --a------ C:\Users\Brian\AppData\Roaming\GetValue.vbs
2008-06-22 22:35:24 0 d-------- C:\Program Files\Winamp
2008-06-22 22:33:10 0 d-------- C:\Users\Brian\AppData\Roaming\Winamp
2008-06-21 21:00:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 13:51:23 909 --a------ C:\Windows\eReg.dat
2008-06-19 23:35:26 0 d-------- C:\Users\Brian\AppData\Roaming\gtk-2.0
2008-06-18 14:47:31 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-18 14:42:49 0 d-------- C:\Users\Brian\AppData\Roaming\SystemRequirementsLab
2008-06-17 20:33:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-06-14 14:18:47 12 --a------ C:\Windows\bthservsdp.dat
2008-06-13 19:52:36 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 17:01:13 0 d-------- C:\Program Files\AIM Music Link
2008-06-11 03:07:18 0 d-------- C:\Program Files\Windows Mail
2008-06-03 23:31:24 0 d-------- C:\Program Files\AIM6
2008-06-01 20:37:32 0 d-------- C:\Program Files\LimeWire
2008-05-29 19:30:00 0 d-------- C:\Users\Brian\AppData\Roaming\Adobe
2008-05-22 23:56:12 0 d-------- C:\Users\Brian\AppData\Roaming\AVG7
2008-05-20 21:04:41 0 d-------- C:\Users\Brian\AppData\Roaming\RCP 5
2008-05-20 20:04:50 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 00:03:35 0 d-------- C:\Program Files\Dell
2008-05-17 22:52:50 0 d-------- C:\Program Files\Cisco
2008-05-17 22:49:22 0 d-------- C:\Users\Brian\AppData\Roaming\InstallShield
2008-05-14 00:55:57 0 d-------- C:\Program Files\Bonjour
2008-05-14 00:37:00 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-13 20:51:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 20:45:53 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-13 20:37:58 0 d--h----- C:\Users\Brian\AppData\Roaming\GTek
2008-05-13 19:55:02 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-12 18:21:46 0 d-------- C:\Program Files\Virtual DJ Studio
2008-05-10 23:13:04 0 d-------- C:\Users\Brian\AppData\Roaming\Symantec
2008-05-10 21:06:07 0 dr-h----- C:\Users\Brian\AppData\Roaming\SecuROM
2008-05-10 20:29:27 0 d-------- C:\Program Files\Atari
2008-05-09 18:05:41 0 d-------- C:\Users\Brian\AppData\Roaming\DAEMON Tools Pro
2008-05-09 18:02:43 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-05-07 21:35:32 0 d-------- C:\Users\Brian\AppData\Roaming\rockbox.org
2008-05-07 19:19:14 0 d-------- C:\Program Files\Symantec
2008-05-07 19:19:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-07 19:12:05 0 d-------- C:\Program Files\Norton Ghost
2008-05-04 12:52:08 0 d-------- C:\Program Files\PhotomatixPro3
2008-05-03 12:38:43 0 d-------- C:\Program Files\Picasa2
2008-05-03 12:37:35 0 d-------- C:\Program Files\Google
2008-05-02 21:19:39 0 d-------- C:\Program Files\NeroInstall.bak
2008-05-02 21:12:15 0 d-------- C:\Program Files\Common Files\Nero
2008-05-02 21:08:11 0 d-------- C:\Program Files\Nero
2008-05-02 16:15:58 0 d-------- C:\Program Files\Makayama Interactive
2008-04-16 23:21:17 174 --ahs---- C:\Program Files\desktop.ini
2008-04-16 21:14:17 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [01/18/2008 11:33 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/18/2008 11:38 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/06/2007 06:10 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/17/2006 07:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"SigmatelSysTrayApp"="sttray.exe" [01/12/2007 11:51 AM C:\Windows\sttray.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [10/13/2006 01:31 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 02:25 PM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [01/23/2007 04:44 PM C:\Windows\KHALMNPR.Exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 01:37 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 01:35 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 02:45 PM]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [12/08/2007 02:34 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [07/11/2006 07:12 PM]
"Dell Laser Printer 1110 SM_JB"="C:\Program Files\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe" [12/19/2006 09:25 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [04/25/2008 06:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [11/22/2007 05:49 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe" [06/15/2007 11:17 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [01/17/2008 04:37 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/18/2008 11:33 PM]
"cmds"="C:\Users\Brian\AppData\Local\Temp\rqRHwXNh.dll,c" []
"BM35c690c2"="C:\Users\Brian\AppData\Local\Temp\kqghpdyt.dll,s" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2/20/2007 12:08:06 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [5/29/2008 11:16:02 PM]
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/2006 10:30:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"NoDispCpl"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsHistory"=01000000
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 06/09/2007 01:36 AM 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\Windows\system32\rlai.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
"C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]
"C:\Program Files\Norton Ghost\Agent\VProTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
"C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
%windir%\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc
bthsvcs BthServ
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0574b660-de6f-11db-a7e2-00038a000015}]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16abdca7-4173-11dc-b5fd-00038a000015}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mystearnsandfoster.com/

