Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo has got me [Solved]

Started by walkngdude , Dec 14 2008 12:51 AM

  • This topic is locked This topic is locked

#1
walkngdude
Posted 14 December 2008 - 12:51 AM

walkngdude

    New Member

  • Member
  • Pip
  • 8 posts
Greetings!!
I belive I have the vundo Trojan. When it dropped onto my system Spybot popped up telling me changes to registry and system32 were being made and I tried to stop them but it dug into my system. Now I get the pop ups.

I have tried my usual spyware apps. Ad-Aware, Spybot, AVG and Norton. At one point Norton was detection so many .dll files with eight letters and every other a vowel in my system32 folder my PC nearly locked up from the Norton pop-ups.

I've run VirtumundoBegone and Vundofix, Rogueremover and whatever else I could find. I also have Windows Defender and SuperAntiSpyware.

The Symantec site wants me to disable system restore and work on the registry in safe mode and I was reading elsewhere to turn off winlogin and explorer in safe mode and go after it.

But I thought my best bet was to come here and see if you all can clean up this mess.

I did all the stuff in the "You must read this" post and almost thought we got it with Malwarebytes but Spybot showed a new entry in sys32 again and I got the same pop-ups.

Thanks for your help.

Here is my Hijackthis Log, Uninstall Manager Log and Malwarebytes Log. I can also post screenshots of any windows, menus and what ever from my desktop if that helps.

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:25 PM, on 12/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Promise\Utility\MsgSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\tpb\tpb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.253.151.209 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {0c890c44-7875-429a-9ed9-07cc2eba2c91} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CPMff6e9fc7] Rundll32.exe "c:\windows\system32\tezepugi.dll",a
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [tpb] C:\Program Files\tpb\tpb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKUS\S-1-5-19\..\Run: [sujotefuso] Rundll32.exe "C:\WINDOWS\system32\likehiko.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sujotefuso] Rundll32.exe "C:\WINDOWS\system32\likehiko.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Autorun Killer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://richardbeal.h.../SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://221.254.133.53:8001/kxhcm10.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132044576296
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159072917343
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://207.178.234.1...activex/AMC.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.com.../vmLauncher.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://192.168.0.253/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://justright2.vi...sCamControl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://216.70.11.13/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\jurunute.dll c:\windows\system32\nosifeya.dll c:\windows\system32\vokeloso.dll c:\windows\system32\tezepugi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 17261 bytes




Uninstall Manager Log:

3Planesoft Screensaver Manager 1.0
Active WebCam
Ad-Aware
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
AGEIA PhysX v7.07.24
Ancient Castle 3D Screensaver 1.1
AnyDVD
Apple Mobile Device Support
Apple Software Update
ASUS Enhanced Display Driver
ASUS Probe V2.21.07
ATI Display Driver (Omega 3.8.360)
Auto Gordian Knot 2.45
Autodesk DWF Viewer
AVG Anti-Spyware 7.5
Avi2Dvd 0.4.4 beta
AviSplit Classic Version 1.43
AviSynth 2.5
AXIS Media Control
AXIS Media Control Embedded
BitSpirit v3.1.0.077 Stable Release
Bonjour
BSPlayer
BUM
CC_ccStart
ccCommon
CDDRV_Installer
Client Activator 2.2 - English (2)
Client Activator 2.2 - English (All)
CloneCD
Crazy Machines II
Creative Audio Console
DAEMON Tools
dBpowerAMP Music Converter
DC++ 0.667
Discovery 3D Screensaver 1.1
DiveVisions
DivX Content Uploader
DivX Web Player
DivxToDVD 0.5.2
Drawing Hand Screen Saver
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.7.7
erLT
ERUNT 1.1j
Exact Audio Copy 0.95b3
Forté Agent
FriendlyNET
Galleon 3D Screensaver 1.3
Google Earth
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
iDEN Phonebook Manager
Image Resizer Powertoy for Windows XP
Indiana Jones and the Emperors Tomb
Intel® PRO Network Adapters and Drivers
Intel® PROSet
InterVideo WinDVD Creator
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Animation Shop 3
Jasc Animation Shop 3 20041030_07 Help file Patch
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 Patch
Java™ 6 Update 10
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
K-Lite Codec Pack 3.8.5 Full
KODAK EASYSHARE Gallery Upload ActiveX Control
LEGO Star Wars
LEGO Star Wars II
LEGO® Batman™
LEGO® Indiana Jones™
LEGO® Indiana Jones™ Demo
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech Gaming Software
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech QuickCam
Logitech SetPoint
Logitech Video Enumerator
Logitech® Camera Driver
LucasArts' X-Wing vs. TIE Fighter
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIRC
MobileMe Control Panel
Motorola Driver Installation
Motorola Phone Tools
Moyea FLV Downloader version 1.15.0.15
Moyea FLV Player version 1.5.2.7
Mp3 Tag Tools v1.2
MSN Music Assistant
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MultiRes (remove only)
MVision
Nature 3D Screensaver 1.1
Nautilus 3D Screensaver 1.2
Nero 6 Ultra Edition
Nero Digital
Nero Media Player
Nero PhotoShow Express
NeroMIX
NeroVision Express 2 Content
neroxml
Nikon Message Center
Norton AntiVirus
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton Password Manager
Norton SystemWorks 2004
Norton SystemWorks 2004 (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
OpenAL
PeerGuardian 2.0
Philips Intelligent Agent
Photodex Presenter
PictureProject
Promise Array Management
ProShow Gold
ProShow Producer
pvAuthor v3.3.1
pvPlayer 3
QuickPar 0.9
QuickSFV (Remove only)
QuickTime
QuickTime Alternative 1.72
Radeon Omega Drivers v3.8.360 Setup Files and Tools
Real Alternative 1.45
Riva FLV Player
Roxio Easy Media Creator 7 Basic VCD Edition
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
Sin Episodes 1: Emergence
Space Flight 3D Screensaver 1.3
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Star Wars Republic Commando
Steam
Stellarium 0.9.0
SUPERAntiSpyware Free Edition
Symantec Script Blocking Installer
SymNet
System Requirements Lab
TheaterTek DVD 2.0
Tomb Raider: Anniversary 1.0
Total Video Converter 2.603
TPB v1.3.1
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
VobSub v2.23 (Remove Only)
Winamp
Windows Defender
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)



Malwarebytes Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1498
Windows 5.1.2600 Service Pack 3

12/13/2008 8:06:54 PM
mbam-log-2008-12-13 (20-06-54).txt

Scan type: Quick Scan
Objects scanned: 60025
Time elapsed: 26 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fuhazepi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\bekehutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\relipasi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0c890c44-7875-429a-9ed9-07cc2eba2c91} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c890c44-7875-429a-9ed9-07cc2eba2c91} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c890c44-7875-429a-9ed9-07cc2eba2c91} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sujotefuso (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmff6e9fc7 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bekehutu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bekehutu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\relipasi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\relipasi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\relipasi.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\donikibi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibikinod.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jalezada.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adazelaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\munijuri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irujinum.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wotunivo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovinutow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\bekehutu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fuhazepi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\relipasi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dipagowe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gubitahu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pusogumu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rakowiti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wilubore.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hosts (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\error.log (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

Advertisements

#2
fenzodahl512
Posted 19 December 2008 - 03:00 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users and Use Whitelist boxes
  • In the File Age drop down box select 60 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#3
walkngdude
Posted 20 December 2008 - 12:30 PM

walkngdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Fenzodahl512 thanks for the help. Here are the logs you requested:


