Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus


  • Please log in to reply
15 replies to this topic

#1 MrWutItDew

MrWutItDew

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 29 December 2006 - 08:48 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:46:14 AM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\mssvchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Windows\system32\Dap\smss.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Windows\system32\Dap\Dap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 29 December 2006 - 11:49 AM

Add remove programs - remove logitech desktop messenger

=================

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


===================

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 29 December 2006 - 09:06 PM

HP_Owner - 06-12-29 20:00:51.20
ComboFix 06.08.30BT - Running from: C:\Program Files

((((((((((((((((((((((((((((((( Files Created from 2006-11-29 to 2006-12-29 ))))))))))))))))))))))))))))))))))


2006-12-29 19:08 175,104 --a------ C:\onoes.exe
2006-12-28 23:51 0 ---hs---- C:\WINDOWS\system32\tasklist.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-29 07:46 -------- d-------- C:\Program Files\HijackThis
2006-12-26 15:37 -------- d-------- C:\Program Files\Yahoo! Games
2006-12-26 15:36 -------- d-------- C:\Program Files\Flip Words
2006-12-26 13:01 -------- d-------- C:\Program Files\Filetopia3
2006-12-21 20:58 -------- d-------- C:\Program Files\LimeWire
2006-12-18 12:53 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-15 19:52 -------- d-------- C:\Program Files\GameHouse
2006-12-14 00:02 -------- d-------- C:\Program Files\SumTotal
2006-12-13 00:55 -------- d-------- C:\Program Files\ReflexiveArcade
2006-12-11 10:01 -------- d-------- C:\Program Files\Windows Media Player
2006-12-11 09:31 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-09 01:23 -------- d-------- C:\Program Files\Spyware Doctor
2006-12-05 18:50 -------- d-------- C:\Program Files\QuickTime
2006-11-25 13:49 556 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-16 09:43 302352 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2006-10-11 22:41 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-04 21:16 4 --ah----- C:\WINDOWS\uccspecb.sys
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-02 09:22 298542 --a------ C:\Program Files\combofix.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\sasojyg.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\NetMeeting\\quqegodod.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6c,02,00,00,f4,01,00,00,91,02,00,00,ea,01,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ba,04,41,c0,b4,74,50,07,48,05,68,de,ba,04,20,6d,\
ba,04,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6d,02,00,00,0a,00,00,00,92,02,00,00,e7,01,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,23,00,00,00,c2,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,c0,99,50,06,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\4]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,02,00,00,00,0a,00,00,00,69,02,00,00,e6,01,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,6d,01,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,40,c2,af,02,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\5]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,d1,ff,ff,ff,93,01,00,00,66,02,00,00,ea,01,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ad,06,41,c0,b4,74,40,c2,af,02,68,de,ad,06,20,6d,\
ad,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\6]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e0,03,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0B\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL Companion.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOLCOM~1\\COMPAN~1.EXE /s"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^mboty.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mboty.exe"
"backup"="C:\\WINDOWS\\pss\\mboty.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mboty.exe"
"item"="mboty"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ad8rIU3s]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cvn0"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\cvn0.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BellSouthAlertManager.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BellSouthAlertManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\BellSouth\\Alert Manager\\BellSouthAlertManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_9"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DigidesignMMERefresh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMERefresh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ifqd59c0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w1180175.dll,n 002d59be000000031180175"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_9"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="\\Program\\"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\masqform.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="masqform"
"hkey"="HKLM"
"command"="C:\\Program Files\\PureEdge\\Viewer 6.0\\masqform.exe -UpdateCurrentUser"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcregwiz"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaLifeService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaLifeService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ms05765249179]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ms05765249179"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ms05765249179.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mukr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mukrm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\mukr\\mukrm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_9"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pinlt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttdsss"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ttdsss.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\psjbadmA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="psjbadmA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\psjbadmA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hcenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tlhksq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttdsss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ttdsss.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\w118371b.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w118371b.dll,I2 002d59be0118371b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winlog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlog"
"hkey"="HKLM"
"command"="winlog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdate"
"hkey"="HKLM"
"command"="C:\\Program Files\\winupdate\\winupdate.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Checkpoint.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 06-12-29 20:01:21.75
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
Logfile of HijackThis v1.99.1
Scan saved at 20:02, on 06-12-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\smss.exe
C:\WINDOWS\system32\svchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\Dap.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 30 December 2006 - 10:28 AM