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16abdca8-4173-11dc-b5fd-00038a000015}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL http://www.mystearnsandfoster.com/

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53e409fe-b6bc-11dc-a998-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a43ff831-b4dc-11dc-ac47-00038a000015}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8e83e13-0c2b-11dd-9ca9-806e6f6e6963}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f03836f1-99cd-11dc-822d-00038a000015}]
AutoRun\command- F:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8771 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-24 00:44:11 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2060 @ 1.60GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1533.71 MiB / 583.02 MiB
Pagefile Memory (total/avail): 3323.23 MiB / 1681.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1891.75 MiB

C: is Fixed (NTFS) - 137 GiB total, 41.06 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 6.18 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 - Installable File System - 10 GiB - D:
\PARTITION2 (bootable) - Installable File System - 137 GiB - C:
\PARTITION3 - Extended w/Extended Int 13 - 2048 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab) Disabled
AV: AVG 7.5.524 v7.5.524 (Grisoft)
AV: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab) Disabled
AS: Spybot - Search and Destroy v1.0.0.5 (Safer Networking Ltd.) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: Kaspersky Internet Security v8.0.0.357 (Kaspersky Lab) Disabled
AS: SpywareBot v ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Brian\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRIANS-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Brian
LANG=C
LOCALAPPDATA=C:\Users\Brian\AppData\Local
LOGONSERVER=\\BRIANS-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Brian\AppData\Local\Temp
TMP=C:\Users\Brian\AppData\Local\Temp
USERDOMAIN=Brians-Laptop
USERNAME=Brian
USERPROFILE=C:\Users\Brian
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Brian
Howard


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9
µTorrent --> "C:\Users\Brian\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Acoustica Premium Edition 4.1 --> "C:\Program Files\Acon Digital Media\Acoustica Premium 4\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11 --> C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArtRage 2 Starter Edition --> MsiExec.exe /X{112B1172-48A6-45EF-9653-01BB74A91A35}
ATI Catalyst Control Center Ex --> MsiExec.exe /I{493BAF04-DA99-9257-B343-E17BB5E687A3}
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BrainWave Generator --> C:\Windows\IsUninst.exe -f"C:\Program Files\BrainWave Generator\Uninst.isu"
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module --> MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module --> MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module --> MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Creative WebCam NX Driver (1.02.01.0827) --> C:\Windows\CtDrvIns.exe -uninstall -script P1110.uns -unsext NT -plugin p1110pin.dll -pluginres p1110pin.crl
Dell Laser Printer 1110 Software Uninstall --> C:\Program Files\DELL\Dell Laser Printer 1110\Install\setup.exe /Uninstall
Dell Resource CD --> MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305}
Dell System Customization Wizard --> MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DVD Ripper Platinum 4 --> C:\Program Files\ImTOO\DVD Ripper Platinum 4\Uninstall.exe
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
FIFA 08 --> MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GoToAssist 8.0.0.480 --> C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
Hardware sensors monitor --> "C:\Program Files\Hmonitor\unins001.exe"
Hardware sensors monitor 4.4 --> "C:\Program Files\Hmonitor\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
I-Doser v4 --> C:\Program Files\IDoser v4\Uninstal.exe
ImTOO DVD Creator --> C:\Program Files\ImTOO\DVD Creator3\Uninstall.exe
ImTOO iPod Movie Converter --> C:\Program Files\ImTOO\iPod movie Converter 3\Uninstall.exe
InFlac 1.1.1 --> "C:\Program Files\Winamp\InFlac-Uninstall.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LimeWire PRO 4.18.1 --> "C:\Program Files\LimeWire\uninstall.exe"
LinkProcessor plugin --> MsiExec.exe /I{578C9C79-E33D-4B47-BDE6-2B40A86BA9CC}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Diagnostic Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG Encoder 3 --> C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111 --> C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\setup.exe -runfromtemp -l0x0009 -removeonly
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014}
Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PaperPort --> MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photomatix Pro version 3.0.2 --> "C:\Program Files\PhotomatixPro3\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Power Tab Editor 1.7 --> MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Privoxy 3.0.6 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ReaConverter 5.0 Pro --> "C:\Program Files\ReaConverter 5.0 Pro\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SHOUTcast Source DSP 1.9.0 (remove only) --> C:\Program Files\Winamp\uninst-dsp.exe
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sound Blaster ADVANCED MB Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{943884D4-B604-496F-B132-DFA9C63FAF6A}\setup.exe" -l0x9 /remove
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\Windows\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
The GIMP 2.2.17 --> "C:\Program Files\GIMP-2.0\unins000.exe"
Tor 0.1.2.19 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
User's Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vidalia 0.0.16 --> "C:\Program Files\Vidalia Bundle\Uninstall.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual DJ Studio 4.6 --> "C:\Program Files\Virtual DJ Studio\unins000.exe"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}
Windows Mobile Device Center Driver Update --> MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type323975 / Error
Event Submitted/Written: 06/23/2008 11:51:11 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Produkt: Kaspersky Anti-Virus 2009 -- Na komputerze jest juz zainstalowana aplikacja Kaspersky Lab. Nalezy dokonac jej dezinstalacji przed rozpoczeciem instalacji Kaspersky Anti-Virus 2009.

