Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With A Redirect/jump Virus


  • Please log in to reply
13 replies to this topic

#1 spinblackscircle

spinblackscircle

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 24 August 2008 - 10:23 AM

This virus has been on my computer for the last few days.

Here's my HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:00 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/uvalib/support/...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111505473406
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = virginia.edu
O17 - HKLM\Software\..\Telephony: DomainName = virginia.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = virginia.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = virginia.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = virginia.edu
O18 - Protocol: bw+0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: offline-8876480 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - {b4541b54-f594-45a1-a4e3-fe35b950d255} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: dbapi - {60419F4E-6F19-36F2-40D0-00AFC0C0C125} - C:\Program Files\jcyzzyc\dbapi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ System Application COMSysAppSwPrv (COMSysAppSwPrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL HTTPFilteraspnet_state (HTTPFilteraspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Workstation lanmanworkstationSENS (lanmanworkstationSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Machine Debug Manager MDMSCardSvr (MDMSCardSvr) - Unknown owner - C:\WINDOWS\
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICCONFIGSVC NICCONFIGSVCPACSPTISVR (NICCONFIGSVCPACSPTISVR) - Unknown owner - C:\WINDOWS\
O23 - Service: Network Location Awareness (NLA) NlaBITS (NlaBITS) - Unknown owner - 8Û .exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pml Driver HPZ12 PmlCryptSvc (PmlCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 PmlSamSs (PmlSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Connection Manager RasManWmiApSrv (RasManWmiApSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spectrum24 Event Monitor S24EventMonitorlanmanworkstation (S24EventMonitorlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card SCardSvrNetDDE (SCardSvrNetDDE) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Telephony TapiSrvRemoteRegistry (TapiSrvRemoteRegistry) - Unknown owner - C:\WINDOWS\
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 24228 bytes

Thanks for any assisstance that can be given!

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 24 August 2008 - 11:53 AM

Hello spinblackscircle

Welcome to BleepingComputer :thumbsup:
========================
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 spinblackscircle

spinblackscircle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 24 August 2008 - 12:11 PM

Thanks for the help. Here is the OTViewIt report:

OTViewIt logfile created on: 8/24/2008 1:05:10 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.8 Folder = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GYDO4SFA
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 68.32 Mb Available Physical Memory | 13.36% Memory free
1.22 Gb Paging File | 0.74 Gb Available in Paging File | 60.71% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.79 Gb Total Space | 23.20 Gb Free Space | 41.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJGL3P71
Current User Name: Student
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/11/2005 02:16 PM | 00,405,504 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[09/07/2004 06:02 PM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[09/07/2004 06:05 PM | 00,360,521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[09/07/2004 06:12 PM | 00,225,353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[06/02/2005 10:21 AM | 00,161,392 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[06/02/2005 10:21 AM | 00,185,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[09/07/2004 06:08 PM | 00,389,120 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[01/11/2005 02:16 PM | 00,405,504 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe
[09/07/2004 06:03 PM | 00,245,760 | ---- | M] (Intel) - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[09/13/2004 06:33 PM | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\Apoint.exe
[11/10/2004 01:54 PM | 00,598,016 | ---- | M] () - C:\Program Files\Dell\QuickSet\quickset.exe
[04/26/2004 10:04 AM | 00,053,248 | ---- | M] (CyberLink Corp.) - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[08/13/2004 03:05 AM | 00,122,939 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfswctrl.exe
[08/03/2005 01:47 AM | 02,966,528 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[08/19/2004 04:40 PM | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\ApntEx.exe
[12/17/2003 09:50 AM | 00,037,888 | ---- | M] (Logitech Inc.) - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[04/01/2004 08:05 PM | 00,077,824 | ---- | M] (Broadcom Corp.) - C:\WINDOWS\system32\BAsfIpM.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[06/23/2005 08:27 PM | 00,019,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec AntiVirus\DefWatch.exe
[11/11/2004 08:18 PM | 00,356,352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
[09/29/2004 12:14 PM | 00,069,632 | ---- | M] (HP) - C:\WINDOWS\system32\HPZipm12.exe
[09/07/2004 06:02 PM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[08/03/2005 01:47 AM | 01,700,864 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
[06/23/2005 08:27 PM | 01,715,904 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[10/29/2003 05:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Program Files\Digital Line Detect\DLG.exe
[11/04/2004 07:28 PM | 00,258,048 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[11/04/2004 07:36 PM | 00,425,984 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
[08/24/2008 01:03 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GYDO4SFA\OTViewIt[1].exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Ati HotKey Poller) Ati HotKey Poller [Auto | Running]
[01/11/2005 02:16 PM | 00,405,504 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(BAsfIpM) Broadcom ASF IP monitoring service v6.0.4 [Auto | Running]
[04/01/2004 08:05 PM | 00,077,824 | ---- | M] (Broadcom Corp.) - C:\WINDOWS\system32\BAsfIpM.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[06/02/2005 10:21 AM | 00,185,968 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped]
[06/02/2005 10:21 AM | 00,083,568 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[06/02/2005 10:21 AM | 00,161,392 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

(COMSysAppSwPrv) COM+ System Application COMSysAppSwPrv [Auto | Stopped]
File not found -

(DefWatch) Symantec AntiVirus Definition Watcher [Auto | Running]
[06/23/2005 08:27 PM | 00,019,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec AntiVirus\DefWatch.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 07:00 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(EvtEng) EvtEng [Auto | Running]
[09/07/2004 06:02 PM | 00,086,016 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[01/23/2007 07:08 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HTTPFilteraspnet_state) HTTP SSL HTTPFilteraspnet_state [Auto | Stopped]
File not found -

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[11/14/2005 01:06 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(lanmanworkstationSENS) Workstation lanmanworkstationSENS [Auto | Stopped]
File not found -

(MDMSCardSvr) Machine Debug Manager MDMSCardSvr [Auto | Stopped]
File not found -

(MSCSPTISRV) MSCSPTISRV [On_Demand | Stopped]
[12/14/2006 02:21 AM | 00,045,056 | ---- | M] (Sony Corporation) - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

(NICCONFIGSVC) NICCONFIGSVC [Auto | Running]
[11/11/2004 08:18 PM | 00,356,352 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe

(NICCONFIGSVCPACSPTISVR) NICCONFIGSVC NICCONFIGSVCPACSPTISVR [Auto | Stopped]
File not found -

(NlaBITS) Network Location Awareness (NLA) NlaBITS [Auto | Stopped]
File not found -

(PACSPTISVR) PACSPTISVR [On_Demand | Stopped]
[12/14/2006 01:46 AM | 00,057,344 | ---- | M] () - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running]
[09/29/2004 12:14 PM | 00,069,632 | ---- | M] (HP) - C:\WINDOWS\system32\HPZipm12.exe

(PmlCryptSvc) Pml Driver HPZ12 PmlCryptSvc [Auto | Stopped]
File not found -

(PmlSamSs) Pml Driver HPZ12 PmlSamSs [Auto | Stopped]
File not found -

(RasManWmiApSrv) Remote Access Connection Manager RasManWmiApSrv [Auto | Stopped]
File not found -

(RegSrvc) RegSrvc [Auto | Running]
[09/07/2004 06:02 PM | 00,139,264 | ---- | M] (Intel Corporation) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

(S24EventMonitor) Spectrum24 Event Monitor [Auto | Running]
[09/07/2004 06:05 PM | 00,360,521 | ---- | M] (Intel Corporation ) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

(S24EventMonitorlanmanworkstation) Spectrum24 Event Monitor S24EventMonitorlanmanworkstation [Auto | Stopped]
File not found -

(SavRoam) SavRoam [On_Demand | Stopped]
[06/23/2005 08:27 PM | 00,124,608 | ---- | M] (symantec) - C:\Program Files\Symantec AntiVirus\SavRoam.exe

(SCardSvrNetDDE) Smart Card SCardSvrNetDDE [Auto | Stopped]
File not found -

(SNDSrvc) Symantec Network Drivers Service [On_Demand | Stopped]
[04/22/2005 01:03 PM | 00,206,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

(SPBBCSvc) Symantec SPBBCSvc [On_Demand | Stopped]
[03/30/2005 10:48 PM | 00,992,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

(SPTISRV) Sony SPTI Service [On_Demand | Stopped]
[12/14/2006 02:02 AM | 00,069,632 | ---- | M] (Sony Corporation) - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

(svcWRSSSDK) Webroot Spy Sweeper Engine [Auto | Running]
[08/03/2005 01:47 AM | 01,700,864 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

(Symantec AntiVirus) Symantec AntiVirus [Auto | Running]
[06/23/2005 08:27 PM | 01,715,904 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

(TapiSrvRemoteRegistry) Telephony TapiSrvRemoteRegistry [Auto | Stopped]
File not found -

