Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows won't fully load. Malware suspected. PLEASE HELP!!


  • This topic is locked This topic is locked
12 replies to this topic

#1 Jesusc500

Jesusc500

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:04 AM

Posted 09 July 2009 - 08:47 PM

Good Day,
My pc recently has been giving me the blue screen of death and forcing my computer to restart. Once I start loading Windows again, I am caught in an endless loop of windows rebooting over and over. When I am able to get to my desktop, I will eventually get a blue screen, followed by a forced restart. This is true in safe mode and normal.

I have posted my hijack this log. Please help! Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:01 PM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Eric\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://l.yimg.com/jh/games/web_games/gameh...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15106/CTPID.cab
O18 - Protocol: bw+0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 23540 bytes

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 18 July 2009 - 12:26 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 23 July 2009 - 12:00 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 23 July 2009 - 06:16 PM

Reopened at OP's request.

Please follow my last instructions and post back with the logs

Edited by syler, 23 July 2009 - 06:16 PM.

unite.jpg


#5 Jesusc500

Jesusc500
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:04 AM

Posted 23 July 2009 - 11:22 PM

Sorry about the late post.

I was only given one log after running RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Eric at 2009-07-23 23:19:22
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 88 GB (88%) free of 100 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:24 PM, on 7/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eric\Desktop\RSIT.exe
C:\Documents and Settings\Eric\Desktop\Eric.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\valve\steam\steam.exe" -silent
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://l.yimg.com/jh/games/web_games/gameh...outLauncher.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15106/CTPID.cab
O18 - Protocol: bw+0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7D54B9B3-C20B-411C-951C-37C4E9C8F59D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 22133 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Eric.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11222041-111B-46E3-BD29-EFB2449479B1}]
IEPlugin Class - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL [2008-12-24 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-30 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]
"CTDVDDET"=C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-09-16 52848]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-03 61440]
"UMonit"=C:\WINDOWS\system32\umonit.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-30 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-10 195072]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2008-01-04 202024]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"Steam"=d:\valve\steam\steam.exe [2009-06-11 1217784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless Client Utility.lnk - C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Philips GoGear VIBE Device Manager.lnk - C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-03 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-02-28 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"="D:\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Battlefield 2\BF2.exe"="D:\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"D:\Giants\Giants.exe"="D:\Giants\Giants.exe:*:Disabled:Giants"
"D:\Temp\Second Life\SecondLife\SLVoice.exe"="D:\Temp\Second Life\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"D:\Temp2\Second Life\SecondLife\SLVoice.exe"="D:\Temp2\Second Life\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"D:\Valve\Steam\SteamApps\eriadys\zombie panic! source\hl2.exe"="D:\Valve\Steam\SteamApps\eriadys\zombie panic! source\hl2.exe:*:Enabled:hl2"
"D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe"="D:\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-enUS-downloader.exe:*:Enabled:Blizzard Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-07-23 17:50:46 ----D---- C:\rsit
2009-07-21 16:45:38 ----D---- C:\Documents and Settings\Eric\Application Data\GetRightToGo
