Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chao.exe And Chao9ow.dll Problems


  • This topic is locked This topic is locked
8 replies to this topic

#1 Saladin81

Saladin81

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 29 June 2008 - 01:57 PM

Every time I reboot Avast tells me i'm infected with the Chao.exe and Chao9ow.dll files. No matter what i've done I cannot seem to remove them from my system. The Kaspersky report lists one of the two that keep showing up.

Deckard's System Scanner v20071014.68
Run by Steven on 2008-06-29 13:43:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-29 18:43:39 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Steven.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:49 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Steven\LOCALS~1\Temp\bwgo0000a2b8.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Steven\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steven.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\system32\91.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS3\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS4\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS5\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS6\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O18 - Protocol: bw+0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

--
End of file - 21673 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\ivicd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 iviudf - c:\windows\system32\drivers\iviudf.sys <Not Verified; InterVideo; UDF File System Driver>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 WINIO - d:\winio.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2008-06-28 20:40:42 396 --a------ C:\WINDOWS\Tasks\Schedule Task Weekly.job
2008-06-28 20:11:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-29 13:44:40 0 d-------- C:\Program Files\Trend Micro
2008-06-29 04:31:06 0 d-------- C:\WINDOWS\pss
2008-06-28 22:06:30 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-28 20:40:35 0 d-------- C:\Program Files\Registry Easy
2008-06-13 14:19:33 0 d-------- C:\temp_dvd


-- Find3M Report ---------------------------------------------------------------

2008-06-29 04:30:06 0 d-------- C:\Program Files\mIRC
2008-06-28 05:43:53 0 d-------- C:\Documents and Settings\Steven\Application Data\BitTorrent
2008-06-27 02:12:18 0 d-------- C:\Program Files\Dvd-cloner
2008-06-14 19:29:59 0 d-------- C:\Program Files\World of Warcraft
2008-06-01 11:59:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-27 11:05:48 0 d-------- C:\Program Files\Warcraft III
2008-05-26 21:34:01 0 d-------- C:\Documents and Settings\Steven\Application Data\teamspeak2
2008-05-26 21:33:53 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-25 18:55:55 63204 --a------ C:\WINDOWS\War3Unin.dat
2008-05-25 16:58:22 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-25 16:58:22 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-24 09:27:40 0 d-------- C:\Documents and Settings\Steven\Application Data\OpenOffice.org2
2008-04-30 09:08:45 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-29 10:10:48 40 --a----c- C:\Program Files\Common Files\appop.log
2008-04-29 10:10:28 0 d-------- C:\Program Files\InterVideo
2008-04-29 10:09:29 0 d-------- C:\Program Files\Eidos
2008-04-29 10:04:25 0 d-------- C:\Documents and Settings\Steven\Application Data\Uniblue


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [04/29/2005 07:22 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/23/2005 12:25 AM C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [04/14/2005 10:01 PM C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 04:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [01/21/2005 03:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [06/10/2002 03:21 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [06/20/2002 01:26 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [06/20/2002 01:25 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [01/13/2006 07:20 PM]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [11/02/2005 10:56 AM]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [11/02/2005 10:42 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"winlogon"="C:\WINDOWS\system32\91.exe" [03/16/2008 07:26 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2006 11:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"WebCamRT.exe"="" []
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00715886-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Steven\LOCALS~1\Temp\Chao9ow.dll [ ]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\OblivionLauncher.exe