Event Record #/Type323974 / Error
Event Submitted/Written: 06/23/2008 11:24:05 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program SpybotSD.exe version 1.5.2.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1520
Start Time: 01c8d5a910fd2510
Termination Time: 60

Event Record #/Type323970 / Error
Event Submitted/Written: 06/23/2008 11:23:34 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000005, fault offset 0x000659c3,
process id 0xfa0, application start time 0xexplorer.exe0.

Event Record #/Type323968 / Error
Event Submitted/Written: 06/23/2008 11:21:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module msvcrt.dll, version 7.0.6001.18000, time stamp 0x4791a727, exception code 0xc0000005, fault offset 0x00009c00,
process id 0x594, application start time 0xexplorer.exe0.

Event Record #/Type323957 / Success
Event Submitted/Written: 06/23/2008 11:15:43 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type109820 / Error
Event Submitted/Written: 06/24/2008 00:14:33 AM
Event ID/Source: 10016 / DCOM
Event Description:
application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}Brians-LaptopBrianS-1-5-21-2696187273-3567125984-2516834062-1001LocalHost (Using LRPC)

Event Record #/Type109808 / Warning
Event Submitted/Written: 06/23/2008 11:46:50 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type109807 / Warning
Event Submitted/Written: 06/23/2008 11:42:18 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type109804 / Error
Event Submitted/Written: 06/23/2008 11:36:31 PM
Event ID/Source: 10016 / DCOM
Event Description:
application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}Brians-LaptopBrianS-1-5-21-2696187273-3567125984-2516834062-1001LocalHost (Using LRPC)

Event Record #/Type109773 / Error
Event Submitted/Written: 06/23/2008 11:21:02 PM
Event ID/Source: 10016 / DCOM
Event Description:
application-specificLocalActivation{0C0A3666-30C9-11D0-8F20-00805F2CD064}Brians-LaptopBrianS-1-5-21-2696187273-3567125984-2516834062-1001LocalHost (Using LRPC)



-- End of Deckard's System Scanner: finished at 2008-06-24 00:44:11 ------------

Edited by Dubsman35, 24 June 2008 - 05:20 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 17 July 2008 - 02:56 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 17 July 2008 - 05:34 PM

i believe i fixed it, but i will put up a new log just so i can be sure. should i post it here or in a new topic? also, when i run DSS i only get main.txt and not extra.txt

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 19 July 2008 - 06:54 PM

If you would like me to check your HijackThis log, post it in this thread.

extra.txt can be found in the C:\Deckard\System Scanner folder.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 20 July 2008 - 06:09 PM

i just looked, there is main.exe, and 3 folders in that folder. within those folders, one has main.exe, moved.exe, extra.exe. and backup. the other two folders (more recent folder) just have main.exe. the extra.exe found in the first folder is pretty old it seems

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 21 July 2008 - 08:04 AM

The main thing I need is the HijackThis log. Just run that and post it in this thread. You should find the Trend Micro HijackThis log in your C drive. C:/Program Files/Trend Micro/HijackThis.