2009-07-21 03:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-21 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-21 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-21 03:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-21 03:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-21 03:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-21 03:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-21 03:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-21 03:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-21 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-21 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-21 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-21 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-21 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-21 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-07-21 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-21 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-21 03:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-07-21 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-21 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-21 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-21 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-21 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-21 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-21 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-21 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-21 03:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-21 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-21 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-21 03:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-21 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-21 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-21 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-21 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-21 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-07-21 03:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-21 00:35:35 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-07-21 00:35:31 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-07-21 00:35:31 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-07-21 00:35:31 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-07-21 00:35:31 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-07-21 00:35:15 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-07-21 00:14:34 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-20 23:31:06 ----D---- C:\Avenger
2009-07-20 23:31:06 ----A---- C:\avenger.txt
2009-07-20 23:01:22 ----D---- C:\Documents and Settings\Eric\Application Data\Malwarebytes
2009-07-20 23:01:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 23:01:17 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-20 22:28:32 ----D---- C:\WINDOWS\Prefetch
2009-07-20 22:24:22 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-07-20 22:23:34 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-20 22:23:23 ----HD---- C:\Program Files\WindowsUpdate
2009-07-20 22:22:28 ----D---- C:\Program Files\ComPlus Applications
2009-07-20 22:15:55 ----RA---- C:\WINDOWS\SET7A.tmp
2009-07-20 22:15:47 ----RA---- C:\WINDOWS\SET47.tmp
2009-07-20 22:15:44 ----RA---- C:\WINDOWS\SET3B.tmp
2009-07-20 22:15:43 ----RA---- C:\WINDOWS\SET38.tmp
2009-07-13 20:51:37 ----D---- C:\Program Files\Common Files\ODBC
2009-07-13 20:51:31 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-13 20:51:30 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-13 20:51:14 ----RA---- C:\WINDOWS\SETBF.tmp
2009-07-13 20:51:05 ----RA---- C:\WINDOWS\SET8C.tmp
2009-07-13 20:51:02 ----RA---- C:\WINDOWS\SET80.tmp
2009-07-13 20:51:01 ----RA---- C:\WINDOWS\SET7D.tmp
2009-07-13 15:43:36 ----D---- C:\WINDOWS\system32\export
2009-07-13 13:49:46 ----SHD---- C:\found.002
2009-07-12 15:49:03 ----D---- C:\Temperature
2009-07-09 20:29:37 ----D---- C:\Program Files\WIDCOMM
2009-07-09 09:34:09 ----SHD---- C:\found.001
2009-07-09 06:31:17 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-09 03:12:04 ----SHD---- C:\found.000
2009-07-08 21:11:05 ----D---- C:\Program Files\WIDCOMM(2)
2009-07-08 21:11:01 ----SHD---- C:\Config.Msi
2009-07-06 16:36:17 ----D---- C:\Documents and Settings\Eric\Application Data\Apple Computer
2009-06-30 18:07:05 ----D---- C:\Documents and Settings\Eric\Application Data\WinRAR
2009-06-30 18:06:46 ----D---- C:\Program Files\WinRAR
2009-06-20 22:56:03 ----HD---- C:\WINDOWS\ShellNew
2009-06-20 22:56:01 ----D---- C:\Program Files\Microsoft Office
2009-05-18 21:16:32 ----D---- C:\Program Files\Virtual Earth 3D
2009-05-18 21:14:29 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-14 12:34:23 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2009-05-09 17:46:18 ----D---- C:\Documents and Settings\Eric\Application Data\ArcSoft
2009-05-09 17:46:06 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2009-05-09 17:45:55 ----D---- C:\Program Files\Common Files\ArcSoft
2009-05-09 17:45:55 ----D---- C:\Program Files\ArcSoft
2009-05-09 17:45:55 ----A---- C:\WINDOWS\system32\unicows.dll
2009-05-09 17:44:20 ----D---- C:\Program Files\Philips
2009-05-06 20:52:50 ----D---- C:\WINDOWS\Minidump
2009-05-05 20:44:33 ----D---- C:\WINDOWS\system32\Adobe