OTViewIt logfile created on: 12/20/2008 10:19:32 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.72 Mb Total Physical Memory | 369.42 Mb Available Physical Memory | 36.12% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;H:\pagefile.sys 3072 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 4.11 Gb Free Space | 5.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 61.47 Gb Total Space | 9.50 Gb Free Space | 15.45% Space Free | Partition Type: NTFS
Drive G: | 62.10 Gb Total Space | 2.27 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive H: | 62.73 Gb Total Space | 6.57 Gb Free Space | 10.48% Space Free | Partition Type: NTFS
Drive I: | 601.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 69.24 Gb Total Space | 15.25 Gb Free Space | 22.03% Space Free | Partition Type: NTFS
Drive K: | 698.63 Gb Total Space | 685.59 Gb Free Space | 98.13% Space Free | Partition Type: NTFS
Drive L: | 634.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 2.61 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive N: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive O: | 186.31 Gb Total Space | 20.10 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive P: | 7.58 Gb Total Space | 7.24 Gb Free Space | 95.49% Space Free | Partition Type: FAT32

Computer Name: ASUS
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2007/03/14 17:48:39 | 00,450,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2007/03/14 17:48:39 | 00,450,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/03/09 10:48:22 | 00,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[2006/03/09 10:47:58 | 00,255,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/03/09 10:47:52 | 00,071,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[2004/03/18 08:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
[2004/08/22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe
[2008/12/10 10:13:38 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2005/12/08 11:06:12 | 00,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
[2007/07/25 15:02:54 | 00,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/07/19 23:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2004/05/12 12:04:54 | 00,196,608 | ---- | M] () -- C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/12/09 08:33:59 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2004/01/08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/07/29 16:26:12 | 00,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2007/07/01 13:17:28 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/10/22 15:05:05 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2007/11/15 09:12:04 | 00,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2008/12/10 10:13:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/07/19 23:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2007/11/15 09:08:26 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
[2005/12/09 18:17:06 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[2004/04/23 10:04:16 | 00,158,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAPSVC.EXE
[2003/09/10 05:26:58 | 00,081,920 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
[2003/01/07 13:50:36 | 00,634,880 | ---- | M] (Promise Technology, Inc.) -- C:\Program Files\Promise\Utility\MsgAgt.exe
[2003/01/07 13:47:56 | 00,315,392 | ---- | M] (Promise Technology, Inc.) -- C:\Program Files\Promise\Utility\MsgSvr.exe
[2007/11/08 23:11:32 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe
[2003/09/10 04:59:32 | 00,176,193 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
[2005/11/15 20:11:40 | 00,585,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2004/09/22 17:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
[2007/07/19 23:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/07/25 15:02:32 | 00,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
[2005/01/25 21:48:50 | 00,194,272 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVSCAN.EXE
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/12/20 10:10:46 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/07/07 07:15:18 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2006/12/21 13:58:07 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/03/14 17:48:39 | 00,450,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2004/09/15 20:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2005/07/29 16:26:12 | 00,258,048 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
[2007/07/01 13:17:28 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/03/09 10:47:58 | 00,255,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])
[2006/03/09 10:48:08 | 00,087,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])
[2006/03/09 10:48:22 | 00,235,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2008/12/10 10:13:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/11/15 09:09:42 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
[2007/07/19 23:38:54 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
[2007/07/19 23:40:48 | 00,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/07/19 23:42:30 | 00,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
[2004/04/23 10:04:16 | 00,158,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAPSVC.EXE -- (navapsvc [Auto | Running])
[2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/09/10 05:26:58 | 00,081,920 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService [Auto | Running])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2003/01/07 13:50:36 | 00,634,880 | ---- | M] (Promise Technology, Inc.) -- C:\Program Files\Promise\Utility\MsgAgt.exe -- (RAIDmAgt [Auto | Running])
[2003/01/07 13:47:56 | 00,315,392 | ---- | M] (Promise Technology, Inc.) -- C:\Program Files\Promise\Utility\MsgSvr.exe -- (RAIDmSvr [Auto | Running])
[2005/01/25 21:48:50 | 00,194,272 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Running])
[2003/06/24 18:23:10 | 00,066,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService [Auto | Stopped])
[2007/11/08 23:11:32 | 00,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess [Auto | Running])
[2005/04/05 11:17:22 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
[2003/09/10 04:59:32 | 00,176,193 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service [Auto | Running])
[2005/11/15 20:11:40 | 00,585,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
[2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Running])
[2004/09/22 17:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services ==========

[2006/06/05 10:48:30 | 00,019,200 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[1997/04/22 10:16:00 | 00,006,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75 [Auto | Running])
[2005/06/09 13:10:58 | 00,023,040 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt [System | Running])
[2007/03/14 17:57:15 | 01,986,560 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2007/09/14 17:23:11 | 00,169,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW [On_Demand | Running])
[2004/08/03 20:29:30 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx [On_Demand | Stopped])
[2007/05/22 01:04:54 | 00,018,088 | ---- | M] () -- C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys -- (atitray [System | Running])
[2007/07/01 13:17:27 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running])
[2006/09/05 08:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running])
[2003/11/05 08:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
[2007/03/07 15:51:00 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2007/03/07 15:51:00 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2005/06/09 09:53:22 | 00,291,456 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Running])
[2005/12/08 10:54:32 | 00,501,760 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
[2005/12/08 10:55:46 | 00,439,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
[2005/11/10 16:06:04 | 00,340,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
[2005/12/08 10:55:48 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
[2005/12/08 10:54:42 | 00,142,336 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
[2004/08/22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [Boot | Running])
[2004/08/22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [Boot | Running])
[2004/06/29 14:25:26 | 00,007,680 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\dontgo.sys -- (dontgo [Boot | Running])
[2005/06/09 09:43:38 | 00,141,184 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp [System | Running])
[2005/06/09 09:52:50 | 00,024,192 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Running])
[2003/05/20 11:36:44 | 00,121,856 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000 [On_Demand | Running])
[2002/11/28 06:18:04 | 00,015,360 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
[2006/04/21 17:44:39 | 00,008,064 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/12/08 10:54:40 | 00,077,824 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
[2007/07/18 16:44:22 | 00,022,296 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/04/13 10:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/12/08 10:55:02 | 00,754,176 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
[2005/12/08 10:55:04 | 00,154,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k [On_Demand | Running])
[2005/12/08 10:55:08 | 00,179,712 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k [On_Demand | Stopped])
[2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/09/21 02:10:20 | 00,020,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
[2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Stopped])
[2004/03/03 09:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr [On_Demand | Stopped])
[2007/09/21 02:10:40 | 00,035,088 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt [On_Demand | Stopped])
[2003/12/17 09:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Running])
[2004/03/03 08:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb [On_Demand | Running])
[2007/09/21 02:10:46 | 00,036,240 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt [On_Demand | Stopped])
[2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
[2007/07/19 23:37:56 | 02,109,592 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Stopped])
[2007/07/19 23:39:50 | 02,142,488 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Stopped])
[2007/07/18 16:42:28 | 01,920,920 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
[2007/07/18 16:42:42 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2007/07/18 16:44:00 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2007/07/18 16:44:22 | 03,599,000 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2005/06/09 09:38:56 | 00,023,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
[2007/05/04 16:04:04 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev [On_Demand | Stopped])
[2007/05/04 15:54:08 | 00,022,528 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2008/04/13 10:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])
[2004/08/03 20:29:28 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC [On_Demand | Stopped])
[2008/11/12 01:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081217.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/11/12 01:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20081217.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2003/09/10 05:12:10 | 00,258,476 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver [On_Demand | Running])
[2005/12/08 10:54:52 | 00,114,688 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
[2002/04/09 09:53:32 | 00,036,736 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\drivers\p2k.sys -- (P2k [On_Demand | Stopped])
[2002/09/27 07:53:00 | 00,009,856 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/03/31 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/06/09 09:27:06 | 00,117,760 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2007/03/07 15:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/05/21 07:41:32 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/21 07:41:32 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2005/01/25 21:48:52 | 00,305,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\savrt.sys -- (SAVRT [On_Demand | Running])
[2005/01/25 21:48:52 | 00,037,000 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\savrtpel.sys -- (SAVRTPEL [System | Running])
[2003/09/10 04:58:16 | 00,090,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver [On_Demand | Stopped])
[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2006/09/15 21:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2005/11/15 20:11:40 | 00,002,397 | ---- | M] () -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2005/04/05 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2005/04/05 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/07/06 19:46:00 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
[2005/06/09 09:40:00 | 00,202,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr [System | Running])
[2003/06/03 11:00:00 | 00,073,984 | R--- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ulsata.sys -- (UlSata [Boot | Running])
[2004/12/13 11:28:04 | 00,125,440 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ulsata2.sys -- (ulsata2 [Boot | Running])
[2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 10:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2005/04/12 19:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2005/04/12 19:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2005/04/12 19:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2005/04/12 19:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (260013 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
69.253.151.209 idenupdate.motorola.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
9052 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
{0c890c44-7875-429a-9ed9-07cc2eba2c91} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{ADECBED6-0366-4377-A739-E69DFBA04663} (HKLM) -- C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
{BDF3E430-B101-42AD-A544-FADC6B084872} (HKLM) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL (Symantec Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe ()
"AtiPTA"=atiptaxx.exe (ATI Technologies, Inc.)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL (Elaborate Bytes AG)
"CloneCDTray"="C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" (Elaborate Bytes AG)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE (Logitech, Inc.)
"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" ()
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
"PtiuPbmd"=Rundll32.exe ulutil2.dll,SetWriteBack (Promise Technology,Inc.)
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" (Sonic Solutions)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"Philips Intelligent Agent"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT (Philips Consumer Electronics)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"Start WingMan Profiler"= File not found
"Steam"="C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"tpb"=C:\Program Files\tpb\tpb.exe (the-panic-button.co.uk)