Since you have old and new files, usually when you hover your mouse over the file, it will tell you the "date created" as well as the name of the file.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 22 July 2008 - 07:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:33 PM, on 7/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\sttray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Laser Printer 1110\LocalSM\jbDetect.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Dell Laser Printer 1110 SM_JB] C:\Program Files\DELL\Dell Laser Printer 1110\LocalSM\jbDetect.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: bw+0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\rlai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Windows\system32\rlservice.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 23914 bytes

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 23 July 2008 - 11:53 AM

The following entry shows that the Microsoft System Configuration Utility is in use and indicates you are using a Selective Startup:

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

This means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to enable those startup entries by doing the following:

Please go to:
  • Start > Run, and type: MSConfig . Press Enter
  • In the General tab, Startup Selection, choose: Normal Startup-load all device drivers and services
  • Press OK until you are out of the program.
  • Reboot and post a new HijackThis log.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 23 July 2008 - 04:13 PM

The things i have unselected under the startup tab are all programs that i just dont want to start up and clog my computer. i dont see how those are effecting anything. are there any other problems? or if i do this will you then be able to find things? cuz i would rather not do the normal start

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 23 July 2008 - 05:43 PM

Please do as I requested. Malware has a way of hiding so we need the HijackThis log to show as much as possible. You can go back to your selective startup after cleaning. Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 23 July 2008 - 05:57 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:50 PM, on 7/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.0 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: bw+0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D3B3FB2E-E901-49F0-9FC6-A7340BCE475C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\rlai.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Windows\system32\rlservice.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webcam Corp. Service Starter - Unknown owner - C:\Program Files\Webcam\Webcam123\dogsvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 21494 bytes

#12 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 24 July 2008 - 09:24 PM

You may want to print this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step 1

The latest version is Java Runtime Environment (JRE) 6 Update 7

I noticed that your Java Runtime Environment is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove the older versions of Java Runtime Environment..
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer after all Java components are removed.
Please download the latest Java Runtime Environment.
  • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right. When a new window opens, you will see
    NOTE: This page offers files for different platforms - please be sure to download the proper file(s) for your platform.
    Required: You must accept the license agreement to download the product.
  • Click to place a check mark by Accept License Agreement.
  • Make the selection corresponding to your computer platform. For Windows, click on Windows Offline Installation, Multi-languagelink to download. Save it to your desktop.
  • On your desktop, double-click on jre-6u7-windows-i586-p.exe to install the newest version.
After you have installed the Java software on your computer, you must restart your browser. You can verify that Java Runtime Environment (RTE) has been installed correctly by clicking on the Verify Installation button on the Welcome To Java and Verify Installation page.

Step 2

In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.
  • Detects and removes malware ( viruses, worms, trojans, etc. )
  • Detects and removes grayware and spyware
  • Restores damage caused by malware to your system.
  • Notifies about vulnerabilities in installed programs and connected network services.
  • Multi-platform support for: Windows, Linux, Solaris.
  • Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.
When you have completed the scans, if you get a report of files that can’t be cleaned / deleted, make a note of the file location of anything that cannot be deleted so you can delete it yourself. Please post that list in your next reply.

Step 3

Please download Ad-Aware 2008.
Please check this link, Ad-Aware 2007/ 2008 for instructions on how to download, install and use Ad-Aware. Run this program as soon as possible.

Step 4

I recommend using Spyware Blaster.
Please download SpywareBlaster. SpywareBlaster helps to:
  • Prevent the installation of Active X-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • Restrict the actions of potentially unwanted sites in Internet Explorer.
Please see Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware for instructions on how to download, install, and use SpywareBlaster.

Step 5

Windows Defender is a free program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it is detected and minimizes interruptions and helps you stay productive.