-- End of Deckard's System Scanner: finished at 2008-06-29 13:45:28 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 2047.48 MiB / 1438.91 MiB
Pagefile Memory (total/avail): 3429.72 MiB / 3010.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.07 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 233.75 GiB total, 96.83 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500YD-01NVB1 - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.75 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080629-0] v4.8.1201 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\DrakkarZone\\DrakkarLobby.exe"="C:\\Program Files\\DrakkarZone\\DrakkarLobby.exe:*:Enabled:Drakkar Lobby"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steamapps\\salah81\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\salah81\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\KnightOnline\\Launcher.exe"="C:\\Program Files\\KnightOnline\\Launcher.exe:*:Enabled:Knight OnLine"
"C:\\Program Files\\Steam\\steamapps\\salah81\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\salah81\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"="C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Steve\\ZSNES\\zsnesw.exe"="C:\\Steve\\ZSNES\\zsnesw.exe:*:Enabled:zsnesw"
"C:\\Steve\\Nesticle\\VirtuaNES\\VirtuaNES.exe"="C:\\Steve\\Nesticle\\VirtuaNES\\VirtuaNES.exe:*:Enabled:VirtuaNES NES emulator for Win32"
"C:\\Program Files\\Steam\\steamapps\\salah81\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\salah81\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Steven\\Local Settings\\Temporary Internet Files\\Content.IE5\\L8YN81AZ\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Steven\\Local Settings\\Temporary Internet Files\\Content.IE5\\L8YN81AZ\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft (2)\\Uninstall.exe"="C:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft (2)\\Uninstall.exe:*:Enabled:World of Warcraft - Uninstall"
"C:\\Program Files\\Adobe\\Acrobat 4.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 4.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 4.0"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steven\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THEBASEMENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steven
LOGONSERVER=\\THEBASEMENT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steven\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steven\LOCALS~1\Temp
USERDOMAIN=THEBASEMENT
USERNAME=Steven
USERPROFILE=C:\Documents and Settings\Steven
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Steven (admin)
LuAnn
Donald


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
--> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
530TX+ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.01.12 --> MsiExec.exe /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BioShock --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe" -l0x9 -removeonly
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Black & White® 2 Battle of the Gods --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10631C28-62E5-477C-9B40-40C5EA8219BE}\setup.exe" -l0x9 -removeonly
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
DING! --> MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DrakkarZone --> C:\Program Files\DrakkarZone\\DrakkarLobby.exe --uinstall
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD-CLONER V4.60 Build 923 --> "C:\Program Files\Dvd-cloner\unins000.exe"
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go.com/s/flblm/07/livedraft/jws-check.jarjnlp"
Europa Universalis III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\setup.exe" -l0x9
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 5700 --> msiexec /x{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
InterVideo Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AEEE6D6-C95D-465A-B8D3-B7AE2FA7B8B4}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech G-series Keyboard Software --> MsiExec.exe /X{2FB418AB-562D-43B4-BA0D-9282AAD8C207}
Logitech ImageStudio --> MsiExec.exe /I{40AB54C3-DD4B-467A-847E-162035CD252C}
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Medieval II - Retrofit Mod version 1.0 --> "C:\Program Files\SEGA\Medieval II Total War\mods\retrofit\unins000.exe"
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Americas --> C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia --> C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades --> C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic --> C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Prey --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RCA SMV Video Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03FB0ED6-F37C-49A9-BBC5-AAE30E111E4C}\setup.exe" -l0x9 -remove
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Shogun Total War --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Shogun - Total War\Uninst.isu"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Soldat 1.3.1 --> c:\Soldat\unins000.exe
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VMware Workstation --> MsiExec.exe /I{98D1A713-438C-4A23-8AB6-41B37C4A2D47}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3308 / Warning
Event Submitted/Written: 06/29/2008 04:45:40 AM / 06/29/2008 04:45:41 AM
Event ID/Source: 15211 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'THOMSON , OPAL , 3.120.100 %OUT_PAD:128%' requires that packets that are divisible by 128 be padded so that they are full USB packets ((5)).

Event Record #/Type3277 / Warning
Event Submitted/Written: 06/29/2008 04:41:43 AM
Event ID/Source: 15211 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'THOMSON , OPAL , 3.120.100 %OUT_PAD:128%' requires that packets that are divisible by 128 be padded so that they are full USB packets ((5)).

Event Record #/Type3273 / Warning
Event Submitted/Written: 06/29/2008 04:41:15 AM / 06/29/2008 04:41:36 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type3236 / Warning
Event Submitted/Written: 06/29/2008 01:33:02 AM
Event ID/Source: 15211 / WPDMTPDriver
Event Description:
MTP Protocol Driver has detected that the device 'THOMSON , OPAL , 3.120.100 %OUT_PAD:128%' requires that packets that are divisible by 128 be padded so that they are full USB packets ((5)).