(WLANKEEPER) WLANKEEPER [Auto | Running]
[09/07/2004 06:12 PM | 00,225,353 | ---- | M] (Intel® Corporation) - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

===== Driver Services - Non-Microsoft Only =====

(2689541e-5878-467b-a800-a39ece16023b) 2689541e-5878-467b-a800-a39ece16023b [On_Demand | Stopped]
File not found - D:\CDS300\cds300.dll

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Auto | Running]
[03/14/2005 12:13 PM | 00,017,056 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\drivers\AegisP.sys

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 03:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[08/04/2004 01:07 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\AMDAGP.SYS

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [On_Demand | Running]
[11/16/2004 06:03 PM | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(APPDRV) APPDRV [System | Running]
[08/18/2004 04:53 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(asc) asc [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 03:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(ati2mtag) ati2mtag [On_Demand | Running]
[01/11/2005 02:18 PM | 00,800,768 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(b57w2k) Broadcom NetXtreme 57xx Gigabit Controller [On_Demand | Running]
[09/03/2004 07:23 PM | 00,121,472 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\b57xp32.sys

(BASFND) BASFND [Auto | Running]
[04/24/2003 06:21 PM | 00,006,025 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BASFND.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 03:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(dmboot) dmboot [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[08/04/2004 07:00 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(drvmcdb) drvmcdb [Boot | Running]
[08/04/2004 05:21 AM | 00,087,136 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvmcdb.sys

(drvnddm) drvnddm [Auto | Running]
[08/13/2004 04:56 AM | 00,040,544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvnddm.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 02:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/18/2008 04:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(GTIPCI21) GTIPCI21 [On_Demand | Running]
[05/03/2004 11:26 PM | 00,080,384 | ---- | M] (Texas Instruments) - C:\WINDOWS\system32\drivers\gtipci21.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running]
[12/14/2004 12:07 PM | 00,051,120 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running]
[12/14/2004 12:07 PM | 00,016,496 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running]
[12/14/2004 12:07 PM | 00,021,744 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(HSFHWICH) HSFHWICH [On_Demand | Running]
[06/17/2004 10:57 PM | 00,200,064 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWICH.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[06/17/2004 10:55 PM | 01,041,536 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(IWCA) Intel Wireless Connection Agent Miniport for Win XP [On_Demand | Running]
[08/12/2004 10:44 AM | 00,234,496 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\iwca.sys

(LHidFlt2) Logitech HID/USB Mouse Filter Driver [On_Demand | Running]
[12/17/2003 05:50 AM | 00,025,505 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidFlt2.Sys

(LHidUsb) Logitech USB Receiver device driver [On_Demand | Running]
[12/17/2003 05:50 AM | 00,037,887 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LHidUsb.sys

(LMouFlt2) Logitech Mouse Class Filter Driver [On_Demand | Running]
[12/17/2003 05:50 AM | 00,070,801 | ---- | M] (Logitech, Inc.) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys

(mdmxsdk) mdmxsdk [Auto | Running]
[03/17/2004 08:04 PM | 00,013,059 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/20/2008 04:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080820.016\naveng.sys

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/20/2008 04:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080820.016\navex15.sys

(nv) nv [On_Demand | Stopped]
[08/04/2004 12:29 AM | 01,897,408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(omci) OMCI WDM Device Driver [System | Running]
[02/13/2004 06:46 PM | 00,017,153 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\omci.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[12/06/2004 01:26 PM | 00,010,368 | R--- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[10/18/2006 02:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(s24trans) WLAN Transport [Auto | Running]
[08/31/2004 10:53 AM | 00,011,354 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\s24trans.sys

(SAVRT) SAVRT [System | Running]
[02/04/2005 09:14 PM | 00,324,232 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec AntiVirus\savrt.sys

(SAVRTPEL) SAVRTPEL [System | Running]
[02/04/2005 09:14 PM | 00,053,896 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec AntiVirus\Savrtpel.sys

(sdcplh) sdcplh [System | Running]
[07/14/2005 08:32 PM | 00,040,576 | ---- | M] () - C:\WINDOWS\system32\drivers\sdcplh.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 06:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[08/04/2004 01:07 AM | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGP.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SPBBCDrv) SPBBCDrv [On_Demand | Stopped]
[03/30/2005 10:48 PM | 00,372,832 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(sscdbhk5) sscdbhk5 [System | Running]
[07/14/2004 01:29 PM | 00,005,627 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\sscdbhk5.sys

(ssrtln) ssrtln [System | Running]
[07/14/2004 01:28 PM | 00,023,545 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\ssrtln.sys

(STAC97) SigmaTel C-Major Audio [On_Demand | Running]
[09/16/2004 02:53 AM | 00,271,704 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\STAC97.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(SymEvent) SymEvent [Disabled | Running]
[05/13/2005 08:50 PM | 00,123,488 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(SYMREDRV) SYMREDRV [On_Demand | Stopped]
[04/22/2005 01:03 PM | 00,017,976 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[04/22/2005 01:03 PM | 00,267,192 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 04:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(tfsnboio) tfsnboio [Auto | Running]
[08/13/2004 03:05 AM | 00,025,723 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnboio.sys

(tfsncofs) tfsncofs [Auto | Running]
[08/13/2004 03:05 AM | 00,034,843 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsncofs.sys

(tfsndrct) tfsndrct [Auto | Running]
[08/13/2004 03:05 AM | 00,004,123 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndrct.sys

(tfsndres) tfsndres [Auto | Running]
[08/13/2004 03:05 AM | 00,002,239 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndres.sys

(tfsnifs) tfsnifs [Auto | Running]
[08/13/2004 03:05 AM | 00,086,202 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnifs.sys

(tfsnopio) tfsnopio [Auto | Running]
[08/13/2004 03:05 AM | 00,014,715 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnopio.sys

(tfsnpool) tfsnpool [Auto | Running]
[08/13/2004 03:05 AM | 00,006,363 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnpool.sys

(tfsnudf) tfsnudf [Auto | Running]
[08/13/2004 03:05 AM | 00,098,714 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudf.sys

(tfsnudfa) tfsnudfa [Auto | Running]
[08/13/2004 03:05 AM | 00,100,603 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudfa.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 03:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(w29n51) Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP [On_Demand | Running]
[10/21/2004 04:56 PM | 03,210,496 | ---- | M] (Intel® Corporation) - C:\WINDOWS\system32\drivers\w29n51.sys

(winachsf) winachsf [On_Demand | Running]
[06/17/2004 10:55 PM | 00,685,056 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

(Winkr17) Winkr17 [Boot | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Winkr17.sys

(Winqx74) Winqx74 [Boot | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Winqx74.sys

(Winrx74) Winrx74 [Boot | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Winrx74.sys

(Winsa63) Winsa63 [Boot | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Winsa63.sys

(Winud20) Winud20 [Boot | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Winud20.sys

(Winwf20) Winwf20 [Boot | Stopped]
File not found - C:\WINDOWS\System32\Drivers\Winwf20.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Apoint" = C:\Program Files\Apoint\Apoint.exe [09/13/2004 06:33 PM | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [11/10/2004 01:54 PM | 00,598,016 | ---- | M] ()
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [08/13/2004 03:05 AM | 00,122,939 | ---- | M] (Sonic Solutions)
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04/26/2004 10:04 AM | 00,053,248 | ---- | M] (CyberLink Corp.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"Logitech Utility" = Logi_MwX.Exe [12/17/2003 05:50 AM | 00,019,968 | ---- | M] (Logitech Inc.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray [08/03/2005 01:47 AM | 02,966,528 | ---- | M] (Webroot Software, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [08/18/2008 06:41 PM | 01,832,272 | RHS- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
File not found - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 10:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[10/29/2003 05:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[11/04/2004 07:28 PM | 00,258,048 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[11/04/2004 07:50 PM | 00,053,248 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 04:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
HKLM CLSID: (Spybot-S&D IE Protection) - [07/07/2008 09:41 AM | 01,562,448 | ---- | M] (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [08/13/2004 03:05 AM | 00,118,842 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [03/14/2007 03:43 AM | 00,501,400 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar3.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]
HKLM CLSID: (Browser Helper Object) - [07/31/2008 07:49 AM | 00,278,540 | ---- | M] () C:\Program Files\Common\_helper.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar3.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [01/05/2007 10:25 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar3.dll