======List of files/folders modified in the last 3 months======

2009-07-23 23:17:01 ----D---- C:\Program Files\Mozilla Firefox
2009-07-23 23:16:26 ----D---- C:\WINDOWS\Temp
2009-07-23 23:15:54 ----D---- C:\WINDOWS
2009-07-23 22:44:57 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-21 23:11:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-21 16:40:52 ----N---- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000004-10021102}.BAK
2009-07-21 03:14:49 ----D---- C:\WINDOWS\system32
2009-07-21 03:14:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-21 03:10:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-21 03:10:34 ----D---- C:\WINDOWS\system32\wbem
2009-07-21 03:10:33 ----D---- C:\WINDOWS\AppPatch
2009-07-21 03:09:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-21 03:09:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-21 03:04:27 ----HD---- C:\WINDOWS\inf
2009-07-21 03:04:26 ----D---- C:\WINDOWS\system32\drivers
2009-07-21 03:04:23 ----A---- C:\WINDOWS\imsins.BAK
2009-07-21 03:04:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-21 03:03:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-21 03:03:07 ----D---- C:\Program Files\Internet Explorer
2009-07-21 03:02:54 ----D---- C:\WINDOWS\WinSxS
2009-07-21 00:40:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-21 00:36:19 ----SHD---- C:\WINDOWS\Installer
2009-07-21 00:35:32 ----D---- C:\Program Files\Common Files\Logishrd
2009-07-21 00:07:37 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-20 23:30:27 ----D---- C:\WINDOWS\security
2009-07-20 23:24:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-20 23:01:17 ----RD---- C:\Program Files
2009-07-20 22:46:17 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-20 22:46:16 ----D---- C:\WINDOWS\Help
2009-07-20 22:44:07 ----A---- C:\WINDOWS\setuplog.txt
2009-07-20 22:44:04 ----A---- C:\WINDOWS\system32\wpa.bak
2009-07-20 22:31:51 ----D---- C:\WINDOWS\Registration
2009-07-20 22:29:27 ----SHD---- C:\System Volume Information
2009-07-20 22:29:27 ----D---- C:\WINDOWS\system32\Restore
2009-07-20 22:28:02 ----D---- C:\WINDOWS\system32\config
2009-07-20 22:24:15 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-20 22:24:10 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-20 22:23:35 ----RD---- C:\WINDOWS\Web
2009-07-20 22:23:30 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-20 22:23:20 ----A---- C:\WINDOWS\win.ini
2009-07-20 22:23:17 ----D---- C:\WINDOWS\system32\oobe
2009-07-20 22:23:14 ----D---- C:\WINDOWS\srchasst
2009-07-20 22:23:12 ----D---- C:\Program Files\Windows Media Player
2009-07-20 22:23:06 ----D---- C:\Program Files\Movie Maker
2009-07-20 22:22:58 ----D---- C:\Program Files\NetMeeting
2009-07-20 22:22:54 ----D---- C:\Program Files\Outlook Express
2009-07-20 22:22:54 ----D---- C:\Program Files\Common Files\System
2009-07-20 22:22:37 ----D---- C:\WINDOWS\system32\Com
2009-07-20 22:21:51 ----D---- C:\Program Files\Windows NT
2009-07-20 22:21:09 ----SH---- C:\boot.ini
2009-07-20 22:16:10 ----A---- C:\WINDOWS\system.ini
2009-07-20 22:16:00 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-13 20:51:37 ----D---- C:\Program Files\Common Files
2009-07-13 20:51:30 ----D---- C:\WINDOWS\system
2009-07-13 15:48:46 ----D---- C:\WINDOWS\system32\Setup
2009-07-13 15:48:39 ----D---- C:\WINDOWS\system32\usmt
2009-07-13 15:48:29 ----D---- C:\WINDOWS\ime
2009-07-13 15:48:28 ----RSD---- C:\WINDOWS\Fonts
2009-07-13 15:48:27 ----D---- C:\WINDOWS\Media
2009-07-13 15:48:19 ----D---- C:\WINDOWS\PeerNet
2009-07-13 15:48:08 ----D---- C:\WINDOWS\system32\npp
2009-07-13 15:48:03 ----D---- C:\WINDOWS\msagent
2009-07-13 15:45:30 ----D---- C:\WINDOWS\twain_32
2009-07-13 15:44:53 ----D---- C:\WINDOWS\system32\icsxml
2009-07-13 15:44:31 ----D---- C:\WINDOWS\system32\ias
2009-07-13 15:44:28 ----D---- C:\WINDOWS\system32\1033
2009-07-13 15:43:36 ----D---- C:\WINDOWS\Driver Cache
2009-07-10 20:14:15 ----A---- C:\WINDOWS\DUMP89a2.tmp
2009-07-10 20:07:26 ----A---- C:\WINDOWS\DUMP3057.tmp
2009-07-09 23:17:27 ----D---- C:\Program Files\Yahoo! Games
2009-07-09 23:16:53 ----D---- C:\Program Files\Common Files\AVSMedia
2009-07-09 23:16:52 ----D---- C:\Program Files\AVS4YOU
2009-07-09 21:01:20 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-09 21:01:06 ----D---- C:\WINDOWS\system32\en-us
2009-07-09 21:01:05 ----D---- C:\Program Files\Windows Desktop Search
2009-07-09 21:00:17 ----D---- C:\Documents and Settings\Eric\Application Data\Logitech
2009-07-09 20:30:13 ----D---- C:\WINDOWS\system32\DirectX
2009-07-09 06:31:39 ----D---- C:\Documents and Settings
2009-07-09 03:36:21 ----A---- C:\WINDOWS\DUMP2c7e.tmp
2009-07-08 21:14:12 ----D---- C:\Program Files\Logitech
2009-07-08 07:50:57 ----A---- C:\WINDOWS\DUMP3855.tmp
2009-07-07 00:40:06 ----SD---- C:\Documents and Settings\Eric\Application Data\Microsoft
2009-06-30 18:24:08 ----RSD---- C:\WINDOWS\assembly
2009-06-21 00:28:32 ----D---- C:\Documents and Settings\Eric\Application Data\SecondLife
2009-06-20 22:56:47 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-16 09:55:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:55:16 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 03:00:31 ----D---- C:\WINDOWS\ie7updates