You only did one part of my instructions - go back and do it all
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,749 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:51 PM

Posted 08 January 2007 - 07:33 AM

Please refrain from asking for help from other members or staff in your other thread outisde this forum until the HJT Team has finished helping you with your posted log. The HJT Team work very hard to investigate and develop a unique solution to your problem. Just like your computer is different from every other computer, the solution will be tailored to the problems associated with your computer as you receive individual expert assistance. This takes time and effort. The staff here are all professionals and they volunteer their time to help.

Following advice outside of this post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

Edited by quietman7, 08 January 2007 - 12:38 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 08 January 2007 - 10:49 AM

No problem at all I didn't know the process was long, that's all. Thank you

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 08 January 2007 - 01:18 PM

Do all the steps in post #2
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 09 January 2007 - 01:17 AM

HP_Owner - 07-01-09 0:14:30.04
ComboFix 06.08.30BT - Running from: C:\Program Files

((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


2006-12-29 19:08 175,104 --a------ C:\onoes.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-08 09:52 -------- d-------- C:\Program Files\HijackThis
2007-01-08 09:51 -------- d-------- C:\Program Files\LimeWire
2007-01-04 13:15 556 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-01-02 20:48 -------- d-------- C:\Program Files\Filetopia3
2006-12-29 20:47 -------- d-------- C:\Program Files\Yahoo! Games
2006-12-26 15:36 -------- d-------- C:\Program Files\Flip Words
2006-12-15 19:52 -------- d-------- C:\Program Files\GameHouse
2006-12-14 00:02 -------- d-------- C:\Program Files\SumTotal
2006-12-13 00:55 -------- d-------- C:\Program Files\ReflexiveArcade
2006-12-11 10:01 -------- d-------- C:\Program Files\Windows Media Player
2006-12-11 09:31 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-09 01:23 -------- d-------- C:\Program Files\Spyware Doctor
2006-12-05 18:50 -------- d-------- C:\Program Files\QuickTime
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-16 09:43 302352 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2006-10-11 22:41 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ms04976524917"="C:\\!KillBox\\ms04976524917.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\sasojyg.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\NetMeeting\\quqegodod.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6c,02,00,00,f4,01,00,00,91,02,00,00,ea,01,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ba,04,41,c0,b4,74,50,07,48,05,68,de,ba,04,20,6d,\
ba,04,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6d,02,00,00,0a,00,00,00,92,02,00,00,e7,01,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,23,00,00,00,c2,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,c0,99,50,06,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\4]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,02,00,00,00,0a,00,00,00,69,02,00,00,e6,01,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,6d,01,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,40,c2,af,02,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\5]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,d1,ff,ff,ff,93,01,00,00,66,02,00,00,ea,01,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ad,06,41,c0,b4,74,40,c2,af,02,68,de,ad,06,20,6d,\
ad,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\6]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e0,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0B\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL Companion.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOLCOM~1\\COMPAN~1.EXE /s"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^mboty.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mboty.exe"
"backup"="C:\\WINDOWS\\pss\\mboty.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mboty.exe"
"item"="mboty"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ad8rIU3s]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cvn0"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\cvn0.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BellSouthAlertManager.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BellSouthAlertManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\BellSouth\\Alert Manager\\BellSouthAlertManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_9"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DigidesignMMERefresh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMERefresh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ifqd59c0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w1180175.dll,n 002d59be000000031180175"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_9"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="\\Program\\"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\masqform.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="masqform"
"hkey"="HKLM"
"command"="C:\\Program Files\\PureEdge\\Viewer 6.0\\masqform.exe -UpdateCurrentUser"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcregwiz"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaLifeService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaLifeService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ms05765249179]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ms05765249179"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ms05765249179.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mukr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mukrm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\mukr\\mukrm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MySpaceIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MySpaceIM"
"hkey"="HKCU"
"command"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_9"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\pinlt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttdsss"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ttdsss.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\psjbadmA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="psjbadmA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\psjbadmA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Pure Networks Port Magic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PortAOL"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tgcmd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hcenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Support.com\\BellSouth\\hcenter.exe\" /starthidden /tgcmdwrapper"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\tlhksq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttdsss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ttdsss.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\w118371b.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w118371b.dll,I2 002d59be0118371b"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winlog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlog"
"hkey"="HKLM"
"command"="winlog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\winupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winupdate"
"hkey"="HKLM"
"command"="C:\\Program Files\\winupdate\\winupdate.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled Checkpoint.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: 07-01-09 0:15:19.01
ComboFix.txt
ComboFix2.txt
ComboFix3.txt