Event Record #/Type3235 / Warning
Event Submitted/Written: 06/29/2008 01:32:36 AM / 06/29/2008 01:32:53 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-06-29 13:45:28 ------------

Sunday, June 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 29, 2008 10:42:21
Records in database: 896865
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 139644
Threat name 3
Infected objects 32
Suspicious objects 0
Duration of the scan 05:10:50

File name Threat name Threats count
C:\Documents and Settings\Steven\Local Settings\Temporary Internet Files\Content.IE5\YNZ2S98Z\asd[1].exe Infected: Trojan-PSW.Win32.OnLineGames.alfn 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\WINDOWS\system32\125.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\135.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\23.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\37.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\38.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\42.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\45.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\47.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\48.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\50.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\52.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\53.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\55.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\60.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\61.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\67.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\74.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\79.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\81.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\83.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\84.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\86.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\87.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\89.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\90.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\91.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\93.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\97.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\99.exe Infected: not-a-virus:AdTool.Win32.VB.a 1
C:\WINDOWS\system32\a.exe Infected: not-a-virus:AdTool.Win32.VB.a 1

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:21 PM

Posted 21 July 2008 - 10:21 AM

Hello, Saladin81.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Saladin81

Saladin81
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 25 July 2008 - 03:36 AM

Thanks in advance for any help you can give me, Billy. If you need me to reboot then run the scanner let me know. That's when the problem occurs after all.

Deckard's System Scanner v20071014.68
Run by Steven on 2008-07-25 03:27:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-07-25 08:27:41 UTC - RP38 - Deckard's System Scanner Restore Point
37: 2008-07-25 04:59:30 UTC - RP37 - System Checkpoint
36: 2008-07-24 03:59:28 UTC - RP36 - System Checkpoint
35: 2008-07-23 02:59:31 UTC - RP35 - System Checkpoint
34: 2008-07-22 02:35:58 UTC - RP34 - System Checkpoint


-- First Restore Point --
1: 2008-06-29 18:43:39 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Steven.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:52 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\Steven\LOCALS~1\Temp\bwgo0000a4db.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Steven\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steven.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\system32\64.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS3\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS4\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS5\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS6\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O18 - Protocol: bw+0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

--
End of file - 21626 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ASInsHelp - c:\windows\system32\drivers\asinshelp32.sys

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 WINIO - d:\winio.sys (file missing)
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer: Marvell
Name: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1F09082D&0&01
Service: NVENETFD


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1776)
2006-11-21 12:00:00 5120 --a------ C:\Program Files\WinZip\WZSHLSTB.DLL <Not Verified; WinZip Computing LP; WinZip>
2007-05-22 10:59:22 128512 --a------ C:\Program Files\WinRAR\RarExt.dll
2006-11-06 03:26:50 204800 --a------ C:\Program Files\PowerISO\PWRISOSH.DLL <Not Verified; PowerISO Computing, Inc.; PowerISO Shell Dynamic Link Library>
2007-11-01 19:09:06 335872 --a------ C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll <Not Verified; Sun Microsystems, Inc.; >
2007-08-17 20:54:42 98304 --a------ C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll <Not Verified; Sun Microsystems, Inc.; >
2007-08-08 18:04:26 577536 --a------ C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll <Not Verified; STLport Consulting, Inc.; STLport Standard ANSI C++ Libarary>
2002-04-03 15:37:40 290816 --a------ C:\WINDOWS\system32\l3codeca.acm <Not Verified; Fraunhofer Institut Integrierte Schaltungen IIS; MPEG Layer-3 Audio Codec for MSACM>
2008-01-20 01:06:03 34064 --a------ C:\WINDOWS\system32\lhacm.acm <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2003-07-16 15:24:24 14366 --a------ C:\WINDOWS\system32\asfsipc.dll <Not Verified; Microsoft Corporation; Microsoft ® DRM>