"{5CBE2611-C31B-401F-89BC-4CBB25E853D7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{B7D3E479-CC68-42B5-A338-938ECE35F419}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 1
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
"DisableCAD" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 0
"ClearRecentDocsOnExit" = 01 00 00 00 [binary data]
"NoRecentDocsNetHood" = 01 00 00 00 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [11/08/2005 10:42 PM | 00,036,864 | ---- | M] (Logitech)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe [08/04/2004 07:00 AM | 00,042,496 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [08/04/2004 07:00 AM | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe [02/15/2005 10:36 AM | 00,565,248 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [11/08/2005 10:42 PM | 00,036,864 | ---- | M] (Logitech)
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe File not found
"C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = C:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe File not found
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\iexplore.exe [06/23/2008 05:20 AM | 00,625,664 | ---- | M] (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [10/10/2006 08:44 AM | 00,557,568 | ---- | M] (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [06/13/2007 06:23 AM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 07:00 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 07:00 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [10/25/2007 11:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 07:00 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [01/11/2005 02:16 PM | 00,090,112 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
"DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [09/07/2004 06:08 PM | 00,110,592 | ---- | M] (Intel Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName" = C:\WINDOWS\system32\NavLogon.dll [06/23/2005 08:27 PM | 00,043,712 | ---- | M] (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32]
"DllName" = File not found

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 0

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{30CC6C99-739B-4203-95E2-95F76E8F52EE}]
Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{812F0505-DC7C-425A-8606-808B7914945B}]
Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [08/04/2004 07:00 AM | 00,049,536 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRomSONY_DVD+-RW_DW-D56A____________________PDS3____\5&340b0ccf&0&0.0.0
"Count" = 1
"NextInstance" = 1
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] - [08/11/2004 07:15 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (31578 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 1.httpdads.com #SpySweeperCASS
127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
127.0.0.1 a.mktw.net #SpySweeperCASS
127.0.0.1 a.tribalfusion.com #SpySweeperCASS
127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
127.0.0.1 a3.suntimes.com #SpySweeperCASS
127.0.0.1 actionsplash.com #SpySweeperCASS
127.0.0.1 ad.abcnews.com #SpySweeperCASS
127.0.0.1 ad.adsmart.net #SpySweeperCASS
127.0.0.1 ad.adtraq.com #SpySweeperCASS
127.0.0.1 ad.atlas.cz #SpySweeperCASS
127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.blm.net #SpySweeperCASS
127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.dogpile.com #SpySweeperCASS
127.0.0.1 ad.doubleclick.com #SpySweeperCASS
127.0.0.1 ad.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.harmony-central.com #SpySweeperCASS
127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
127.0.0.1 ad.howstuffworks.com #SpySweeperCASS



[Files/Folders - Created Within 30 days]
[08/24/2008 11:00 AM | ---D | C] - C:\fixwareout
[08/18/2008 08:28 PM | ---D | C] - C:\KEEN
[08/13/2008 08:29 AM | 00,000,032 | --S- | M] () - C:\WINDOWS\System32\1479319262.dat
[08/13/2008 12:43 AM | 00,099,528 | ---- | M] () - C:\WINDOWS\System32\~.exe
[05/18/2007 09:25 PM | ---D | M] - C:\WINDOWS\System32\ѕуstem
** - C:\WINDOWS\System32\??stem
[6 C:\WINDOWS\System32\*.tmp files]
[08/06/2008 01:05 PM | -H-D | C] - C:\WINDOWS\PIF
[08/14/2008 09:13 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ohensvyz
[08/23/2008 06:12 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/19/2008 10:53 PM | 00,036,864 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\century child review.doc
[08/14/2008 01:00 AM | 00,027,648 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\digging up the corpses review.doc
[08/14/2008 01:48 PM | ---D | C] - C:\Documents and Settings\Administrator\My Documents\Documentation
[7 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[08/15/2008 11:36 AM | 00,029,696 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\once review.doc
[08/14/2008 01:48 PM | ---D | C] - C:\Documents and Settings\Administrator\My Documents\Shipedit
[08/14/2008 01:48 PM | ---D | C] - C:\Documents and Settings\Administrator\My Documents\Translate
[08/14/2008 01:48 PM | ---D | C] - C:\Documents and Settings\Administrator\My Documents\TyrianFunDoc
[05/27/2007 11:46 AM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\ΑppPatch
** - C:\Documents and Settings\Administrator\My Documents\?ppPatch
[05/27/2007 11:46 AM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Ѕуmantec
** - C:\Documents and Settings\Administrator\My Documents\??mantec
[08/24/2008 08:40 AM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/23/2008 01:56 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[08/23/2008 02:29 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[08/01/2008 02:13 PM | 03,346,432 | ---- | M] () - C:\Program Files\01. Crimson Tide (Deep Blue Sea).mp3
[07/29/2008 08:27 PM | 03,969,932 | ---- | M] () - C:\Program Files\011-gruntilda-s-lair-primary-theme-.mp3
[08/20/2008 04:29 PM | 01,388,544 | ---- | M] () - C:\Program Files\01_-_main_title.mp3
[08/20/2008 04:22 PM | 02,881,536 | ---- | M] () - C:\Program Files\02_-_spiral_mountain.mp3
[08/20/2008 03:48 PM | 05,068,199 | ---- | M] () - C:\Program Files\05-hybrid-ambient-1.mp3
[07/29/2008 09:29 PM | 03,049,265 | ---- | M] () - C:\Program Files\07-lurking-in-the-darkness.mp3
[07/29/2008 08:48 PM | 04,365,742 | ---- | M] () - C:\Program Files\092-gruntilda-s-lair-click-clock-wood-.mp3
[08/20/2008 04:02 PM | 02,196,341 | ---- | M] () - C:\Program Files\10-skynet-ambient-2.mp3
[08/01/2008 02:25 PM | 05,963,208 | ---- | M] () - C:\Program Files\104-nightwish-while_your_lips_are_still_red-man.mp3
[08/07/2008 10:48 PM | 04,841,975 | ---- | M] () - C:\Program Files\14 Bittersweet.mp3
[08/18/2008 11:31 AM | 00,244,484 | ---- | M] () - C:\Program Files\1keen.zip
[08/20/2008 04:44 PM | 06,332,445 | ---- | M] () - C:\Program Files\215_the_mercenaries_~_ada.mp3
[08/12/2008 07:01 PM | 04,127,976 | ---- | M] () - C:\Program Files\22-Tarja Turunen - The Seer (Deleted Scene UK Bonus Track).mp3
[08/20/2008 02:39 PM | 06,121,829 | ---- | M] () - C:\Program Files\225_intention.mp3
[08/20/2008 02:47 PM | 02,888,222 | ---- | M] () - C:\Program Files\29_-_the_suspended_dol.mp3
[08/14/2008 11:03 PM | ---D | C] - C:\Program Files\5023_Lorena_Syd.part1
[08/18/2008 01:42 PM | 00,126,843 | ---- | M] () - C:\Program Files\commander-keen-2.zip
[08/18/2008 03:06 PM | 00,138,932 | ---- | M] () - C:\Program Files\commander-keen-3.zip
[08/18/2008 03:12 PM | 00,529,214 | ---- | M] () - C:\Program Files\commander-keen-6.zip
[08/23/2008 01:20 PM | 00,486,449 | ---- | M] ( ) - C:\Program Files\Fixwareout.exe
[08/23/2008 01:56 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Program Files\HJTInstall.exe
[08/13/2008 12:46 AM | ---D | C] - C:\Program Files\jcyzzyc
[08/24/2008 01:03 PM | 01,274,880 | ---- | M] (OldTimer Tools) - C:\Program Files\OTViewIt.exe
[08/23/2008 02:55 PM | ---D | C] - C:\Program Files\Spybot - Search & Destroy
[08/23/2008 02:28 PM | 15,083,520 | ---- | M] (Safer Networking Limited ) - C:\Program Files\spybotsd160.exe
[08/19/2008 04:46 PM | ---D | C] - C:\Program Files\Trend Micro
[08/14/2008 10:16 PM | 04,042,444 | ---- | M] (e-merge GmbH) - C:\Program Files\wace269i.exe