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" (Ahead Software AG)
"Philips Intelligent Agent"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT (Philips Consumer Electronics)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"Start WingMan Profiler"= File not found
"Steam"="C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"tpb"=C:\Program Files\tpb\tpb.exe (the-panic-button.co.uk)

========== (O4) RunOnce Keys ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"=C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 File not found

========== (O4) Startup Folders ==========

[2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2005/02/19 15:54:54 | 00,040,960 | ---- | M] (TheaterTek, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Autorun Killer.lnk = C:\Program Files\TheaterTek\TheaterTek DVD 2.0\AutoKiller.exe
[2006/02/14 20:03:54 | 00,278,528 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2008/10/22 15:05:05 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2007/11/15 09:12:04 | 00,784,912 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
[2005/12/09 18:17:06 | 00,118,784 | ---- | M] (Nikon Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
[2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Marc\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=91 00 00 00 [binary data]
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Download Using &BitSpirit: C:\Program Files\BitSpirit\bsurl.htm [2005/08/06 17:30:43 | 00,000,824 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
ÓñČĚŘľ«ÁéĎÂÔŘ(&B): Reg Error: Value does not exist or could not be read. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\]
Download Using &BitSpirit: C:\Program Files\BitSpirit\bsurl.htm [2005/08/06 17:30:43 | 00,000,824 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
ÓñČĚŘľ«ÁéĎÂÔŘ(&B): Reg Error: Value does not exist or could not be read. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 13:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.micro...d...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
44 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative....015/CTSUEng.cab -- Creative Software AutoUpdate
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}: http://www.musicnote...ad/mnviewer.cab -- Musicnotes Viewer
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macr...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.micr...heckControl.cab -- Windows Genuine Advantage Validation Tool
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://download.ewid...oOnlineScan.cab -- ewidoOnlineScan Control
{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}: http://richardbeal.h.../SysCamInst.cab -- Panasonic Network Camera
{2E28242B-A689-11D4-80F2-0040266CBB8D}: http://221.254.133.53:8001/kxhcm10.ocx -- KXHCM10 Control
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.micros...ntent/opuc3.cab -- Office Update Installation Engine
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www.costcopho...stcoActivia.cab -- Snapfish Activia
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.micros...b?1132044576296 -- WUWebControl Class
{66D393D5-4D80-497C-9F4F-F3839E090202}: http://www.pysoft.co...amPlayerOCX.cab -- PlayerOCX Control
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx...owserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.micros...b?1159072917343 -- MUWebControl Class
{6F750200-1362-4815-A476-88533DE61D0C}: http://www.kodakgall..._1/axofupld.cab -- Ofoto Upload Manager Class
{6F750202-1362-4815-A476-88533DE61D0C}: http://www.kodakgall..._2/axofupld.cab -- Kodak Gallery Easy Upload Manager Class
{745395C8-D0E1-4227-8586-624CA9A10A8D}: http://207.178.234.1...activex/AMC.cab -- AxisMediaControl Class
{87587503-20F0-4FF5-8DA3-0107C4C03FDC}: http://downloads.com.../vmLauncher.cab -- vmLaunch Class
{87BE3784-6977-4E84-AA08-55A96B9CEAC5}: http://192.168.0.253/bl_camera.cab -- Bl_camera Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: http://justright2.vi...sCamControl.cab -- CamImage Class
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupd...9795.8550694444 -- Update Class
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: Back to top -->

#4
walkngdude
Posted 20 December 2008 - 12:39 PM

walkngdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My Post was cut off so here is the rest:


========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715}: http://www.creative....015/CTSUEng.cab -- Creative Software AutoUpdate
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}: http://www.musicnote...ad/mnviewer.cab -- Musicnotes Viewer
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macr...director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.micr...heckControl.cab -- Windows Genuine Advantage Validation Tool
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://download.ewid...oOnlineScan.cab -- ewidoOnlineScan Control
{1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}: http://richardbeal.h.../SysCamInst.cab -- Panasonic Network Camera
{2E28242B-A689-11D4-80F2-0040266CBB8D}: http://221.254.133.53:8001/kxhcm10.ocx -- KXHCM10 Control
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.micros...ntent/opuc3.cab -- Office Update Installation Engine
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www.costcopho...stcoActivia.cab -- Snapfish Activia
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.micros...b?1132044576296 -- WUWebControl Class
{66D393D5-4D80-497C-9F4F-F3839E090202}: http://www.pysoft.co...amPlayerOCX.cab -- PlayerOCX Control
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx...owserPlugin.cab -- DivXBrowserPlugin Object
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.micros...b?1159072917343 -- MUWebControl Class
{6F750200-1362-4815-A476-88533DE61D0C}: http://www.kodakgall..._1/axofupld.cab -- Ofoto Upload Manager Class
{6F750202-1362-4815-A476-88533DE61D0C}: http://www.kodakgall..._2/axofupld.cab -- Kodak Gallery Easy Upload Manager Class
{745395C8-D0E1-4227-8586-624CA9A10A8D}: http://207.178.234.1...activex/AMC.cab -- AxisMediaControl Class
{87587503-20F0-4FF5-8DA3-0107C4C03FDC}: http://downloads.com.../vmLauncher.cab -- vmLaunch Class
{87BE3784-6977-4E84-AA08-55A96B9CEAC5}: http://192.168.0.253/bl_camera.cab -- Bl_camera Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: http://justright2.vi...sCamControl.cab -- CamImage Class
{9F1C11AA-197B-4942-BA54-47A8489BB47F}: http://v4.windowsupd...9795.8550694444 -- Update Class
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.ma...ash/swflash.cab -- Shockwave Flash Object
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.micr...04/clearadj.cab -- CTAdjust Class
{DE625294-70E6-45ED-B895-CFFA13AEB044}: http://216.70.11.13/activex/AMC.cab -- AxisMediaControlEmb Class
{E8F628B5-259A-4734-97EE-BA914D7BE941}: http://driveragent.c...driveragent.cab -- Driver Agent ActiveX Control
{F6ACF75C-C32C-447B-9BEF-46B766368D29}: http://www.creative....15023/CTPID.cab -- Creative Software AutoUpdate Support Package
Web-Based Email Tools: http://email.secures...et/Download.CAB -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{01CB35F3-095B-4D08-A8FD-2D4C89C5F4C9} (Servers: | Description: )
{2AD8C4B1-9C56-4F7F-8FBB-A097CAF37346} (Servers: | Description: Intel® PRO/1000 CT Network Connection)
{5454A4CA-021A-4C97-AE6F-E7B18C27248A} (Servers: | Description: 1394 Net Adapter)
{F79C579D-A9BA-4F89-B27B-3511D7DE9296} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=c:\windows\system32\jurunute.dll c:\windows\system32\nosifeya.dll c:\windows\system32\vokeloso.dll c:\windows\system32\tezepugi.dll
>File not found -- c:\windows\system32\jurunute.dll
>File not found -- c:\windows\system32\nosifeya.dll
>File not found -- c:\windows\system32\vokeloso.dll
>File not found -- c:\windows\system32\tezepugi.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
LBTWlgn: "DllName" = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll -- c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/11/14 21:26:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[autorun] | open=cd2run.exe | icon=cd2run.exe,0 | | IDS_LOC_SETUPEXE=Setup_ST.exe | IDS_LOC_NAME=Microsoft Streets & Trips | IDS_LOC_CD1MESSAGE=This Setup Disc is necessary only to install Microsoft Streets & Trips. To run Microsoft Streets & Trips insert the Run Disc. | IDS_LOC_CD2MESSAGE=Microsoft Streets & Trips is not installed on your computer. The Run Disc is used only to run this application once it has been installed. To install Microsoft Streets & Trips, insert the Setup Disc. | IDS_LOC_TRIALOVERRETAIL=Setup has detected an existing version of Microsoft Streets and Trips. You cannot install the trial version on a computer that already has the full version installed. | IDS_LOC_CD2RETAILONTRIAL=You have inserted the Microsoft Streets & Trips Run Disc on a machine that has the trial version installed. Please uninstall the trial version and then install the retail version. | | | [Product] | | ;Valid CD Versions are | ;1 = Trial | ;2 = Retail | CDVersion=2 | | ;Valid CD Numbers are | ;1 = Setup CD | ;2 = Run CD | CDNumber=2 | | ;Valid Product Types are | ;1 = MapPoint USA | ;2 = MapPoint ENZ | ;3 = Streets and Trips | ;4 = Auto Route Express | ProductType=3 | | ;This is the Window name used to determine if the Application is running | ;It must match the window title. | WindowName=Microsoft Streets & Trips 2004 | ]
[2003/06/19 22:30:04 | 00,001,314 | R--- | M] () -- I:\AUTORUN.INF -- [ CDFS ]

Autorun.inf [[autorun] | OPEN=setup.exe | ]
[2006/08/17 15:24:14 | 00,000,027 | R--- | M] () -- L:\Autorun.inf -- [ CDFS ]

autorun.exe [MZ | ]
[2007/05/08 00:08:14 | 01,996,304 | R--- | M] (Eidos Inc.) -- M:\autorun.exe -- [ UDF ]

Autorun.inf [[autorun] | open=autorun.exe | icon=autorun.exe,0 | ]
[2007/03/22 00:45:20 | 00,000,049 | R--- | M] () -- M:\Autorun.inf -- [ UDF ]

autorun.inf [[autorun] | Label=LEGO Batman | OPEN=Launcher.exe | ICON=GameIcon.ico | ]
[2008/06/16 05:59:30 | 00,000,068 | R--- | M] () -- N:\autorun.inf -- [ CDFS ]

========== Files/Folders - Created Within 60 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/12/20 10:10:35 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTViewIt.exe
[2008/12/20 10:10:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\Trojen 12-20-08
[2008/12/13 21:07:03 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\HijackThis.lnk
[2008/12/13 21:07:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/13 19:36:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2008/12/13 19:36:37 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/13 19:36:37 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 19:36:34 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/13 19:36:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/13 19:36:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/13 19:02:53 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2008/12/13 19:02:53 | 00,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Autorun Killer.lnk
[2008/12/13 19:01:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/12/13 19:00:25 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\NTREGOPT.lnk
[2008/12/13 19:00:25 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Marc\Desktop\ERUNT.lnk
[2008/12/13 19:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2008/12/12 09:38:21 | 02,538,872 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Desktop\mbam-setup.exe
[2008/12/11 13:14:56 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/12/10 22:35:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Desktop\Trogen 12-10-08
[2008/12/09 23:09:20 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2008/12/09 23:09:20 | 00,000,000 | ---D | C] -- C:\Program Files\RogueRemover FREE
[2008/12/01 11:20:30 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/01 11:20:06 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/12/01 11:20:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/11/12 07:07:30 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 07:06:59 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/10/30 19:50:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\My Documents\Newsgroups usenet
[2008/10/23 09:35:07 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/23 04:36:14 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/22 15:15:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Logitech
[2008/10/22 15:05:08 | 00,002,074 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2008/10/22 15:05:03 | 00,127,034 | R--- | C] (BackWeb Technologies Inc. ) -- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2008/10/22 15:04:05 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2008/10/22 15:03:36 | 00,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2008/10/22 15:03:36 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2008/10/22 15:03:33 | 00,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2008/10/22 15:03:33 | 00,141,840 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2008/10/22 15:03:33 | 00,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2008/10/22 15:03:33 | 00,076,304 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll

========== Files - Modified Within 60 Days ==========

[9 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2008/12/20 10:10:46 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Desktop\OTViewIt.exe
[2008/12/20 09:05:32 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2008/12/20 08:59:17 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{88823467-148E-4A49-91C7-25D448A40058}.job
[2008/12/20 08:29:09 | 00,000,576 | ---- | M] () -- C:\Documents and Settings\Marc\My Documents\My Sharing Folders.lnk
[2008/12/20 08:28:47 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2008/12/20 08:28:19 | 00,013,736 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/20 08:28:09 | 00,000,101 | ---- | M] () -- C:\WINDOWS\MsgAgt.INI
[2008/12/20 08:27:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/20 08:27:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/19 23:36:49 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-0000000C-00001102-00000004-20021102}.rfx
[2008/12/19 23:36:49 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2008/12/19 23:36:49 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2008/12/19 23:36:48 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-0000000C-00001102-00000004-20021102}.rfx
[2008/12/19 23:36:48 | 00,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-0000000C-00001102-00000004-20021102}.rfx
[2008/12/19 23:36:48 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-0000000C-00001102-00000004-20021102}.rfx
[2008/12/19 23:36:48 | 00,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-0000000C-00001102-00000004-20021102}.rfx
[2008/12/19 23:35:16 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000C-00001102-00000004-20021102}.CDF
[2008/12/19 23:35:16 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-0000000C-00001102-00000004-20021102}.BAK
[2008/12/19 23:35:09 | 01,437,930 | -H-- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\IconCache.db
[2008/12/19 21:45:55 | 00,000,278 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2008/12/19 21:45:39 | 00,000,546 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[2008/12/19 17:34:47 | 00,091,648 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 14:25:15 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bibehiru
[2008/12/18 13:56:25 | 00,000,501 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2008/12/18 10:09:32 | 00,083,029 | ---- | M] () -- C:\WINDOWS\System32\sivamube.dll
[2008/12/17 22:04:54 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/17 12:20:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/12/14 08:18:07 | 00,465,542 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/14 08:18:07 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/14 08:18:07 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/13 23:46:05 | 00,000,112 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/13 23:45:14 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/13 21:07:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\HijackThis.lnk
[2008/12/13 19:36:37 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/12/13 19:02:54 | 00,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/13 19:02:54 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/13 19:00:25 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\NTREGOPT.lnk
[2008/12/13 19:00:25 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Marc\Desktop\ERUNT.lnk
[2008/12/13 00:00:00 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2008/12/12 09:38:34 | 02,538,872 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Desktop\mbam-setup.exe
[2008/12/09 23:09:20 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RogueRemover FREE.lnk
[2008/12/05 08:45:01 | 00,000,977 | ---- | M] () -- C:\WINDOWS\DrawingHand.ini
[2008/12/03 19:58:36 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:58:32 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/01 11:20:30 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/01 11:08:33 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2008/11/26 11:12:09 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2008/11/26 11:12:09 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
[2008/10/24 03:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/10/23 04:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll
[2008/10/23 04:36:14 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2008/10/23 02:06:59 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2008/10/22 15:05:08 | 00,002,074 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2008/10/22 15:05:02 | 00,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2008/10/22 15:04:05 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2008/10/22 15:03:36 | 00,001,687 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2008/10/22 15:03:36 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
< End of report >