-- Scheduled Tasks -------------------------------------------------------------

2008-07-19 20:11:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-07-19 12:00:00 396 --a------ C:\WINDOWS\Tasks\Schedule Task Weekly.job


-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-23 01:59:45 4141056 --a------ C:\WINDOWS\eyeQ Screen Saver.scr
2008-07-23 01:59:31 0 d-------- C:\Program Files\Infinite Mind LC
2008-07-16 13:48:26 0 d-------- C:\Program Files\Common Files\Java
2008-07-13 23:29:52 0 d-------- C:\Documents and Settings\Steven\Application Data\Winamp
2008-06-29 13:44:40 0 d-------- C:\Program Files\Trend Micro
2008-06-29 04:31:06 0 d-------- C:\WINDOWS\pss
2008-06-28 22:06:30 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-28 20:40:35 0 d-------- C:\Program Files\Registry Easy


-- Find3M Report ---------------------------------------------------------------

2008-07-25 03:25:34 0 d-------- C:\Program Files\Trillian
2008-07-23 01:59:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 04:53:30 0 d-------- C:\Documents and Settings\Steven\Application Data\BitTorrent
2008-07-19 20:29:34 0 d-------- C:\Program Files\Dvd-cloner
2008-07-18 00:43:56 0 d-------- C:\Program Files\World of Warcraft
2008-07-16 13:50:14 0 d-------- C:\Program Files\Java
2008-07-16 13:48:26 0 d-------- C:\Program Files\Common Files
2008-07-16 13:21:29 0 d-------- C:\Program Files\Viewpoint
2008-07-16 13:20:29 21 --a----c- C:\Program Files\Common Files\appop.log
2008-07-16 13:15:13 0 d-------- C:\Program Files\InterVideo
2008-07-16 01:28:24 0 d-------- C:\Program Files\mIRC
2008-07-13 23:41:07 0 d-------- C:\Program Files\Winamp
2008-05-27 11:05:48 0 d-------- C:\Program Files\Warcraft III
2008-05-26 21:34:01 0 d-------- C:\Documents and Settings\Steven\Application Data\teamspeak2
2008-05-26 21:33:53 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-25 18:55:55 63204 --a------ C:\WINDOWS\War3Unin.dat
2008-05-25 16:58:22 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-25 16:58:22 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-30 09:08:45 1160 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [04/29/2005 07:22 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/23/2005 12:25 AM C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [04/14/2005 10:01 PM C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 04:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [06/10/2002 03:21 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [06/20/2002 01:26 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [06/20/2002 01:25 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [01/13/2006 07:20 PM]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [11/02/2005 10:56 AM]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [11/02/2005 10:42 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"winlogon"="C:\WINDOWS\system32\64.exe" [03/16/2008 07:26 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2006 11:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"WebCamRT.exe"="" []
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [7/23/2008 1:59:31 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00715886-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Steven\LOCALS~1\Temp\Chao9ow.dll [ ]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\OblivionLauncher.exe