[Files/Folders - Modified Within 30 days]
[08/05/2008 08:03 AM | -H-D | M] - C:\Config.Msi
[08/24/2008 11:00 AM | ---D | M] - C:\fixwareout
[08/18/2008 08:28 PM | ---D | M] - C:\KEEN
[08/24/2008 01:03 PM | ---D | M] - C:\Program Files
[08/24/2008 11:03 AM | ---D | M] - C:\WINDOWS
[08/13/2008 08:29 AM | 00,000,032 | --S- | M] () - C:\WINDOWS\System32\1479319262.dat
[08/24/2008 11:01 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[6 C:\WINDOWS\System32\*.tmp files]
[08/14/2008 09:14 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/18/2008 09:13 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/14/2008 09:13 AM | 00,000,118 | ---- | M] () - C:\WINDOWS\System32\MRT.INI
[08/24/2008 08:10 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/13/2008 12:43 AM | 00,099,528 | ---- | M] () - C:\WINDOWS\System32\~.exe
[05/18/2007 09:25 PM | ---D | M] - C:\WINDOWS\System32\ѕуstem
** - C:\WINDOWS\System32\??stem
[08/14/2008 09:14 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/24/2008 10:58 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/14/2008 09:10 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 09:14 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/16/2008 12:23 PM | -H-D | M] - C:\WINDOWS\inf
[08/05/2008 12:12 AM | -HSD | M] - C:\WINDOWS\Installer
[08/06/2008 01:05 PM | -H-D | M] - C:\WINDOWS\PIF
[08/24/2008 01:03 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/24/2008 12:27 PM | 00,000,274 | ---- | M] () - C:\WINDOWS\system.ini
[08/19/2008 09:36 AM | ---D | M] - C:\WINDOWS\system32
[08/23/2008 03:28 PM | --SD | M] - C:\WINDOWS\Tasks
[08/24/2008 12:51 PM | ---D | M] - C:\WINDOWS\Temp
[08/23/2008 03:28 PM | 00,001,175 | ---- | M] () - C:\WINDOWS\wininit.ini
[08/21/2008 02:45 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/20/2008 07:25 PM | 00,000,412 | ---- | M] () - C:\WINDOWS\tasks\Norton Security Scan.job
[08/24/2008 10:58 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/18/2008 03:00 PM | 00,000,742 | ---- | M] () - C:\WINDOWS\tasks\wrSpySweeper20060604145840.job
[08/14/2008 09:13 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ohensvyz
[08/23/2008 06:12 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[08/24/2008 11:03 AM | ---D | M] - C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[08/19/2008 10:53 PM | 00,036,864 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\century child review.doc
[08/14/2008 01:00 AM | 00,027,648 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\digging up the corpses review.doc
[08/14/2008 01:48 PM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Documentation
[7 C:\Documents and Settings\Administrator\My Documents\*.tmp files]
[08/18/2008 01:43 PM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Keen2
[08/18/2008 03:06 PM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Keen3
[08/06/2008 10:16 PM | R--D | M] - C:\Documents and Settings\Administrator\My Documents\My Pictures
[08/15/2008 11:36 AM | 00,029,696 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\once review.doc
[08/14/2008 01:48 PM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Shipedit
[08/14/2008 01:51 PM | 00,000,610 | ---- | M] () - C:\Documents and Settings\Administrator\My Documents\Shortcut to 01 The Dead Flag Blues.m4a.lnk
[08/14/2008 01:48 PM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Translate
[08/14/2008 01:48 PM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\TyrianFunDoc
[05/27/2007 11:46 AM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\ΑppPatch
** - C:\Documents and Settings\Administrator\My Documents\?ppPatch
[05/27/2007 11:46 AM | ---D | M] - C:\Documents and Settings\Administrator\My Documents\Ѕуmantec
** - C:\Documents and Settings\Administrator\My Documents\??mantec
[08/24/2008 08:40 AM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/23/2008 01:56 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[08/23/2008 02:29 PM | 00,000,933 | ---- | M] () - C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk

< End of report >

Edited by spinblackscircle, 24 August 2008 - 12:12 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 24 August 2008 - 12:25 PM

1. Please download The Avenger2 by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
Winqx74
Winrx74
Winsa63 
Winud20
Winwf20

Files to delete:
C:\WINDOWS\System32\Drivers\Winkr17.sys
C:\WINDOWS\System32\Drivers\Winqx74.sys
C:\WINDOWS\System32\Drivers\Winrx74.sys
C:\WINDOWS\System32\Drivers\Winsa63.sys
C:\WINDOWS\System32\Drivers\Winud20.sys
C:\WINDOWS\System32\Drivers\Winwf20.sys
C:\WINDOWS\System32\1479319262.dat
C:\WINDOWS\System32\~.exe

Folders to delete:
C:\Program Files\jcyzzyc
C:\Documents and Settings\All Users\Application Data\ohensvyz

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also Paste the text copied to the clipboard into this window by pressing (Ctrl+V), or click on the third button under the menu to paste it from the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete" or "Drivers to Disable", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.
======================
Then Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 spinblackscircle

spinblackscircle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 24 August 2008 - 01:05 PM

Here is the report from Avenger:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "Winqx74" deleted successfully.
Driver "Winrx74" deleted successfully.
Driver "Winsa63" deleted successfully.
Driver "Winud20" deleted successfully.
Driver "Winwf20" deleted successfully.

Error: file "C:\WINDOWS\System32\Drivers\Winkr17.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\Winkr17.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\Winqx74.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\Winqx74.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\Winrx74.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\Winrx74.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\Winsa63.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\Winsa63.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\Winud20.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\Winud20.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\System32\Drivers\Winwf20.sys" not found!
Deletion of file "C:\WINDOWS\System32\Drivers\Winwf20.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\System32\1479319262.dat" deleted successfully.
File "C:\WINDOWS\System32\~.exe" deleted successfully.
Folder "C:\Program Files\jcyzzyc" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\ohensvyz" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Downloading Combofix won't be a problem, but unfortunately, I don't have my Windows XP CD with me to download the Windows Recovery Console. Is there anything that I can do about this?

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 24 August 2008 - 01:08 PM

REad those instructions again.
The Recovery Console is installed Via combofix.
All you have to do is go to the Microsoft site provided on the Combofix instructions page and download the boot disks for your version of Windows.
Then you drag and drop that file onto Combofix and it will instal the REcovery Console for you.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 spinblackscircle

spinblackscircle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 24 August 2008 - 04:33 PM

Sorry for the wait, I had some errands to do. Anyway, here is the Combofix report:

ComboFix 08-08-23.03 - Student 2008-08-24 14:21:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.118 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\G2GPC4N4\interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\G2GPC4N4\interclick.com\ud.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\G2GPC4N4\www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\G2GPC4N4\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\G2GPC4N4\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Administrator\Cookies\student@ads.revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\student@clicktorrent[2].txt
C:\Documents and Settings\Administrator\Cookies\student@confidentsurf[1].txt
C:\Documents and Settings\Administrator\Cookies\student@confidentsurf[3].txt
C:\Documents and Settings\Administrator\Cookies\student@eztracks.aavalue[1].txt
C:\Documents and Settings\Administrator\Cookies\student@insightexpressai[1].txt
C:\Documents and Settings\Administrator\Cookies\student@media6degrees[2].txt
C:\Documents and Settings\Administrator\Cookies\student@my.clearchannelradio[2].txt
C:\Documents and Settings\Administrator\Cookies\student@myspace[1].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[1].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[10].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[2].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[3].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[4].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[5].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[6].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[7].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[8].txt
C:\Documents and Settings\Administrator\Cookies\student@pcsecuresystem[9].txt
C:\Documents and Settings\Administrator\Cookies\student@peach.bskyb[2].txt
C:\Documents and Settings\Administrator\Cookies\student@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[1].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[2].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[3].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[4].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[5].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[6].txt
C:\Documents and Settings\Administrator\Cookies\student@securepccleaner[7].txt
C:\Documents and Settings\Administrator\Cookies\student@turn[2].txt
C:\Documents and Settings\Administrator\My Documents\MANTEC~1
C:\Documents and Settings\Administrator\My Documents\MANTEC~1\j?vaw.exe
C:\Documents and Settings\Administrator\My Documents\PPPATC~1
C:\Documents and Settings\Administrator\ResErrors.log
C:\temp\0b9
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\hosts
C:\WINDOWS\system32\bipcvbpp.ini
C:\WINDOWS\system32\bqkyixlt.ini
C:\WINDOWS\system32\disk.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\jaygmosy.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\naxyjypr.ini
C:\WINDOWS\system32\odxxnvpu.ini
C:\WINDOWS\system32\plaatntt.ini
C:\WINDOWS\system32\scydgvjt.ini
C:\WINDOWS\system32\smvjwans.ini
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\stem~1\??stem\
C:\WINDOWS\system32\stem~1\spoolsv.exe
C:\WINDOWS\system32\veckdhhd.ini
C:\WINDOWS\system32\wlnoeswd.ini
C:\WINDOWS\system32\wnstsisv32.exe
C:\WINDOWS\system32\xlnaykea.ini
C:\WINDOWS\system32\xuprdcpo.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.tmp

.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.