Edited by walkngdude, 20 December 2008 - 12:43 PM.

  • 0

#5
walkngdude
Posted 20 December 2008 - 12:47 PM

walkngdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is more:


OTViewIt Extras logfile created on: 12/20/2008 10:19:32 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Marc\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.72 Mb Total Physical Memory | 369.42 Mb Available Physical Memory | 36.12% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;H:\pagefile.sys 3072 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 4.11 Gb Free Space | 5.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 61.47 Gb Total Space | 9.50 Gb Free Space | 15.45% Space Free | Partition Type: NTFS
Drive G: | 62.10 Gb Total Space | 2.27 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive H: | 62.73 Gb Total Space | 6.57 Gb Free Space | 10.48% Space Free | Partition Type: NTFS
Drive I: | 601.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 69.24 Gb Total Space | 15.25 Gb Free Space | 22.03% Space Free | Partition Type: NTFS
Drive K: | 698.63 Gb Total Space | 685.59 Gb Free Space | 98.13% Space Free | Partition Type: NTFS
Drive L: | 634.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 2.61 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive N: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive O: | 186.31 Gb Total Space | 20.10 Gb Free Space | 10.79% Space Free | Partition Type: NTFS
Drive P: | 7.58 Gb Total Space | 7.24 Gb Free Space | 95.49% Space Free | Partition Type: FAT32

Computer Name: ASUS
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=1
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/10/22 15:05:05 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2005/08/11 14:42:41 | 05,159,424 | ---- | M] (LANSPIRIT.NET) -- C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client
[2008/04/13 16:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2008/04/13 16:12:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[1997/10/14 11:27:42 | 01,422,336 | ---- | M] () -- C:\Program Files\LucasArts\XwingTie\z_xvt__.exe:*:Enabled:z_xvt__
[2006/03/03 19:37:26 | 02,023,424 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
File not found -- C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD
[2006/01/24 22:22:32 | 06,131,712 | ---- | M] (PY Software) -- C:\Program Files\Active WebCam\WebCam.exe:*:Enabled:Active WebCam
[2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- J:\Games Storage Folder\Sin Episodes Emergence [TNTVILLAGE]\Extracted\SinEpisodes\SinEpisodes.exe:*:Disabled:SinEpisodes
[2008/10/08 06:42:25 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client
[2007/09/21 15:48:55 | 00,073,728 | ---- | M] () -- C:\Program Files\Steam\steamapps\walkngdude\sin episodes emergence\SinEpisodes.exe:*:Enabled:SinEpisodes
File not found -- C:\WINDOWS\LMI39.tmp\rescue.exe:*:Enabled:LogMeIn Rescue
File not found -- C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
File not found -- C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
File not found -- C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
[2004/11/30 11:07:18 | 01,114,112 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
[2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/02/21 16:19:30 | 00,613,792 | ---- | M] (Philips Consumer Electronics) -- C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/22 15:05:05 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/04/13 16:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui
[2008/04/13 16:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon
[2005/01/25 21:48:50 | 00,194,272 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVSCAN.EXE:*:Enabled:SAVScan