-- End of Deckard's System Scanner: finished at 2008-07-25 03:28:54 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2047.48 MiB / 1307.84 MiB
Pagefile Memory (total/avail): 3429.69 MiB / 2876.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1897.86 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 233.75 GiB total, 96.31 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500YD-01NVB1 - 233.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 233.75 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: NVIDIA Firewall v1.0 (NVIDIA Corporation) Disabled
AV: avast! antivirus 4.8.1201 [VPS 080725-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\DrakkarZone\\DrakkarLobby.exe"="C:\\Program Files\\DrakkarZone\\DrakkarLobby.exe:*:Enabled:Drakkar Lobby"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steamapps\\salah81\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\salah81\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\KnightOnline\\Launcher.exe"="C:\\Program Files\\KnightOnline\\Launcher.exe:*:Enabled:Knight OnLine"
"C:\\Program Files\\Steam\\steamapps\\salah81\\team fortress classic\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\salah81\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"="C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BYOND\\bin\\byond.exe"="C:\\Program Files\\BYOND\\bin\\byond.exe:*:Enabled:byond"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Steve\\ZSNES\\zsnesw.exe"="C:\\Steve\\ZSNES\\zsnesw.exe:*:Enabled:zsnesw"
"C:\\Steve\\Nesticle\\VirtuaNES\\VirtuaNES.exe"="C:\\Steve\\Nesticle\\VirtuaNES\\VirtuaNES.exe:*:Enabled:VirtuaNES NES emulator for Win32"
"C:\\Program Files\\Steam\\steamapps\\salah81\\half-life\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\salah81\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Documents and Settings\\Steven\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Steven\\Local Settings\\Temporary Internet Files\\Content.IE5\\L8YN81AZ\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Steven\\Local Settings\\Temporary Internet Files\\Content.IE5\\L8YN81AZ\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas"
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"="C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\World of Warcraft\\Launcher.exe"="C:\\Program Files\\World of Warcraft\\Launcher.exe:*:Enabled:World of Warcraft"
"C:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft (2)\\Uninstall.exe"="C:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft (2)\\Uninstall.exe:*:Enabled:World of Warcraft - Uninstall"
"C:\\Program Files\\Adobe\\Acrobat 4.0\\Reader\\AcroRd32.exe"="C:\\Program Files\\Adobe\\Acrobat 4.0\\Reader\\AcroRd32.exe:*:Enabled:Acrobat Reader 4.0"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steven\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THEBASEMENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steven
LOGONSERVER=\\THEBASEMENT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steven\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steven\LOCALS~1\Temp
USERDOMAIN=THEBASEMENT
USERNAME=Steven
USERPROFILE=C:\Documents and Settings\Steven
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Steven (admin)
LuAnn
Donald


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
530TX+ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v7.01.12 --> MsiExec.exe /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{967D588C-9B96-40C9-A222-DCD6922563CA}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BioShock --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe" -l0x9 -removeonly
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Black & White® 2 Battle of the Gods --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10631C28-62E5-477C-9B40-40C5EA8219BE}\setup.exe" -l0x9 -removeonly
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
DING! --> MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DrakkarZone --> C:\Program Files\DrakkarZone\\DrakkarLobby.exe --uinstall
Dual-Core Optimizer --> MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD-CLONER V4.60 Build 923 --> "C:\Program Files\Dvd-cloner\unins000.exe"
ESPN Java Check --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://games.espn.go.com/s/flblm/07/livedraft/jws-check.jarjnlp"
Europa Universalis III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\setup.exe" -l0x9
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
eyeQ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B33CD700-6738-11D4-87FE-0080C6F974A2}\setup.exe" -l0x9 -uninst
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 5700 --> msiexec /x{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech G-series Keyboard Software --> MsiExec.exe /X{2FB418AB-562D-43B4-BA0D-9282AAD8C207}
Logitech ImageStudio --> MsiExec.exe /I{40AB54C3-DD4B-467A-847E-162035CD252C}
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Medieval II - Retrofit Mod version 1.0 --> "C:\Program Files\SEGA\Medieval II Total War\mods\retrofit\unins000.exe"
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Americas --> C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia --> C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades --> C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic --> C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RCA SMV Video Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03FB0ED6-F37C-49A9-BBC5-AAE30E111E4C}\setup.exe" -l0x9 -remove
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Documents and Settings\Steven\Application Data\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
Soldat 1.3.1 --> c:\Soldat\unins000.exe
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Tom Clancy's Rainbow Six Vegas --> C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\setup.exe -runfromtemp -l0x0009 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4297 / Error
Event Submitted/Written: 07/16/2008 00:38:09 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 133970671.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type4296 / Error
Event Submitted/Written: 07/15/2008 07:34:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hpcmpmgr.exe, version 2.1.1.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [hpcmpmgr.exe!ws!]

Event Record #/Type4295 / Error
Event Submitted/Written: 07/15/2008 01:30:14 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.62306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4294 / Error
Event Submitted/Written: 07/13/2008 11:19:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.3.1938, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [winamp.exe!ws!]