2008-08-24 13:26 . 2008-08-24 13:26 724,952 --a------ C:\Program Files\avenger.zip
2008-08-24 13:03 . 2008-08-24 13:03 1,274,880 --a------ C:\Program Files\OTViewIt.exe
2008-08-23 14:29 . 2008-08-23 14:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 14:29 . 2008-08-23 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 14:28 . 2008-08-23 14:28 15,083,520 --a------ C:\Program Files\spybotsd160.exe
2008-08-23 13:56 . 2008-08-23 13:56 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-08-23 13:20 . 2008-08-24 11:00 <DIR> d-------- C:\fixwareout
2008-08-23 13:20 . 2008-08-23 13:20 486,449 --a------ C:\Program Files\Fixwareout.exe
2008-08-19 16:46 . 2008-08-19 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-18 15:12 . 2008-08-18 15:12 529,214 --a------ C:\Program Files\commander-keen-6.zip
2008-08-18 15:06 . 2008-08-18 15:06 138,932 --a------ C:\Program Files\commander-keen-3.zip
2008-08-18 13:42 . 2008-08-18 13:42 126,843 --a------ C:\Program Files\commander-keen-2.zip
2008-08-18 11:33 . 2008-08-18 20:28 <DIR> d-------- C:\KEEN
2008-08-18 11:31 . 2008-08-18 11:31 244,484 --a------ C:\Program Files\1keen.zip
2008-08-14 23:03 . 2008-08-14 23:03 <DIR> d-------- C:\Program Files\5023_Lorena_Syd.part1
2008-08-13 22:29 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-06 13:05 . 2008-08-06 13:05 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-06 13:00 . 2008-08-14 22:16 4,042,444 --a------ C:\Program Files\wace269i.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 18:28 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-20 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-20 20:44 6,332,445 ----a-w C:\Program Files\215_the_mercenaries_~_ada.mp3
2008-08-20 20:29 1,388,544 ----a-w C:\Program Files\01_-_main_title.mp3
2008-08-20 20:22 2,881,536 ----a-w C:\Program Files\02_-_spiral_mountain.mp3
2008-08-20 20:02 2,196,341 ----a-w C:\Program Files\10-skynet-ambient-2.mp3
2008-08-20 19:48 5,068,199 ----a-w C:\Program Files\05-hybrid-ambient-1.mp3
2008-08-20 18:47 2,888,222 ----a-w C:\Program Files\29_-_the_suspended_dol.mp3
2008-08-20 18:39 6,121,829 ----a-w C:\Program Files\225_intention.mp3
2008-08-12 23:01 4,127,976 ----a-w C:\Program Files\22-Tarja Turunen - The Seer (Deleted Scene UK Bonus Track).mp3
2008-08-08 02:48 4,841,975 ----a-w C:\Program Files\14 Bittersweet.mp3
2008-08-06 16:27 --------- d-----w C:\Program Files\Mulberry
2008-08-05 04:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-05 04:05 --------- d-----w C:\Program Files\iTunes
2008-08-05 04:05 --------- d-----w C:\Program Files\iPod
2008-08-01 18:25 5,963,208 ----a-w C:\Program Files\104-nightwish-while_your_lips_are_still_red-man.mp3
2008-08-01 18:13 3,346,432 ----a-w C:\Program Files\01. Crimson Tide (Deep Blue Sea).mp3
2008-08-01 11:09 --------- d-----w C:\Program Files\Common
2008-07-30 01:29 3,049,265 ----a-w C:\Program Files\07-lurking-in-the-darkness.mp3
2008-07-30 00:48 4,365,742 ----a-w C:\Program Files\092-gruntilda-s-lair-click-clock-wood-.mp3
2008-07-30 00:27 3,969,932 ----a-w C:\Program Files\011-gruntilda-s-lair-primary-theme-.mp3
2008-07-21 22:38 3,256,320 ----a-w C:\Program Files\10-death-alley.mp3
2008-07-21 22:35 3,268,608 ----a-w C:\Program Files\04-terraport-bamboo-mill.mp3
2008-07-21 17:21 3,365,459 ----a-w C:\Program Files\22-metal-squad.mp3
2008-07-21 17:14 799,788 ----a-w C:\Program Files\01-lightning-strikes-again.mp3
2008-07-21 17:04 789,151 ----a-w C:\Program Files\20-battle.mp3
2008-07-21 16:55 4,112,384 ----a-w C:\Program Files\09-rock-n-roller-underground-vault.mp3
2008-07-21 16:52 3,833,856 ----a-w C:\Program Files\11-superstructure-dark-ruins.mp3
2008-07-21 16:49 1,989,266 ----a-w C:\Program Files\07-absolute-zero-worldlink-center.mp3
2008-07-21 16:46 1,241,088 ----a-w C:\Program Files\01-title.mp3
2008-07-16 18:48 6,094,100 ----a-w C:\Program Files\22-the-underground-laboratory.mp3
2008-07-12 16:44 4,854,808 ----a-w C:\Program Files\201-infiltration.mp3
2008-07-12 16:28 4,169,218 ----a-w C:\Program Files\122-never-give-up-the-escape.mp3
2008-07-12 16:26 1,315,781 ----a-w C:\Program Files\203-regenerador.mp3
2008-07-12 16:25 6,456,668 ----a-w C:\Program Files\09_-_the_first_floor.mp3
2008-07-12 16:03 5,856,632 ----a-w C:\Program Files\19_terminate.mp3
2008-07-12 15:40 3,384,043 ----a-w C:\Program Files\04.mp3
2008-07-12 15:30 3,073,702 ----a-w C:\Program Files\10.mp3
2008-07-12 15:16 4,130,722 ----a-w C:\Program Files\13_-_the_library.mp3
2008-07-12 15:15 8,976,985 ----a-w C:\Program Files\20-the-marshaling-yard-the-latter-half-.mp3
2008-07-12 15:15 6,054,404 ----a-w C:\Program Files\19-the-marshaling-yard-the-first-half-.mp3
2008-07-12 15:15 5,001,141 ----a-w C:\Program Files\15-the-basement-of-police-station.mp3
2008-07-12 15:14 3,851,736 ----a-w C:\Program Files\08_-_the_front_hall.mp3
2008-07-12 15:14 2,273,940 ----a-w C:\Program Files\11-secure-place.mp3
2008-07-12 14:33 1,022,772 ----a-w C:\Program Files\04-first-floor-mansion.mp3
2008-07-12 00:36 62,015 ----a-w C:\Program Files\12-save-room.mp3
2008-07-12 00:36 --------- d-----w C:\Program Files\Bonjour
2008-07-12 00:35 --------- d-----w C:\Program Files\QuickTime
2008-07-04 04:18 41,984 ----a-w C:\Program Files\gcircle.doc
2008-06-25 20:16 --------- d-----w C:\Program Files\HP
2008-05-03 14:17 12,921 ----a-w C:\Program Files\rdyyy6.htm
2008-04-20 17:49 3,178,836 ----a-w C:\Program Files\03 - I'm Eighteen.mp3
2008-04-20 17:47 6,037,632 ----a-w C:\Program Files\Creed - Is This The End.mp3
2008-04-20 17:47 5,419,136 ----a-w C:\Program Files\Creed - Bound & Tied.mp3
2008-04-20 17:47 4,643,079 ----a-w C:\Program Files\12 Young Grow Old.m4a
2008-04-20 15:49 48,115 ----a-w C:\Program Files\mp3fiesta_com.htm
2008-04-13 02:04 741 ----a-w C:\Program Files\dread-inc_org.htm
2008-04-07 05:37 10,182,547 ----a-w C:\Program Files\nw_escap_bonus_2007.rar
2008-04-07 05:13 4,167,680 ----a-w C:\Program Files\Nightwish - Nightquest.mp3
2008-04-07 05:11 7,596,960 ----a-w C:\Program Files\Nightwish - Once Upon A Troubadour.mp3
2008-04-07 05:11 5,553,510 ----a-w C:\Program Files\Nightwish - A Return To The Sea.mp3
2008-04-07 05:11 4,504,286 ----a-w C:\Program Files\Nightwish - Sleepwalker (Heavy Version).mp3
2008-04-07 05:06 4,869,102 ----a-w C:\Program Files\11.mp3
2008-04-07 05:05 8,423,424 ----a-w C:\Program Files\Nightwish_-_01_-_Nightwish.mp3
2008-04-07 04:56 6,546,162 ----a-w C:\Program Files\Nightwish - 03 - Away.mp3
2008-04-07 04:11 5,221,275 ----a-w C:\Program Files\Nightwish - 10th Man Down.mp3
2008-03-26 19:24 14,549,355 ----a-w C:\Program Files\Evanescence - Origin - 08 - Anywhere.mp3
2008-03-26 16:07 4,548,401 ----a-w C:\Program Files\Evanescence - Demo CD Alt Takes - Forever You.mp3
2008-03-26 16:05 9,248,746 ----a-w C:\Program Files\Evanescence - Demo CD - 17 - Breathe No More.mp3
2008-03-26 16:04 9,854,810 ----a-w C:\Program Files\Evanescence - Demo CD - 16 - Bring Me To Life (original).mp3
2008-03-26 16:02 8,708,521 ----a-w C:\Program Files\Evanescence - Demo CD - 15 - Surrender.mp3
2008-03-26 16:01 10,335,419 ----a-w C:\Program Files\Evanescence - Demo CD - 11 - Bleed.mp3
2008-03-26 15:59 7,898,737 ----a-w C:\Program Files\Evanescence - Demo CD - 10 - Before The Dawn.mp3
2008-03-26 15:57 9,344,870 ----a-w C:\Program Files\Evanescence - Demo CD - 05 - Farther Away.mp3
2008-03-26 15:55 8,215,343 ----a-w C:\Program Files\Evanescence - Demo CD - 03 - Anything For You.mp3
2008-03-26 15:51 21,050,912 ----a-w C:\Program Files\Evanescence - Origin - Pre-Release Alternate Ending.mp3
2008-03-26 15:47 17,684,049 ----a-w C:\Program Files\Evanescence - Origin - 11 - Eternal.mp3
2008-03-26 15:44 8,431,483 ----a-w C:\Program Files\Evanescence - Origin - 10 - Away From Me.mp3
2008-03-26 15:09 9,202,609 ----a-w C:\Program Files\Evanescence - Origin - 09 - Lies.mp3
2008-03-26 15:08 9,967,483 ----a-w C:\Program Files\Evanescence - Origin - 07 - Even In Death.mp3
2008-03-26 15:06 12,547,341 ----a-w C:\Program Files\Evanescence - Origin - 06 - Field Of Innocence.mp3
2008-03-26 15:04 1,409,762 ----a-w C:\Program Files\Evanescence - Origin - 01 - Origin.mp3
2008-03-26 15:02 601,370 ----a-w C:\Program Files\Evanescence - Origin - 00 - Anywhere (outtake).mp3
2008-03-26 15:01 17,048,057 ----a-w C:\Program Files\Evanescence - Sound Asleep EP - 06 - Ascension Of The Spirit (original).mp3
2008-03-26 14:59 4,366,130 ----a-w C:\Program Files\Evanescence - Sound Asleep EP - 04 - Forgive Me.mp3
2008-03-26 14:57 5,905,288 ----a-w C:\Program Files\Evanescence - Sound Asleep EP - 02 - Whisper (Demo Version).mp3
2008-03-26 14:50 8,402,988 ----a-w C:\Program Files\Evanescence - Evanescence EP Outtake - Give Unto Me.mp3
2008-03-26 14:49 9,281,948 ----a-w C:\Program Files\Evanescence - Evanescence EP Outtake - October.mp3
2008-03-26 14:48 7,639,408 ----a-w C:\Program Files\Evanescence - Evanescence EP Outtake - My Immortal (Piano - Vocal).mp3
2008-03-26 14:44 2,882,785 ----a-w C:\Program Files\Evanescence - Evanescence EP - 07 - The End.mp3
2008-03-26 14:43 10,600,413 ----a-w C:\Program Files\Evanescence - Evanescence EP - 06 - Understanding.mp3
2008-03-26 14:42 6,458,845 ----a-w C:\Program Files\Evanescence - Evanescence EP - 05 - So Close.mp3
2008-03-26 14:41 4,396,840 ----a-w C:\Program Files\Evanescence - Evanescence EP - 04 - Exodus.mp3
2008-03-26 14:40 5,788,676 ----a-w C:\Program Files\Evanescence - Evanescence EP - 03 - Imaginary (EP Version).mp3
2008-03-26 14:38 8,275,087 ----a-w C:\Program Files\Evanescence - Evanescence EP - 02 - Solitude.mp3
2008-03-26 14:37 5,594,968 ----a-w C:\Program Files\Evanescence - Evanescence EP - 01 - Where Will You Go (EP Version).mp3
2008-03-04 04:08 1,206,366 ----a-w C:\Program Files\wrar371.exe
2008-03-04 04:05 197,797,385 ----a-w C:\Program Files\I WANT TO SUCK TIIMMAYS COCK.rar
2008-03-04 03:50 84,841,450 ----a-w C:\Program Files\CS_092207.zip
2008-02-16 18:00 48,128 ----a-w C:\Program Files\resume winter 2007 -rev2.doc
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-11-10 13:54 598016]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 10:04 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-08-03 01:47 2966528]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-14 12:15:43 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
2008-07-16 11:30 38912 C:\WINDOWS\system32\LoveFly.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincj86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winck53.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windl65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winem54.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winip85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winiq86.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr17.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winud20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwf20.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22002
"500:UDP"= 500:UDP:128.143.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,192.35.0.0/255.255.0.0,198.32.44.0/255.255.255.0,198.32.48.0/255.255.255.0,199.111.0.0/255.255.0.0:Enabled:CiscoVPN(ISAKMP)
"62515:UDP"= 62515:UDP:128.143.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,192.35.0.0/255.255.0.0,198.32.44.0/255.255.255.0,198.32.48.0/255.255.255.0,199.111.0.0/255.255.0.0:Enabled:CiscoVPN
"38293:UDP"= 38293:UDP:128.143.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,192.35.0.0/255.255.0.0,199.111.0.0/255.255.0.0:Enabled:SymantecManagedAVUDP38293