2009-06-03 14:27:58 ----A---- C:\WINDOWS\system32\quartz.dll
2009-06-01 11:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-18 21:39:46 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-12 20:53:26 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2009-05-12 15:12:14 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-05-12 15:12:14 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-05-09 17:46:26 ----D---- C:\Temp
2009-05-07 10:44:00 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-05 20:45:10 ----D---- C:\Documents and Settings\Eric\Application Data\Macromedia
2009-05-05 20:45:10 ----D---- C:\Documents and Settings\Eric\Application Data\Adobe
2009-05-05 20:45:09 ----D---- C:\WINDOWS\system32\Macromed
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-28 23:55:58 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-28 23:55:57 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-28 23:55:56 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-28 23:52:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-28 23:52:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-28 23:52:42 ----A---- C:\WINDOWS\system32\browseui.dll
2009-04-28 23:52:41 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-04-28 23:52:41 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-28 23:52:41 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-28 23:52:40 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-28 23:52:40 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-04-28 23:52:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-28 23:52:39 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\inseng.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-28 23:52:38 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-28 23:52:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-04-28 23:52:36 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-04-28 04:05:56 ----A---- C:\WINDOWS\system32\ieudinit.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-18 10384]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-02-28 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-08-17 328285]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-08-17 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-08-17 851642]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-08-17 45747]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-08-17 65784]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2008-07-07 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2008-07-07 18840]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2008-07-07 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2008-07-07 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2008-07-07 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2008-07-07 797720]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2008-07-07 162840]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090610.002\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090610.002\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-02-28 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]
R3 RT73;Belkin Wireless G Plus MIMO USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-09-06 347776]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090717.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2005-10-05 18167]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2008-07-07 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\WINDOWS\System32\Drivers\frmupgr.sys [2007-01-03 27536]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys []
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-09-05 56064]
S3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-09-05 27136]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-09-05 71936]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187.sys []
S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2006-02-28 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2005-10-05 47104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-03 602112]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-08-18 266295]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-09-16 192112]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2007-09-13 202088]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-09-16 169584]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-30 152984]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-03-13 1251720]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-04 382248]
R3 NSCService;Norton Protection Center Service; c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-03 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; c:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-01-16 72328]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 comHost;COM Host; c:\Program Files\Norton Internet Security\comHost.exe [2007-01-16 45696]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 SAVScan;Symantec AVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 2