Event Record #/Type4293 / Error
Event Submitted/Written: 07/13/2008 11:18:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winamp.exe, version 5.5.3.1938, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [winamp.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6482 / Error
Event Submitted/Written: 07/25/2008 03:22:53 AM
Event ID/Source: 15301 / WPDMTPDriver
Event Description:
MTP USB Driver has detected that the device has failed to respond to the operation 0x9805 in 5 minutes, which resulted in an attempt to cancel the operation. Error 0x802a0006.

Event Record #/Type6481 / Error
Event Submitted/Written: 07/25/2008 03:17:53 AM
Event ID/Source: 15301 / WPDMTPDriver
Event Description:
MTP USB Driver has detected that the device has failed to respond to the operation 0x9805 in 5 minutes, which resulted in an attempt to cancel the operation. Error 0x802a0006.

Event Record #/Type6477 / Error
Event Submitted/Written: 07/24/2008 01:46:48 AM
Event ID/Source: 15301 / WPDMTPDriver
Event Description:
MTP USB Driver has detected that the device has failed to respond to the operation 0x9805 in 5 minutes, which resulted in an attempt to cancel the operation. Error 0x802a0006.

Event Record #/Type6476 / Error
Event Submitted/Written: 07/24/2008 01:41:48 AM
Event ID/Source: 15301 / WPDMTPDriver
Event Description:
MTP USB Driver has detected that the device has failed to respond to the operation 0x9805 in 5 minutes, which resulted in an attempt to cancel the operation. Error 0x802a0006.

Event Record #/Type6475 / Error
Event Submitted/Written: 07/24/2008 01:36:48 AM
Event ID/Source: 15301 / WPDMTPDriver
Event Description:
MTP USB Driver has detected that the device has failed to respond to the operation 0x9805 in 5 minutes, which resulted in an attempt to cancel the operation. Error 0x802a0006.



-- End of Deckard's System Scanner: finished at 2008-07-25 03:28:54 ------------

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:21 PM

Posted 25 July 2008 - 09:09 AM

Hello, Saladin81. :thumbsup:
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

You appear to have a Registry Cleaner installed!
The following is referring to Eusing Free Registry Cleaner
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

Please let me know if you wish to continue to clean this machine!!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Saladin81

Saladin81
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 26 July 2008 - 08:14 PM

I believe that this machine can be cleaned to the point that I need it to be. It is my firm belief that the suspect trojans specifically target my World of Warcraft gaming experience. I have already suffered firsthand at their expense, and this was when there was far more valuable targets on my computer. That being said I would prefer to try and fix my computer as it is instead of fully reformatting or other drastic measures. If this does not work then I shall take your advice and fully reformat, but until then I would prefer to exhaust other options. Thanks in advance for all your help.

Edited by Saladin81, 26 July 2008 - 08:16 PM.


#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:21 PM

Posted 28 July 2008 - 08:27 AM

Hello, Saladin81.
We need to move some files
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\64.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogon
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt2's Log
  • ESET OnlineScan's Log
  • A new DSS Main.txt

Billy3

Edited by Billy O'Neal, 28 July 2008 - 08:28 AM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Saladin81

Saladin81
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 30 July 2008 - 12:58 PM

Thanks again for all your help. This means a lot to me.

C:\WINDOWS\system32\64.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogon >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winlogon deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07302008_005030


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3308 (20080729)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=f852efade73a10468e716460c361d36e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-07-30 07:56:32
# local_time=2008-07-30 02:56:32 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=562104
# found=39
# scan_time=6869
C:\WINDOWS\system32\108.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\118.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\125.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\135.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\19.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\23.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\36.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\37.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\38.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\39.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\40.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\42.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\45.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\47.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\48.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\50.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\52.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\53.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\55.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\60.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\61.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\67.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\72.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\74.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\79.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\81.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\83.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\84.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\86.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\87.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\89.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\90.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\91.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\93.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\95.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\97.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\99.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\a.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\07302008_005030\WINDOWS\system32\64.exe probably unknown NewHeur_PE virus (unable to clean - deleted) 00000000000000000000000000000000