Please download and install Windows Defender.
  • Confirm that your computer meets the minimum system requirements to install Windows Defender.
  • Visit the Windows Defender page in the Microsoft Download Center. Click the Continue button and follow the directions on the succeeding pages to download the program and start the Installation Wizard.
  • Follow the steps in the Installation Wizard. You will be asked if you want to participate in the Microsoft SpyNet online community. We suggest you choose the first option,
  • Use recommended settings.
  • Click Next to continue.
  • Click Install to begin installing Windows Defender.
  • When installation is complete, click Finish. Windows Defender will begin to scan your computer.
  • For more information, See How to install and set up Windows Defender
Step 6

The ATF-Cleaner program is for XP and Windows 2000 only.
ATF-Cleaner features include:
  • Cleaning of all user temp folders, administrator only can use this feature.
  • Cleaning of the Java cache, which seems to be harboring more and more malware.
  • Cleaning the cache, cookies, history, download history, visited links and saved passwords. You have the option of checking no if you want to save your passwords.
Please download the ATF-Cleaner by Atribune.
Instructions:
  • Double-click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch (Windows XP) only
    • Java Cache
  • The rest are optional - if you want to remove them all, check Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
If you use the Firefox browser:
  • Click Firefox at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use the Opera browser:
  • Click Opera at the top and choose: Select All.
  • Click the Empty Selected button.
  • When you get the Done Cleaning message, click OK.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
If needed, Tutorial on ATF Cleaner with pictures.
Do not run it yet.

Step 7

Please disconnect from the Internet. Please close ALL browser windows (including this one).

Step 8

During the process of removing malware from your computer, there are times you may need to use specialized fix tools. Certain embedded files that are part of these specialized fix tools may be detected by your antivirus or anti-malware scanner as a RiskTool, Hacking tool, Potentially unwanted tool, a virus or a Trojan when that is not the case.
These tools have been carefully created and tested by security experts so if your antivirus or anti-malware program flags them as malware, then it is a False Positive. Antivirus scanners cannot distinguish between good and malicious use of such programs; therefore, they may alert you or even automatically remove them. In these cases, the removal of these files can have unpredictable results and unintentional results.
To avoid any problems while using a specialized fix tool, it is very important that you temporarily disable your antivirus and/or anti-malware programs before using the specialized fix tool.
When your system has been cleaned, it is important that you enable your security programs to avoid reinfection.

Please disable the following programs:

Spybot - Search and Destroy TeaTimer
  • Please disable Spybot - Search and Destroy TeaTimer, as it will prevent HijackThis from fixing the infection. You can enable it after you're clean. To disable Spybot - Search and Destroy TeaTimer:
  • Open Spybot - Search and Destroy.
  • Click Mode in the toolbar.
  • Select Advance Mode.
  • Click Tools.
  • ClickResident.
  • Uncheck the box next to Resident Tea-Timer.
  • Close Spybot - Search and Destroy.
  • Reboot your machine.
    Don't forget to restart Spybot - Search and Destroy's Teatimer when your machine is clean and undo the changes above.
  • If needed, How To Disable Spybot Search and Destroy TeaTimer.
SUPERAntiSpyware

We need to disable SUPERAntiSpyware as it may interfere with the fixes that we need to make.
  • Right click on the icon in your System Tray.
  • Click Exit
  • Make sure that the program, SUPERAntiSpyware itself, is also closed/not running.
Step 9

Uninstall the following programs (Do not worry if they are not there.)

RelevantKnowledge

To uninstall the RelevantKnowledge.
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight RelevantKnowledge, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
  • Using Windows Explorer (Windows key+e), search for the RelevantKnowledge folder. If the program folder is still there, select/highlight the RelevantKnowledge folder. DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  • Close Windows Explorer.
Step 10

Now we will address the HijackThis fixes.

Please run HijackThis and click Scan. Place checks next to the following entries (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - AppInit_DLLs: C:\Windows\system32\rlai.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Windows\system32\rlservice.exe (file missing)


Close all browsers and other windows except for HijackThis, and click Fix Checked to have HijackThis fix the entries you checked.

Step 11

Optional Fixes is the name that we use for fixes for unnecessary programs that load during startup and run in the background. These programs are not required to start automatically as you can start them manually if you need them. You would be removing the program from your startup but you would not be removing the program itself.