7/20/2009 11:24:45 PM
mbam-log-2009-07-20 (23-24-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 147282
Time elapsed: 22 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/WINDOWS/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\downloaded program files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\downloaded program files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 24 July 2009 - 08:52 AM

I see that you have used Avenger recently do you no how to use this tool or have you been receiving help somewhere else?
Please post the content of C:\avenger.txt

unite.jpg


#7 Jesusc500

Jesusc500
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:04 AM

Posted 24 July 2009 - 03:05 PM

The folder was empty

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 24 July 2009 - 03:08 PM

That is not a folder it's a file, can you answer my question aswell.

unite.jpg


#9 Jesusc500

Jesusc500
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:04 AM

Posted 24 July 2009 - 09:43 PM

Sorry.
I found it.

And no, I haven't received help from anyone else.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "c:\WINDOWS\downloaded program files\popcaploader.dll" not found!
Deletion of file "c:\WINDOWS\downloaded program files\popcaploader.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\WINDOWS\downloaded program files\popcaploader.dll" not found!
Deletion of file "c:\WINDOWS\downloaded program files\popcaploader.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/WINDOWS/downloaded program files/popcaploader.dll" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/WINDOWS/downloaded program files/popcaploader.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 25 July 2009 - 11:23 AM

Hi,

Can you tell me what problems you are currently having?


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#11 Jesusc500

Jesusc500
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:04 AM

Posted 25 July 2009 - 03:26 PM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-25 15:25:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 8A311C30 ZwAlertResumeThread
SSDT 8A312AB8 ZwAlertThread
SSDT 8A518CB8 ZwAllocateVirtualMemory
SSDT 8968FC10 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAD1E1020]
SSDT 8A366D00 ZwCreateMutant
SSDT 8964F860 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAD1E12A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAD1E1800]
SSDT 8A51EDF0 ZwFreeVirtualMemory
SSDT 8A30E4E0 ZwImpersonateAnonymousToken
SSDT 8A3115D8 ZwImpersonateThread
SSDT 8A31B6A0 ZwMapViewOfSection
SSDT 8A30D7D0 ZwOpenEvent
SSDT 8A3600A8 ZwOpenProcessToken
SSDT 8A375E18 ZwOpenThreadToken
SSDT 896885C0 ZwResumeThread
SSDT 8A313498 ZwSetContextThread
SSDT 8A3A4158 ZwSetInformationProcess
SSDT 8A379CE0 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAD1E1A50]
SSDT 8A309BA8 ZwSuspendProcess
SSDT 8A312DB0 ZwSuspendThread
SSDT 8A361248 ZwTerminateProcess
SSDT 8A313288 ZwTerminateThread
SSDT 8A31BA98 ZwUnmapViewOfSection
SSDT 8A51D008 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wscntfy.exe[2612] GDI32.dll!HT_Get8BPPMaskPalette + FFFC0F8B 77F13385 1 Byte [01]
.text C:\Program Files\Belkin\F5D9050\Belkinwcui.exe[2652] SHELL32.dll!SHGetShellStyleHInstance + 26D1 7CA96F65 1 Byte [8D]
.text C:\Program Files\Belkin\F5D9050\Belkinwcui.exe[2652] SHELL32.dll!SHGetShellStyleHInstance + 2759 7CA96FED 1 Byte [8D]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 25 July 2009 - 03:52 PM

Can you tell me what problems you are currently having?


How about this?

You don't have the latest service pack for windows, The service packs patch security vulnerabilities found in windows. You should
keep these upto date to keep you protected against malware, that can take advantage of these security vulnerabilities to attack
your system.The latest service pack is SP3, Click on Start >> All programs >> Windows update then select Express
and allow it to install all updates including SP3.
Note: If it prompts you to install an ActiveX control allow it to install it.


Then post back with a new Hijackthis log.

unite.jpg


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:04 AM

Posted 29 July 2009 - 07:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users