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 23:26]
S0 Winkr17;Winkr17;C:\WINDOWS\system32\Drivers\Winkr17.sys []
S3 2689541e-5878-467b-a800-a39ece16023b;2689541e-5878-467b-a800-a39ece16023b;D:\CDS300\cds300.dll []
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-20 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]

2008-08-18 C:\WINDOWS\Tasks\wrSpySweeper20060604145840.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2005-08-03 01:47]
.
- - - - ORPHANS REMOVED - - - -

SSODL-dbapi-{60419F4E-6F19-36F2-40D0-00AFC0C0C125} - C:\Program Files\jcyzzyc\dbapi.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tds94tx5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.virginia.edu/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-24 14:35:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysAppSwPrv]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilteraspnet_state]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationSENS]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc2D.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMSCardSvr]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NICCONFIGSVCPACSPTISVR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaBITS]
"ImagePath"="8Û\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlCryptSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlSamSs]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasManWmiApSrv]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitorlanmanworkstation]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvrNetDDE]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvRemoteRegistry]
"ImagePath"="đ%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-24 14:46:25 - machine was rebooted [Student]
ComboFix-quarantined-files.txt 2008-08-24 18:46:15

Pre-Run: 24,834,596,864 bytes free
Post-Run: 24,889,753,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

394 --- E O F --- 2008-08-14 13:15:02


And here is my current HijackThis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:54 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/uvalib/support/...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111505473406
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = virginia.edu
O17 - HKLM\Software\..\Telephony: DomainName = virginia.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = virginia.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = virginia.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = virginia.edu
O18 - Protocol: bw+0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: offline-8876480 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Love - C:\WINDOWS\SYSTEM32\LoveFly.dll
O21 - SSODL: dbapi - {60419F4E-6F19-36F2-40D0-00AFC0C0C125} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ System Application COMSysAppSwPrv (COMSysAppSwPrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL HTTPFilteraspnet_state (HTTPFilteraspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Workstation lanmanworkstationSENS (lanmanworkstationSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Machine Debug Manager MDMSCardSvr (MDMSCardSvr) - Unknown owner - C:\WINDOWS\
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICCONFIGSVC NICCONFIGSVCPACSPTISVR (NICCONFIGSVCPACSPTISVR) - Unknown owner - C:\WINDOWS\
O23 - Service: Network Location Awareness (NLA) NlaBITS (NlaBITS) - Unknown owner - 8Û .exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pml Driver HPZ12 PmlCryptSvc (PmlCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 PmlSamSs (PmlSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Connection Manager RasManWmiApSrv (RasManWmiApSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spectrum24 Event Monitor S24EventMonitorlanmanworkstation (S24EventMonitorlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card SCardSvrNetDDE (SCardSvrNetDDE) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Telephony TapiSrvRemoteRegistry (TapiSrvRemoteRegistry) - Unknown owner - C:\WINDOWS\
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 24057 bytes

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 24 August 2008 - 06:18 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
Winkr17

File::
C:\WINDOWS\system32\LoveFly.dll
C:\WINDOWS\system32\Drivers\Winkr17.sys
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Love]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincj86.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winck53.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windl65.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winem54.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winip85.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winiq86.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr17.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqx74.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx74.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa63.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winud20.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwf20.sys]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 spinblackscircle

spinblackscircle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 25 August 2008 - 08:35 AM

Here is the Combofix.txt:

ComboFix 08-08-24.03 - Student 2008-08-25 9:03:52.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\Drivers\Winkr17.sys
C:\WINDOWS\system32\LoveFly.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\LoveFly.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Winkr17