Logfile of HijackThis v1.99.1
Scan saved at 00:16, on 07-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\smss.exe
C:\WINDOWS\system32\svchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Windows\system32\Dap\Dap.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\!KillBox\Duce6.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\!KillBox\ms04976524917.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms04976524917] C:\!KillBox\ms04976524917.exe
O4 - HKLM\..\Run: [TheMonitor] C:\!KillBox\Duce6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\P

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 09 January 2007 - 09:59 AM

You have not done all of what I posted until you do we cannot proceed
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 09 January 2007 - 10:08 AM

I'll make sure to get on it this afternoon I didn't finish the spyware program

#11 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 09 January 2007 - 08:37 PM

SUPERAntiSpyware Scan Log
Generated 01/09/2007 at 07:25 PM

Application Version : 3.4.1000

Core Rules Database Version : 3161
Trace Rules Database Version: 1173

Scan type : Complete Scan
Total Scan Time : 01:07:25

Memory items scanned : 380
Memory threats detected : 0
Registry items scanned : 6887
Registry threats detected : 5
File items scanned : 110979
File threats detected : 24

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{C504AC44-5A14-4099-A39C-453944B5624A}
HKCR\CLSID\{C504AC44-5A14-4099-A39C-453944B5624A}
HKCR\CLSID\{C504AC44-5A14-4099-A39C-453944B5624A}
HKCR\CLSID\{C504AC44-5A14-4099-A39C-453944B5624A}\InProcServer32
HKCR\CLSID\{C504AC44-5A14-4099-A39C-453944B5624A}\InProcServer32#ThreadingModel
C:\PROGRAM FILES\MOVIE MAKER\QULOVENOJ.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131068.DLL

Adware.Unknown Origin
C:\!KILLBOX\QUQEGODOD.HTML
C:\!KILLBOX\SASOJYG.HTML

Trojan.Downloader-Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP513\A0126906.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131080.EXE

Adware.webHancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP514\A0130923.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP514\A0130924.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP514\A0130925.DLL

Trojan.Downloader-PMTLauncher
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131062.EXE

Trojan.Downloader-VisFX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131063.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131064.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131065.INI

Adware.Context/Keyword
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131066.EXE

Adware.SysMon
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131067.EXE

Trojan.URLBrowserNew
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131069.EXE

Trojan.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131070.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131071.DLL

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131072.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131073.DLL

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131074.DLL

Trojan.WinFixer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131075.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131076.DLL

Trojan.YourEnhancement
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP515\A0131079.EXE




Logfile of HijackThis v1.99.1
Scan saved at 19:34, on 07-01-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\smss.exe
C:\WINDOWS\system32\svchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\Dap.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe



HP_Owner - 07-01-09 18:09:27.64
ComboFix 06.08.30BT - Running from: C:\Program Files