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/22 15:05:05 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 02:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}"=Logitech iTouch Software
"{04410044-9149-45C6-A806-F2BF9CFCE762}"=Microsoft Encarta Encyclopedia Standard 2004
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{066ED8C4-8C66-4824-ACF4-8F622E88E074}"=LEGO® Indiana Jones™ Demo
"{07473686-FC3A-4825-9CA9-97D269145F62}"=Motorola Phone Tools
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}"=CDDRV_Installer
"{0DBF3265-57F1-4D8A-87EA-332B2A669BDE}"=Indiana Jones and the Emperors Tomb
"{1526D87C-A955-4FAB-BF18-697BA457E352}"=Norton WMI Update
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}"=Microsoft Works Suite Add-in for Microsoft Word
"{1CB92574-96F2-467B-B793-5CEB35C40C29}"=Image Resizer Powertoy for Windows XP
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"{23A482D2-4DE2-4C85-8D5B-C7F3ED9B4F26}"=DiveVisions
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{30433BBA-5358-4B41-817E-E694092DC178}"=Crazy Machines II
"{3101CB58-3482-4D21-AF1A-7057FC935355}"=KhalInstallWrapper
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}"=ASUS Enhanced Display Driver
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}"=Logitech QuickCam
"{36EF4012-D58B-436A-9C73-BAD48A5174F5}"=Roxio Easy Media Creator 7 Basic VCD Edition
"{398AB469-77FC-4935-820B-D419388C0A6A}"=LEGO® Batman™
"{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}"=erLT
"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant
"{4E074808-1B86-4230-A9EB-0904942EC4AE}"=LEGO Star Wars II
"{55937F00-A69B-4049-8D3A-1C7729742B6F}"=BUM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.79.1
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}"=Logitech Gaming Software
"{634B01DF-A45B-4623-80E1-E15FF82A4979}"=Norton CleanSweep
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1"=Moyea FLV Player version 1.5.2.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}"=Norton Utilities
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{71E7B3F5-CFAF-4c1e-B494-528E28707937}"=Norton SystemWorks 2004
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{72E79A36-41C3-490D-820C-A9EDDDD1DAD1}"=iDEN Phonebook Manager
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}"=Jasc Animation Shop 3
"{8315D4B0-9BF2-4D63-8654-74B89D288D6E}"=Norton Password Manager
"{8704D51E-25B7-4F23-81E7-AA4F54790210}"=Microsoft Streets and Trips 2004
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}"=NSW_DRM_COLLECTION
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel
"{9579E862-5FC7-4337-B1CC-5E37451524C5}"=Motorola Driver Installation
"{9933F0EE-DFCD-4829-B979-3C56C367CB1A}"=InterVideo WinDVD Creator
"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}"=LEGO® Indiana Jones™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}"=Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A71000000002}"=Adobe Reader 7.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}"=Motorola Phone Tools
"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component
"{C1CEC73D-B476-49EC-A5AA-1BF897701334}"=pvPlayer 3
"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}"=Nikon Message Center
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}"=Symantec Script Blocking Installer
"{D6414CC7-F215-467F-88B1-546ED863F35B}"=CC_ccStart
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}"=ccCommon
"{DCD27F16-CD10-4E6D-B099-15675E0C12D3}"=TheaterTek DVD 2.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}"=Star Wars Republic Commando
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}"=SymNet
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton AntiVirus Parent MSI
"{E914A24F-2412-4374-B420-86D21D6D444A}"=LEGO Star Wars
"{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1"=Moyea FLV Downloader version 1.15.0.15
"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0
"{EF2AA69F-67E4-4721-89F9-04F4A177F9C5}"=Motorola Phone Tools
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}"=AGEIA PhysX v7.07.24
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}"=Logitech SetPoint
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}"=Jasc Paint Shop Pro 9
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}"=MSRedist
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}"=PictureProject
"3Planesoft Screensaver Manager_is1"=3Planesoft Screensaver Manager 1.0
"AceFTP 3 Freeware"=AceFTP 3 Freeware
"Active WebCam"=Active WebCam
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2
"Adobe Shockwave Player"=Adobe Shockwave Player
"Ancient Castle 3D Screensaver_is1"=Ancient Castle 3D Screensaver 1.1
"AnyDVD"=AnyDVD
"ASUS Probe V2.21.07"=ASUS Probe V2.21.07
"ATI Display Driver"=ATI Display Driver (Omega 3.8.360)
"AudioConSole"=Creative Audio Console
"Autodesk DWF Viewer"=Autodesk DWF Viewer
"AutoGK"=Auto Gordian Knot 2.45
"AVGAntiSpyware75"=AVG Anti-Spyware 7.5
"Avi2Dvd"=Avi2Dvd 0.4.4 beta
"AviSplit Classic (Freeware)_is1"=AviSplit Classic Version 1.43
"AviSynth"=AviSynth 2.5
"AXIS Media Control"=AXIS Media Control
"AXIS Media Control Embedded"=AXIS Media Control Embedded
"BitSpirit_is1"=BitSpirit v3.1.0.077 Stable Release
"BSPlayer1"=BSPlayer
"CloneCD"=CloneCD
"dBpowerAMP Music Converter"=dBpowerAMP Music Converter
"DC++"=DC++ 0.667
"Discovery 3D Screensaver_is1"=Discovery 3D Screensaver 1.1
"Drawing Hand Screen Saver"=Drawing Hand Screen Saver
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Shrink_is1"=DVD Shrink 3.2
"DVDFab Decrypter_is1"=DVDFab Decrypter 2.9.7.7
"ERUNT_is1"=ERUNT 1.1j
"Exact Audio Copy"=Exact Audio Copy 0.95b3
"Forte Agent"=Forté Agent
"FriendlyNET"=FriendlyNET
"Galleon 3D Screensaver_is1"=Galleon 3D Screensaver 1.3
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{066ED8C4-8C66-4824-ACF4-8F622E88E074}"=LEGO® Indiana Jones™ Demo
"InstallShield_{398AB469-77FC-4935-820B-D419388C0A6A}"=LEGO® Batman™
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}"=LEGO Star Wars II
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}"=LEGO® Indiana Jones™
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}"=LEGO Star Wars
"Jasc Animation Shop 3 20041030_07 Help file Patch"=Jasc Animation Shop 3 20041030_07 Help file Patch
"Jasc Paint Shop Pro 9.01 - (9.0.1.1)"=Jasc Paint Shop Pro 9.01 - (9.0.1.1)
"Jasc Paint Shop Pro 9.01 Patch"=Jasc Paint Shop Pro 9.01 Patch
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.8.5 Full
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 1.90 (Symantec Corporation)
"LucasArts' X-Wing vs. TIE Fighter"=LucasArts' X-Wing vs. TIE Fighter
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Malwarebytes' RogueRemover FREE_is1"=Malwarebytes' RogueRemover
"mIRC"=mIRC
"MSN Music Assistant"=MSN Music Assistant
"mtt12"=Mp3 Tag Tools v1.2
"MultiRes (remove only)"=MultiRes (remove only)
"Nature 3D Screensaver_is1"=Nature 3D Screensaver 1.1
"Nautilus 3D Screensaver_is1"=Nautilus 3D Screensaver 1.2
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey"=NeroMIX
"NMPUninstallKey"=Nero Media Player
"NVEContent!UninstallKey"=NeroVision Express 2 Content
"OfotoEZUpload"=KODAK EASYSHARE Gallery Upload ActiveX Control
"OpenAL"=OpenAL
"PeerGuardian_is1"=PeerGuardian 2.0
"Philips Intelligent Agent_is1"=Philips Intelligent Agent
"Photodex Presenter"=Photodex Presenter
"Promise Array Management"=Promise Array Management
"PROSet"=Intel® PRO Network Adapters and Drivers
"ProShow Gold"=ProShow Gold
"ProShow Producer"=ProShow Producer
"pvAuthor v3.3.1"=pvAuthor v3.3.1
"QcDrv"=Logitech® Camera Driver
"QuickPar"=QuickPar 0.9
"QuickSFV"=QuickSFV (Remove only)
"QuicktimeAlt_is1"=QuickTime Alternative 1.72
"Radeon Omega Drivers for Windows 2k/XPv3.8.360"=Radeon Omega Drivers v3.8.360 Setup Files and Tools
"Rainbow Client Activator 2.2 English"=Client Activator 2.2 - English (2)
"Rainbow Client Activator 2.2 English All"=Client Activator 2.2 - English (All)
"RealAlt_is1"=Real Alternative 1.45
"Riva FLV Player_is1"=Riva FLV Player
"Shockwave"=Shockwave
"Sin Episodes 1: Emergence"=Sin Episodes 1: Emergence
"Space Flight 3D Screensaver_is1"=Space Flight 3D Screensaver 1.3
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Steam App 320"=Half-Life 2: Deathmatch
"Steam App 340"=Half-Life 2: Lost Coast
"Steam App 360"=Half-Life Deathmatch: Source
"Stellarium_is1"=Stellarium 0.9.0
"SymSetup.{71E7B3F5-CFAF-4c1e-B494-528E28707937}"=Norton SystemWorks 2004 (Symantec Corporation)
"SystemRequirementsLab"=System Requirements Lab
"The-Panic-Button_is1"=TPB v1.3.1
"Tomb Raider: Anniversary"=Tomb Raider: Anniversary 1.0
"Total Video Converter_is1"=Total Video Converter 2.603
"VobSub"=VobSub v2.23 (Remove Only)
"VSO DivxToDVD_is1"=DivxToDVD 0.5.2
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA"=Windows Genuine Advantage Validation Tool
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format Runtime
"Windows Media Player"=Windows Media Player 10
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"Works2004Setup"=Microsoft Works 2004 Setup Launcher
"XviD MPEG4 Video Codec"=XviD MPEG4 Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}"=KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Steam App 1300"=SiN Episodes: Emergence
"Steam App 1309"=SiN 1 Multiplayer
"Steam App 1313"=SiN 1
"Steam App 7710"=Bioshock Demo

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1060284298-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}"=KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer
"Steam App 1300"=SiN Episodes: Emergence
"Steam App 1309"=SiN 1 Multiplayer
"Steam App 1313"=SiN 1
"Steam App 7710"=Bioshock Demo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/10/2008 3:03:36 PM | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application rogueremover.exe, version 1.24.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x020c30b3.

Error - 12/10/2008 3:03:41 PM | Computer Name = ASUS | Source = Application Error | ID = 1001
Description = Fault bucket 1042624333.

Error - 12/10/2008 3:03:44 PM | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 12/10/2008 3:03:45 PM | Computer Name = ASUS | Source = Application Error | ID = 1001
Description = Fault bucket 223121472.

Error - 12/10/2008 9:39:49 PM | Computer Name = ASUS | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2008 12:13:38 PM | Computer Name = ASUS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 12/18/2008 2:08:31 AM | Computer Name = ASUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module unknown, version 0.0.0.0, fault address 0x0a0a0a14.