((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-24 13:26 . 2008-08-24 13:26 724,952 --a------ C:\Program Files\avenger.zip
2008-08-24 13:03 . 2008-08-24 13:03 1,274,880 --a------ C:\Program Files\OTViewIt.exe
2008-08-23 14:29 . 2008-08-23 14:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 14:29 . 2008-08-23 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-23 14:28 . 2008-08-23 14:28 15,083,520 --a------ C:\Program Files\spybotsd160.exe
2008-08-23 13:56 . 2008-08-23 13:56 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-08-23 13:20 . 2008-08-24 11:00 <DIR> d-------- C:\fixwareout
2008-08-23 13:20 . 2008-08-23 13:20 486,449 --a------ C:\Program Files\Fixwareout.exe
2008-08-19 16:46 . 2008-08-19 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-18 15:12 . 2008-08-18 15:12 529,214 --a------ C:\Program Files\commander-keen-6.zip
2008-08-18 15:06 . 2008-08-18 15:06 138,932 --a------ C:\Program Files\commander-keen-3.zip
2008-08-18 13:42 . 2008-08-18 13:42 126,843 --a------ C:\Program Files\commander-keen-2.zip
2008-08-18 11:33 . 2008-08-18 20:28 <DIR> d-------- C:\KEEN
2008-08-18 11:31 . 2008-08-18 11:31 244,484 --a------ C:\Program Files\1keen.zip
2008-08-14 23:03 . 2008-08-14 23:03 <DIR> d-------- C:\Program Files\5023_Lorena_Syd.part1
2008-08-13 22:29 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-06 13:05 . 2008-08-06 13:05 <DIR> d--h----- C:\WINDOWS\PIF
2008-08-06 13:00 . 2008-08-14 22:16 4,042,444 --a------ C:\Program Files\wace269i.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-08-24 18:28 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-20 20:44 6,332,445 ----a-w C:\Program Files\215_the_mercenaries_~_ada.mp3
2008-08-20 20:29 1,388,544 ----a-w C:\Program Files\01_-_main_title.mp3
2008-08-20 20:22 2,881,536 ----a-w C:\Program Files\02_-_spiral_mountain.mp3
2008-08-20 20:02 2,196,341 ----a-w C:\Program Files\10-skynet-ambient-2.mp3
2008-08-20 19:48 5,068,199 ----a-w C:\Program Files\05-hybrid-ambient-1.mp3
2008-08-20 18:47 2,888,222 ----a-w C:\Program Files\29_-_the_suspended_dol.mp3
2008-08-20 18:39 6,121,829 ----a-w C:\Program Files\225_intention.mp3
2008-08-12 23:01 4,127,976 ----a-w C:\Program Files\22-Tarja Turunen - The Seer (Deleted Scene UK Bonus Track).mp3
2008-08-08 02:48 4,841,975 ----a-w C:\Program Files\14 Bittersweet.mp3
2008-08-06 16:27 --------- d-----w C:\Program Files\Mulberry
2008-08-05 04:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-05 04:05 --------- d-----w C:\Program Files\iTunes
2008-08-05 04:05 --------- d-----w C:\Program Files\iPod
2008-08-01 18:25 5,963,208 ----a-w C:\Program Files\104-nightwish-while_your_lips_are_still_red-man.mp3
2008-08-01 18:13 3,346,432 ----a-w C:\Program Files\01. Crimson Tide (Deep Blue Sea).mp3
2008-08-01 11:09 --------- d-----w C:\Program Files\Common
2008-07-30 01:29 3,049,265 ----a-w C:\Program Files\07-lurking-in-the-darkness.mp3
2008-07-30 00:48 4,365,742 ----a-w C:\Program Files\092-gruntilda-s-lair-click-clock-wood-.mp3
2008-07-30 00:27 3,969,932 ----a-w C:\Program Files\011-gruntilda-s-lair-primary-theme-.mp3
2008-07-21 22:38 3,256,320 ----a-w C:\Program Files\10-death-alley.mp3
2008-07-21 22:35 3,268,608 ----a-w C:\Program Files\04-terraport-bamboo-mill.mp3
2008-07-21 17:21 3,365,459 ----a-w C:\Program Files\22-metal-squad.mp3
2008-07-21 17:14 799,788 ----a-w C:\Program Files\01-lightning-strikes-again.mp3
2008-07-21 17:04 789,151 ----a-w C:\Program Files\20-battle.mp3
2008-07-21 16:55 4,112,384 ----a-w C:\Program Files\09-rock-n-roller-underground-vault.mp3
2008-07-21 16:52 3,833,856 ----a-w C:\Program Files\11-superstructure-dark-ruins.mp3
2008-07-21 16:49 1,989,266 ----a-w C:\Program Files\07-absolute-zero-worldlink-center.mp3
2008-07-21 16:46 1,241,088 ----a-w C:\Program Files\01-title.mp3
2008-07-16 18:48 6,094,100 ----a-w C:\Program Files\22-the-underground-laboratory.mp3
2008-07-12 16:44 4,854,808 ----a-w C:\Program Files\201-infiltration.mp3
2008-07-12 16:28 4,169,218 ----a-w C:\Program Files\122-never-give-up-the-escape.mp3
2008-07-12 16:26 1,315,781 ----a-w C:\Program Files\203-regenerador.mp3
2008-07-12 16:25 6,456,668 ----a-w C:\Program Files\09_-_the_first_floor.mp3
2008-07-12 16:03 5,856,632 ----a-w C:\Program Files\19_terminate.mp3
2008-07-12 15:40 3,384,043 ----a-w C:\Program Files\04.mp3
2008-07-12 15:30 3,073,702 ----a-w C:\Program Files\10.mp3
2008-07-12 15:16 4,130,722 ----a-w C:\Program Files\13_-_the_library.mp3
2008-07-12 15:15 8,976,985 ----a-w C:\Program Files\20-the-marshaling-yard-the-latter-half-.mp3
2008-07-12 15:15 6,054,404 ----a-w C:\Program Files\19-the-marshaling-yard-the-first-half-.mp3
2008-07-12 15:15 5,001,141 ----a-w C:\Program Files\15-the-basement-of-police-station.mp3
2008-07-12 15:14 3,851,736 ----a-w C:\Program Files\08_-_the_front_hall.mp3
2008-07-12 15:14 2,273,940 ----a-w C:\Program Files\11-secure-place.mp3
2008-07-12 14:33 1,022,772 ----a-w C:\Program Files\04-first-floor-mansion.mp3
2008-07-12 00:36 62,015 ----a-w C:\Program Files\12-save-room.mp3
2008-07-12 00:36 --------- d-----w C:\Program Files\Bonjour
2008-07-12 00:35 --------- d-----w C:\Program Files\QuickTime
2008-07-04 04:18 41,984 ----a-w C:\Program Files\gcircle.doc
2008-06-25 20:16 --------- d-----w C:\Program Files\HP
2008-05-03 14:17 12,921 ----a-w C:\Program Files\rdyyy6.htm
2008-04-20 17:49 3,178,836 ----a-w C:\Program Files\03 - I'm Eighteen.mp3
2008-04-20 17:47 6,037,632 ----a-w C:\Program Files\Creed - Is This The End.mp3
2008-04-20 17:47 5,419,136 ----a-w C:\Program Files\Creed - Bound & Tied.mp3
2008-04-20 17:47 4,643,079 ----a-w C:\Program Files\12 Young Grow Old.m4a
2008-04-20 15:49 48,115 ----a-w C:\Program Files\mp3fiesta_com.htm
2008-04-13 02:04 741 ----a-w C:\Program Files\dread-inc_org.htm
2008-04-07 05:37 10,182,547 ----a-w C:\Program Files\nw_escap_bonus_2007.rar
2008-04-07 05:13 4,167,680 ----a-w C:\Program Files\Nightwish - Nightquest.mp3
2008-04-07 05:11 7,596,960 ----a-w C:\Program Files\Nightwish - Once Upon A Troubadour.mp3
2008-04-07 05:11 5,553,510 ----a-w C:\Program Files\Nightwish - A Return To The Sea.mp3
2008-04-07 05:11 4,504,286 ----a-w C:\Program Files\Nightwish - Sleepwalker (Heavy Version).mp3
2008-04-07 05:06 4,869,102 ----a-w C:\Program Files\11.mp3
2008-04-07 05:05 8,423,424 ----a-w C:\Program Files\Nightwish_-_01_-_Nightwish.mp3
2008-04-07 04:56 6,546,162 ----a-w C:\Program Files\Nightwish - 03 - Away.mp3
2008-04-07 04:11 5,221,275 ----a-w C:\Program Files\Nightwish - 10th Man Down.mp3
2008-03-26 19:24 14,549,355 ----a-w C:\Program Files\Evanescence - Origin - 08 - Anywhere.mp3
2008-03-26 16:07 4,548,401 ----a-w C:\Program Files\Evanescence - Demo CD Alt Takes - Forever You.mp3
2008-03-26 16:05 9,248,746 ----a-w C:\Program Files\Evanescence - Demo CD - 17 - Breathe No More.mp3
2008-03-26 16:04 9,854,810 ----a-w C:\Program Files\Evanescence - Demo CD - 16 - Bring Me To Life (original).mp3
2008-03-26 16:02 8,708,521 ----a-w C:\Program Files\Evanescence - Demo CD - 15 - Surrender.mp3
2008-03-26 16:01 10,335,419 ----a-w C:\Program Files\Evanescence - Demo CD - 11 - Bleed.mp3
2008-03-26 15:59 7,898,737 ----a-w C:\Program Files\Evanescence - Demo CD - 10 - Before The Dawn.mp3
2008-03-26 15:57 9,344,870 ----a-w C:\Program Files\Evanescence - Demo CD - 05 - Farther Away.mp3
2008-03-26 15:55 8,215,343 ----a-w C:\Program Files\Evanescence - Demo CD - 03 - Anything For You.mp3
2008-03-26 15:51 21,050,912 ----a-w C:\Program Files\Evanescence - Origin - Pre-Release Alternate Ending.mp3
2008-03-26 15:47 17,684,049 ----a-w C:\Program Files\Evanescence - Origin - 11 - Eternal.mp3
2008-03-26 15:44 8,431,483 ----a-w C:\Program Files\Evanescence - Origin - 10 - Away From Me.mp3
2008-03-26 15:09 9,202,609 ----a-w C:\Program Files\Evanescence - Origin - 09 - Lies.mp3
2008-03-26 15:08 9,967,483 ----a-w C:\Program Files\Evanescence - Origin - 07 - Even In Death.mp3
2008-03-26 15:06 12,547,341 ----a-w C:\Program Files\Evanescence - Origin - 06 - Field Of Innocence.mp3
2008-03-26 15:04 1,409,762 ----a-w C:\Program Files\Evanescence - Origin - 01 - Origin.mp3
2008-03-26 15:02 601,370 ----a-w C:\Program Files\Evanescence - Origin - 00 - Anywhere (outtake).mp3
2008-03-26 15:01 17,048,057 ----a-w C:\Program Files\Evanescence - Sound Asleep EP - 06 - Ascension Of The Spirit (original).mp3
2008-03-26 14:59 4,366,130 ----a-w C:\Program Files\Evanescence - Sound Asleep EP - 04 - Forgive Me.mp3
2008-03-26 14:57 5,905,288 ----a-w C:\Program Files\Evanescence - Sound Asleep EP - 02 - Whisper (Demo Version).mp3
2008-03-26 14:50 8,402,988 ----a-w C:\Program Files\Evanescence - Evanescence EP Outtake - Give Unto Me.mp3
2008-03-26 14:49 9,281,948 ----a-w C:\Program Files\Evanescence - Evanescence EP Outtake - October.mp3
2008-03-26 14:48 7,639,408 ----a-w C:\Program Files\Evanescence - Evanescence EP Outtake - My Immortal (Piano - Vocal).mp3
2008-03-26 14:44 2,882,785 ----a-w C:\Program Files\Evanescence - Evanescence EP - 07 - The End.mp3
2008-03-26 14:43 10,600,413 ----a-w C:\Program Files\Evanescence - Evanescence EP - 06 - Understanding.mp3
2008-03-26 14:42 6,458,845 ----a-w C:\Program Files\Evanescence - Evanescence EP - 05 - So Close.mp3
2008-03-26 14:41 4,396,840 ----a-w C:\Program Files\Evanescence - Evanescence EP - 04 - Exodus.mp3
2008-03-26 14:40 5,788,676 ----a-w C:\Program Files\Evanescence - Evanescence EP - 03 - Imaginary (EP Version).mp3
2008-03-26 14:38 8,275,087 ----a-w C:\Program Files\Evanescence - Evanescence EP - 02 - Solitude.mp3
2008-03-26 14:37 5,594,968 ----a-w C:\Program Files\Evanescence - Evanescence EP - 01 - Where Will You Go (EP Version).mp3
2008-03-04 04:08 1,206,366 ----a-w C:\Program Files\wrar371.exe
2008-03-04 04:05 197,797,385 ----a-w C:\Program Files\I WANT TO SUCK TIIMMAYS COCK.rar
2008-03-04 03:50 84,841,450 ----a-w C:\Program Files\CS_092207.zip
2008-02-16 18:00 48,128 ----a-w C:\Program Files\resume winter 2007 -rev2.doc
.