Deckard's System Scanner v20071014.68
Run by Steven on 2008-07-30 12:56:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Steven.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:06 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\DOCUME~1\Steven\LOCALS~1\Temp\bwgo0000ae70.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Steven\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Steven.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS3\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS4\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS5\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O17 - HKLM\System\CS6\Services\Tcpip\..\{04C0AB14-0E50-45F6-BDAA-77E3403748CA}: NameServer = 207.69.188.186,207.69.188.185
O18 - Protocol: bw+0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {BEA32128-DFCC-4819-A940-F117EBEA5018} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

--
End of file - 21773 bytes

-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 00:54:31 0 d-------- C:\Program Files\EsetOnlineScanner
2008-07-23 01:59:45 4141056 --a------ C:\WINDOWS\eyeQ Screen Saver.scr
2008-07-23 01:59:31 0 d-------- C:\Program Files\Infinite Mind LC
2008-07-16 13:48:26 0 d-------- C:\Program Files\Common Files\Java
2008-07-13 23:29:52 0 d-------- C:\Documents and Settings\Steven\Application Data\Winamp


-- Find3M Report ---------------------------------------------------------------

2008-07-27 20:15:09 0 d-------- C:\Documents and Settings\Steven\Application Data\OpenOffice.org2
2008-07-25 03:25:34 0 d-------- C:\Program Files\Trillian
2008-07-23 01:59:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 04:53:30 0 d-------- C:\Documents and Settings\Steven\Application Data\BitTorrent
2008-07-19 20:29:34 0 d-------- C:\Program Files\Dvd-cloner
2008-07-18 00:43:56 0 d-------- C:\Program Files\World of Warcraft
2008-07-16 13:50:14 0 d-------- C:\Program Files\Java
2008-07-16 13:48:26 0 d-------- C:\Program Files\Common Files
2008-07-16 13:21:29 0 d-------- C:\Program Files\Viewpoint
2008-07-16 13:20:29 21 --a----c- C:\Program Files\Common Files\appop.log
2008-07-16 13:15:13 0 d-------- C:\Program Files\InterVideo
2008-07-16 01:28:24 0 d-------- C:\Program Files\mIRC
2008-07-13 23:41:07 0 d-------- C:\Program Files\Winamp
2008-06-29 13:44:40 0 d-------- C:\Program Files\Trend Micro
2008-06-28 22:16:56 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-06-28 22:05:19 0 d-------- C:\Program Files\Registry Easy
2008-05-25 18:55:55 63204 --a------ C:\WINDOWS\War3Unin.dat
2008-05-25 16:58:22 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-25 16:58:22 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-04-30 09:08:45 1160 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [04/29/2005 07:22 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [07/23/2005 12:25 AM C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [04/14/2005 10:01 PM C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 09:38 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [01/12/2005 04:01 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [06/10/2002 03:21 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [06/20/2002 01:26 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [06/20/2002 01:25 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 09:38 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [01/13/2006 07:20 PM]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [11/02/2005 10:56 AM]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [11/02/2005 10:42 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/17/2005 12:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2006 11:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"WebCamRT.exe"="" []
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MiniEYE-MiniREAD Launch.lnk - C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe [7/23/2008 1:59:31 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{00715886-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Steven\LOCALS~1\Temp\Chao9ow.dll [ ]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\OblivionLauncher.exe




-- End of Deckard's System Scanner: finished at 2008-07-30 12:56:23 ------------

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:21 PM

Posted 31 July 2008 - 08:20 AM

Hello, Saladin81.

Glad I'm able to help :wink:

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Please let me know of any problems you may have encountered.

You now appear to be clean. Congratulations!

We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "a backdoor trojan"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :)
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :)
  • You appear to have no outbound firewall.
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers. I therefore strongly recommend that you install Comodo Firewall, which is free.
    See Bleeping computer’s excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection level. It may also seriously impair the performance of your PC.
    :spacer:
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :)
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:21 PM

Posted 02 August 2008 - 11:29 PM

Hello, Saladin81.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users