Error - 12/18/2008 6:25:17 PM | Computer Name = ASUS | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 12/18/2008 7:14:12 PM | Computer Name = ASUS | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 12/20/2008 1:05:30 PM | Computer Name = ASUS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,
P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 12/13/2008 5:45:00 AM | Computer Name = ASUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/17/2008 10:42:41 PM | Computer Name = ASUS | Source = DCOM | ID = 10010
Description = The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register
with DCOM within the required timeout.

Error - 12/18/2008 2:16:30 AM | Computer Name = ASUS | Source = System Error | ID = 1003
Description = Error code 0000007a, parameter1 c03dd274, parameter2 c000009d, parameter3
f749d374, parameter4 38bdb860.

Error - 12/19/2008 9:29:55 PM | Computer Name = ASUS | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{2AD8C4B1-9C56-4F7F-8FBB-A097CAF37346}. The
backup browser is stopping.

Error - 12/20/2008 1:05:28 PM | Computer Name = ASUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/20/2008 1:05:28 PM | Computer Name = ASUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/20/2008 1:13:05 PM | Computer Name = ASUS | Source = DCOM | ID = 10010
Description = The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#6
fenzodahl512
Posted 20 December 2008 - 10:38 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Lets do this...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall
  • 0

#7
walkngdude
Posted 21 December 2008 - 11:12 PM

walkngdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good to here from you again Fenzodahl512 and thanks again. Here are the logs thay you requested:


ComboFix 08-12-21.04 - Marc 2008-12-21 20:54:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.553 [GMT -8:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
c:\windows\system32\system
c:\windows\system32\system\msxml4.dll
c:\windows\system32\system\msxml4r.dll
c:\windows\system32\tmp27.tmp
c:\windows\system32\tmp28.tmp
c:\windows\system32\tmp42.tmp
c:\windows\system32\tmp43.tmp

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-18 16:39 . 2008-12-18 16:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-18 16:37 . 2008-12-18 16:37 <DIR> d-------- c:\documents and settings\Administrator
2008-12-13 21:07 . 2008-12-13 21:07 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\documents and settings\Marc\Application Data\Malwarebytes
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 19:36 . 2008-12-03 19:58 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 19:36 . 2008-12-03 19:58 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 19:00 . 2008-12-13 19:00 <DIR> d-------- c:\program files\ERUNT
2008-12-11 13:14 . 2008-12-11 13:14 <DIR> d-------- C:\VundoFix Backups
2008-12-10 10:14 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 23:09 . 2008-12-09 23:09 <DIR> d-------- c:\program files\RogueRemover FREE
2008-12-01 11:20 . 2008-12-01 11:20 <DIR> d-------- c:\program files\iTunes
2008-12-01 11:20 . 2008-12-01 11:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 04:50 --------- d-----w c:\program files\Steam
2008-12-22 01:24 --------- d-----w c:\program files\Java
2008-12-21 04:55 --------- d-----w c:\program files\PeerGuardian2
2008-12-20 05:45 --------- d-----w c:\program files\Norton SystemWorks
2008-12-18 18:09 83,029 ------w c:\windows\system32\sivamube.dll
2008-12-09 16:33 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-08 04:46 --------- d-----w c:\program files\Agent
2008-12-05 17:00 --------- d-----w c:\program files\Drawing Hand
2008-12-01 19:20 --------- d-----w c:\program files\iPod
2008-12-01 19:20 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 19:17 --------- d-----w c:\program files\QuickTime Alternative
2008-12-01 19:08 --------- d-----w c:\program files\Safari
2008-11-29 05:30 --------- d-----w c:\program files\mIRC
2008-11-27 04:02 --------- d-----w c:\program files\DC++
2008-11-26 19:12 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-11-19 06:24 --------- d-----w c:\program files\Active WebCam
2008-11-16 15:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-22 23:15 --------- d-----w c:\documents and settings\Marc\Application Data\Logitech
2008-10-22 23:05 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-10-22 23:05 --------- d-----w c:\program files\Common Files\LogiShrd
2008-10-22 23:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-22 23:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-22 23:04 --------- d-----w c:\program files\Logitech
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2007-01-01 23:01 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2006-02-13 07:10 44,104 ----a-w c:\documents and settings\Marc\Application Data\GDIPFONTCACHEV1.DAT
2005-11-18 21:34 554 ----a-w c:\documents and settings\Marc\Application Data\wklnhst.dat
2008-09-18 18:09 2,048 --sha-w c:\windows\system32\pabuzili.dll
2008-08-27 16:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

------- Sigcheck -------

2005-05-25 11:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
2005-05-25 11:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 09:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 04:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 02:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-07-13 07:45 360320 3adce4790f591bf160a94f6f08039577 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2003-03-31 04:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
2005-05-25 11:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 18:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2007-03-29 18:59 359808 8d8949936913b041c6a0e184fbf1030b c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-01-12 10:45 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-11-26 11:12 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2008-11-26 11:12 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-12-21_20.38.03.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 10:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 10:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-17 10:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-22 04:50:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_bc4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984]
"tpb"="c:\program files\tpb\tpb.exe" [2003-06-14 229376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"Philips Intelligent Agent"="c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"Start WingMan Profiler"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-15 100056]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-06-09 1695744]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-01 45056]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-06-05 467456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 c:\windows\system32\ulutil2.dll]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-18 439568]

c:\documents and settings\Marc\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Autorun Killer.lnk - c:\program files\TheaterTek\TheaterTek DVD 2.0\AutoKiller.exe [2006-05-11 40960]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-12-18 278528]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-22 784912]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-01-01 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 08:33 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= i263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\LucasArts\\XwingTie\\z_xvt__.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Active WebCam\\WebCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\walkngdude\\sin episodes emergence\\SinEpisodes.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Philips Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Norton SystemWorks\\Norton Antivirus\\SAVSCAN.EXE"=

R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\DRIVERS\DontGo.sys [2005-02-15 7680]
R0 ulsata2;ulsata2;c:\windows\system32\DRIVERS\ulsata2.sys [2005-02-15 125440]
R1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [2005-11-13 18088]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [2003-09-10 81920]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2005-11-16 14095]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-27 42112]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 18:22]

2008-12-20 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-12 20:16]

2008-12-21 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 04:48]

2008-12-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]

2008-12-21 c:\windows\Tasks\User_Feed_Synchronization-{88823467-148E-4A49-91C7-25D448A40058}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0c890c44-7875-429a-9ed9-07cc2eba2c91} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\WBEtoolsAX.dll - O16 -: Web-Based Email Tools
hxxp://email.secureserver.net/Download.CAB
c:\windows\Downloaded Program Files\OSD7C4D.OSD

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://download.ewido.net/ewidoOnlineScan.cab

c:\windows\Downloaded Program Files\ipv6cam.ocx - c:\windows\Downloaded Program Files\AudioClient.ocx
O16 -: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}
hxxp://richardbeal.homeip.net/SysCamInst.cab
c:\windows\Downloaded Program Files\install.inf

c:\windows\Downloaded Program Files\kxhcm10.ocx - O16 -: {2E28242B-A689-11D4-80F2-0040266CBB8D}
hxxp://221.254.133.53:8001/kxhcm10.ocx

c:\windows\Downloaded Program Files\GSM_codec.dll - c:\windows\Downloaded Program Files\WebCamPlayerOCX.ocx
O16 -: {66D393D5-4D80-497C-9F4F-F3839E090202}
hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
c:\windows\Downloaded Program Files\WebCamPlayerOCX.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://207.178.234.150:84/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.70.11.13/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 20:56:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2008-12-21 20:58:38
ComboFix-quarantined-files.txt 2008-12-22 04:58:21