------- Sigcheck -------

2005-05-25 15:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 07:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 15:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 06:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-24_14.45.24.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-11-10 13:54 598016]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 10:04 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 03:05 122939]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-08-03 01:47 2966528]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-03-14 12:15:43 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:128.143.22.0/255.255.255.0:Disabled:@xpsp2res.dll,-22002
"500:UDP"= 500:UDP:128.143.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,192.35.0.0/255.255.0.0,198.32.44.0/255.255.255.0,198.32.48.0/255.255.255.0,199.111.0.0/255.255.0.0:Enabled:CiscoVPN(ISAKMP)
"62515:UDP"= 62515:UDP:128.143.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,192.35.0.0/255.255.0.0,198.32.44.0/255.255.255.0,198.32.48.0/255.255.255.0,199.111.0.0/255.255.0.0:Enabled:CiscoVPN
"38293:UDP"= 38293:UDP:128.143.0.0/255.255.0.0,137.54.0.0/255.255.0.0,172.16.0.0/255.255.0.0,172.25.0.0/255.255.0.0,172.26.0.0/255.255.0.0,192.35.0.0/255.255.0.0,199.111.0.0/255.255.0.0:Enabled:SymantecManagedAVUDP38293

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)

R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 23:26]
S3 2689541e-5878-467b-a800-a39ece16023b;2689541e-5878-467b-a800-a39ece16023b;D:\CDS300\cds300.dll []
.
Contents of the 'Scheduled Tasks' folder

2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-25 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]

2008-08-18 C:\WINDOWS\Tasks\wrSpySweeper20060604145840.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2005-08-03 01:47]
.
- - - - ORPHANS REMOVED - - - -

SSODL-dbapi-{60419F4E-6F19-36F2-40D0-00AFC0C0C125} - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 09:12:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysAppSwPrv]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilteraspnet_state]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationSENS]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc2B.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMSCardSvr]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NICCONFIGSVCPACSPTISVR]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaBITS]
"ImagePath"="8Û\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlCryptSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PmlSamSs]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasManWmiApSrv]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitorlanmanworkstation]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvrNetDDE]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvRemoteRegistry]
"ImagePath"="đ%€|x\01\09 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\BAsfIpM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2008-08-25 9:22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 13:22:18
ComboFix2.txt 2008-08-24 18:46:27

Pre-Run: 24,894,775,296 bytes free
Post-Run: 24,819,408,896 bytes free

297 --- E O F --- 2008-08-14 13:15:02


And here is the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:33 AM, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/uvalib/support/...s/ebraryRdr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us//h...ALStreaming.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111505473406
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = virginia.edu
O17 - HKLM\Software\..\Telephony: DomainName = virginia.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = virginia.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = virginia.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = virginia.edu
O18 - Protocol: bw+0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: offline-8876480 - {6078B240-F6FD-4FE2-8AF2-807D3743901D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: dbapi - {60419F4E-6F19-36F2-40D0-00AFC0C0C125} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM+ System Application COMSysAppSwPrv (COMSysAppSwPrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTTP SSL HTTPFilteraspnet_state (HTTPFilteraspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Workstation lanmanworkstationSENS (lanmanworkstationSENS) - Unknown owner - C:\WINDOWS\
O23 - Service: Machine Debug Manager MDMSCardSvr (MDMSCardSvr) - Unknown owner - C:\WINDOWS\
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICCONFIGSVC NICCONFIGSVCPACSPTISVR (NICCONFIGSVCPACSPTISVR) - Unknown owner - C:\WINDOWS\
O23 - Service: Network Location Awareness (NLA) NlaBITS (NlaBITS) - Unknown owner - 8Û .exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pml Driver HPZ12 PmlCryptSvc (PmlCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Pml Driver HPZ12 PmlSamSs (PmlSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Remote Access Connection Manager RasManWmiApSrv (RasManWmiApSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Spectrum24 Event Monitor S24EventMonitorlanmanworkstation (S24EventMonitorlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card SCardSvrNetDDE (SCardSvrNetDDE) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Telephony TapiSrvRemoteRegistry (TapiSrvRemoteRegistry) - Unknown owner - C:\WINDOWS\
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 23994 bytes

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 25 August 2008 - 06:34 PM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 spinblackscircle

spinblackscircle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 25 August 2008 - 07:22 PM

Here is the Malwarebytes' report. There was no problem in removing anything:

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2

8:03:52 PM 8/25/2008
mbam-log-08-25-2008 (20-03-52).txt

Scan type: Quick Scan
Objects scanned: 53019
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.

Edited by spinblackscircle, 25 August 2008 - 07:23 PM.


#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 25 August 2008 - 09:38 PM

Everything looks good how are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 spinblackscircle

spinblackscircle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 25 August 2008 - 11:53 PM

Everything looks good how are things running?


Perfect! So far, it looks like the problem is gone, and I'm not being redirected anywhere. With all of those anti-virus programs that I used, I feel like I've thoroughly scrubbed my computer. :thumbsup: I cannot thank you enough for the help.

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:46 PM

Posted 26 August 2008 - 09:51 AM

Great let's see one more Hijackthis log and we will wrap it up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users