Your computer may be sluggish due to the many programs loading during startup and running in the background that are not necessary. Windows has a facility for starting programs at startup time. Some of these programs are required for your computer and the applications installed on it to run correctly. A good example of such a program is a virus-checking application that must always run, constantly checking for and isolating or removing files with viruses. Other such programs are not strictly required, or are optional. In some cases, you can gain significant performance enhancements by disabling the automatic startup of these programs. In many cases, the functionality offered by the programs is still available by starting the programs manually by, for example, starting the program from the Windows Start->Programs menu. Media players and instant messaging programs often fall into this category. In fact, it is common for many modern software applications, when installed, to add programs at startup that add items to the system tray or shortcut (context) menus in Windows Explorer to provide quick access to the features and functions of these applications. While they may be useful, they do increase boot time and consume system resources. It is advised that you disable these programs so that they do not take up necessary resources or slow the boot time.

Other than ScanRegistry, SystemTray, StateMgr, antivirus program entries, and firewall program entries, very few others need to load and run.

Read the articles below to see if it applies to your computer problem with being slow to respond.
Slow_Computer_Check_here_first_it_may_not_be_malware.
Help! My computer is slow! ]Help! My computer is slow![/url]
50 Tips for a Super Fast PC
4 Ways to Speed Up Your Computer's Performance
It's not always malware: How to fix the top 10 Internet Explorer issues

If you decide that you want to stop the Optional Fixes in your startup, let me know and I will give you a list with instructions. You would be removing the program from your startup but you would not be removing the program itself.

Step 12

Reboot to Safe Mode ( without networking support !). If you don’t know how to boot in Safe Mode, use this tutorial, How To Start Windows in Safe Mode.

NOTE: To avoid the risk of any of the files or folders not being found due to their having the Hidden attribute, go to My Computer (Windows key+e) Tools > Folder Options > View. Under Advanced Settings > Files and Folders > Hidden files and folders, first make sure that Show hidden files and folders has a dot in the circle before it which indicates that hidden files and folders are visible. If needed, see this tutorial, How to see hidden files in Windows.

Step 13

Using Windows Explorer, (My Computer (Windows key+e) search for the following files/folders and DELETE the following Folders indicated in BLUE. (Do not worry if they are not there):
C:\Windows\system32\rlai.dll Do not delete the system32 folder!

Step 14

Reboot to Normal Mode.

Step 15

Let’s run ATF-Cleaner to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 16

Please run HijackThis in Normal Mode and post a new HijackThis log so I can make sure that all the malware was deleted according to plan.

Please post the list of file names and locations for any files that can’t be cleaned / deleted that were reported after you completed the online scans.

Please advise me of any problems you still have.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#13 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 24 July 2008 - 11:30 PM

i shouldnt use ATF cleaner as i am running Vista, correct? and please let me know how i can stop those programs from starting up! thanks, im going to run through this now.

#14 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 AM

Posted 25 July 2008 - 01:53 PM

Sorry about that. Use CCleaner instead.

CCleaner is a tool for cleaning temporary files stored on your computer which may help improve performance.
  • Please download CCleaner
  • Starting with v1.27.260, "CCleaner" installs the "Yahoo Toolbar" as an option which IS checked by default during the installation. IF you do NOT want it, REMOVE the check when provided with the option OR download the toolbar free Basic version instead of the Standard Build.
  • Unzip the file to install.
  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours.
  • Select the items you wish to clean up.
    • In the Windows Tab:
      • Clean all entries in the Internet Explorer section except Cookies.
      • Clean all the entries in the Windows Explorer section.
      • Clean all entries in the System section.
      • Clean all entries in the Advanced section.
      • Clean any others that you choose.
    • In the Applications Tab:
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK. CCleaner will scan and clean your system.
  • Click Exit when done.
CAUTION: Please use the "Issues" button ONLY if you know how to use it. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

Edited by suebaby41, 25 July 2008 - 03:27 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#15 Dubsman35

Dubsman35
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 25 July 2008 - 02:03 PM

i use CC cleaner regularly, so i know how to use it. now as for starup programs, what should i block from starting up when my computer does, and how?

also, there was no relevantknowledge under add and remove programs, and there was no folder either

also, i can't find C:\Windows\system32\rlai.dll. it might have already gotten deleted when i tried to clean some stuff up. does it show that its there in the log?

Edited by Dubsman35, 25 July 2008 - 03:27 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users