((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


2006-12-29 19:08 175,104 --a------ C:\onoes.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-09 00:38 -------- d-------- C:\Program Files\Common Files
2007-01-09 00:24 -------- d-------- C:\Program Files\NetMeeting
2007-01-09 00:22 -------- d-------- C:\Program Files\SUPERAntiSpyware
2007-01-09 00:19 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2007-01-09 00:18 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-09 00:16 -------- d-------- C:\Program Files\HijackThis
2007-01-08 09:51 -------- d-------- C:\Program Files\LimeWire
2007-01-04 13:15 556 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-01-02 20:48 -------- d-------- C:\Program Files\Filetopia3
2006-12-29 20:47 -------- d-------- C:\Program Files\Yahoo! Games
2006-12-26 15:36 -------- d-------- C:\Program Files\Flip Words
2006-12-18 12:53 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-15 19:52 -------- d-------- C:\Program Files\GameHouse
2006-12-14 00:02 -------- d-------- C:\Program Files\SumTotal
2006-12-13 00:55 -------- d-------- C:\Program Files\ReflexiveArcade
2006-12-11 10:01 -------- d-------- C:\Program Files\Windows Media Player
2006-12-11 09:31 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-05 18:50 -------- d-------- C:\Program Files\QuickTime
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-16 09:43 302352 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2006-10-11 22:41 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\ComPlus Applications\\sasojyg.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\NetMeeting\\quqegodod.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/25-D4737.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6c,02,00,00,f4,01,00,00,91,02,00,00,ea,01,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,d2,03,00,00,6d,01,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ba,04,41,c0,b4,74,50,07,48,05,68,de,ba,04,20,6d,\
ba,04,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/05-D3852.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6d,02,00,00,0a,00,00,00,92,02,00,00,e7,01,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,23,00,00,00,c2,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,c0,99,50,06,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\4]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/03-D3993.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,02,00,00,00,0a,00,00,00,69,02,00,00,e6,01,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,92,02,00,00,6d,01,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ef,06,41,c0,b4,74,40,c2,af,02,68,de,ef,06,20,6d,\
ef,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\5]
"Source"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"SubscribedURL"="http://www.neworleanssaints.com/photos/gallery/2006%20June%20Mini%20Camp/01-D5107.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,d1,ff,ff,ff,93,01,00,00,66,02,00,00,ea,01,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:00000001
"OriginalStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,2c,01,00,00,c2,01,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,ad,06,41,c0,b4,74,40,c2,af,02,68,de,ad,06,20,6d,\
ad,06,65,87,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\6]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e0,03,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0B\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AOL Companion.lnk"
"backup"="C:\\WINDOWS\\pss\\AOL Companion.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AOLCOM~1\\COMPAN~1.EXE /s"
"item"="AOL Companion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\SetPoint\\SetPoint.exe "
"item"="Logitech SetPoint"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^mboty.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mboty.exe"
"backup"="C:\\WINDOWS\\pss\\mboty.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\mboty.exe"
"item"="mboty"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\HP_Owner\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ad8rIU3s]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cvn0"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\cvn0.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BellSouthAlertManager.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BellSouthAlertManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\BellSouth\\Alert Manager\\BellSouthAlertManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_9"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DigidesignMMERefresh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMERefresh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Digidesign\\Drivers\\MMERefresh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1139729396\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ifqd59c0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w1180175.dll,n 002d59be000000031180175"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_9"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_9.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="\\Program\\"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\masqform.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="masqform"
"hkey"="HKLM"
"command"="C:\\Program Files\\PureEdge\\Viewer 6.0\\masqform.exe -UpdateCurrentUser"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\McRegWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcregwiz"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaLifeService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaLifeService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mm_tray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg&

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 10 January 2007 - 10:12 AM

You have not done this

Add remove programs - remove logitech desktop messenger

=====================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk572YYUS

O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
===========================

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

FireDaemon Service: Secure

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Repeat for - FireDaemon Service: smss - FireDaemon Service: WindowsUpdate
============================
DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

c:\Windows\system32\Dap\\mssvchost.exe
C:\onoes.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 10 January 2007 - 10:17 PM

Which log am I to send on a post. HiJack this! or combofix

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 11 January 2007 - 08:47 AM

hijack
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 MrWutItDew

MrWutItDew
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lafayette
  • Local time:04:51 PM

Posted 14 January 2007 - 01:51 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:48, on 07-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1139729396\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4056/ftp...302/Coupons.cab
O18 - Protocol: bw+0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {3E72FE1B-0FD3-45CE-A0F4-472A33972BC0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users