Pre-Run: 4,686,938,112 bytes free
Post-Run: 4,733,820,928 bytes free

283 --- E O F --- 2008-12-22 04:47:36




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:45 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\tpb\tpb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Promise\Utility\MsgSvr.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [tpb] C:\Program Files\tpb\tpb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Autorun Killer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://richardbeal.h.../SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://221.254.133.53:8001/kxhcm10.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132044576296
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159072917343
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://207.178.234.1...activex/AMC.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.com.../vmLauncher.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://192.168.0.253/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://justright2.vi...sCamControl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://216.70.11.13/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15739 bytes
  • 0

#8
fenzodahl512
Posted 22 December 2008 - 03:13 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\sivamube.dll
c:\documents and settings\Marc\Application Data\wklnhst.dat
c:\windows\system32\pabuzili.dll

Folder::
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
walkngdude
Posted 22 December 2008 - 11:03 AM

walkngdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok Fenzodahl512 here is the report generated by combofix at the end of running the kill file and a new hijackthis log, Thanks:


ComboFix 08-12-21.04 - Marc 2008-12-22 8:43:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.388 [GMT -8:00]
Running from: c:\documents and settings\Marc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marc\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\Marc\Application Data\wklnhst.dat
c:\windows\system32\pabuzili.dll
c:\windows\system32\sivamube.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
c:\documents and settings\Marc\Application Data\wklnhst.dat
c:\windows\system32\pabuzili.dll
c:\windows\system32\sivamube.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-18 16:39 . 2008-12-18 16:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-18 16:37 . 2008-12-18 16:37 <DIR> d-------- c:\documents and settings\Administrator
2008-12-13 21:07 . 2008-12-13 21:07 <DIR> d-------- c:\program files\Trend Micro
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\documents and settings\Marc\Application Data\Malwarebytes
2008-12-13 19:36 . 2008-12-13 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-13 19:36 . 2008-12-03 19:58 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-13 19:36 . 2008-12-03 19:58 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-13 19:00 . 2008-12-13 19:00 <DIR> d-------- c:\program files\ERUNT
2008-12-11 13:14 . 2008-12-11 13:14 <DIR> d-------- C:\VundoFix Backups
2008-12-10 10:14 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 23:09 . 2008-12-09 23:09 <DIR> d-------- c:\program files\RogueRemover FREE
2008-12-01 11:20 . 2008-12-01 11:20 <DIR> d-------- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 16:49 --------- d-----w c:\program files\Steam
2008-12-22 01:24 --------- d-----w c:\program files\Java
2008-12-21 04:55 --------- d-----w c:\program files\PeerGuardian2
2008-12-20 05:45 --------- d-----w c:\program files\Norton SystemWorks
2008-12-09 16:33 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-08 04:46 --------- d-----w c:\program files\Agent
2008-12-05 17:00 --------- d-----w c:\program files\Drawing Hand
2008-12-01 19:20 --------- d-----w c:\program files\iPod
2008-12-01 19:20 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 19:17 --------- d-----w c:\program files\QuickTime Alternative
2008-12-01 19:08 --------- d-----w c:\program files\Safari
2008-11-29 05:30 --------- d-----w c:\program files\mIRC
2008-11-27 04:02 --------- d-----w c:\program files\DC++
2008-11-26 19:12 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-11-19 06:24 --------- d-----w c:\program files\Active WebCam
2008-11-16 15:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 00:17 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-10-22 23:15 --------- d-----w c:\documents and settings\Marc\Application Data\Logitech
2008-10-22 23:05 127,034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-10-22 23:05 --------- d-----w c:\program files\Common Files\LogiShrd
2008-10-22 23:04 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-22 23:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-22 23:04 --------- d-----w c:\program files\Logitech
2007-01-01 23:01 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2006-02-13 07:10 44,104 ----a-w c:\documents and settings\Marc\Application Data\GDIPFONTCACHEV1.DAT
2008-08-27 16:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.

------- Sigcheck -------

2005-05-25 11:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
2005-05-25 11:07 359936 63fdfea54eb53de2d863ee454937ce1e c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 09:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 04:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 08:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 02:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 03:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 03:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-07-13 07:45 360320 3adce4790f591bf160a94f6f08039577 c:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
2003-03-31 04:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
2005-05-25 11:04 359808 88763a98a4c26c409741b4aa162720c9 c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 18:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2007-03-29 18:59 359808 8d8949936913b041c6a0e184fbf1030b c:\windows\$NtUninstallKB941644$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-01-12 10:45 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 11:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
2008-11-26 11:12 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\dllcache\TCPIP.SYS
2008-11-26 11:12 361600 d24ea301e2b36c4e975fd216ca85d8e7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-12-21_20.38.03.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 10:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-10-17 10:08:40 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-17 10:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-22 16:48:43 16,384 ----atw c:\windows\temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 196608]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984]
"tpb"="c:\program files\tpb\tpb.exe" [2003-06-14 229376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"Philips Intelligent Agent"="c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]
"Start WingMan Profiler"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-11-15 100056]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-06-09 1695744]
"CloneCDTray"="c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-12-02 73728]
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-01 45056]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-06-05 467456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"PtiuPbmd"="ulutil2.dll" [2003-11-05 c:\windows\system32\ulutil2.dll]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]
"CTHelper"="CTHELPER.EXE" [2005-12-08 c:\windows\CTHELPER.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-18 439568]

c:\documents and settings\Marc\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Autorun Killer.lnk - c:\program files\TheaterTek\TheaterTek DVD 2.0\AutoKiller.exe [2006-05-11 40960]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2005-12-18 278528]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-10-22 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-22 784912]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-01-01 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 08:33 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 09:10 72208 c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= i263_32.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\LucasArts\\XwingTie\\z_xvt__.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Active WebCam\\WebCam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\walkngdude\\sin episodes emergence\\SinEpisodes.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Philips Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Norton SystemWorks\\Norton Antivirus\\SAVSCAN.EXE"=

R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\DRIVERS\DontGo.sys [2005-02-15 7680]
R0 ulsata2;ulsata2;c:\windows\system32\DRIVERS\ulsata2.sys [2005-02-15 125440]
R1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [2005-11-13 18088]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 55024]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [2003-09-10 81920]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\lccfltr.sys [2005-11-16 14095]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-27 42112]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
.
Contents of the 'Scheduled Tasks' folder

2008-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 18:22]

2008-12-20 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-12 20:16]

2008-12-21 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-10 04:48]

2008-12-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]

2008-12-21 c:\windows\Tasks\User_Feed_Synchronization-{88823467-148E-4A49-91C7-25D448A40058}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

c:\windows\Downloaded Program Files\WBEtoolsAX.dll - O16 -: Web-Based Email Tools
hxxp://email.secureserver.net/Download.CAB
c:\windows\Downloaded Program Files\OSD7C4D.OSD

c:\windows\Downloaded Program Files\ewidoOnlineScan.dll - O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1}
hxxp://download.ewido.net/ewidoOnlineScan.cab

c:\windows\Downloaded Program Files\ipv6cam.ocx - c:\windows\Downloaded Program Files\AudioClient.ocx
O16 -: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9}
hxxp://richardbeal.homeip.net/SysCamInst.cab
c:\windows\Downloaded Program Files\install.inf

c:\windows\Downloaded Program Files\kxhcm10.ocx - O16 -: {2E28242B-A689-11D4-80F2-0040266CBB8D}
hxxp://221.254.133.53:8001/kxhcm10.ocx

c:\windows\Downloaded Program Files\GSM_codec.dll - c:\windows\Downloaded Program Files\WebCamPlayerOCX.ocx
O16 -: {66D393D5-4D80-497C-9F4F-F3839E090202}
hxxp://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
c:\windows\Downloaded Program Files\WebCamPlayerOCX.inf

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://207.178.234.150:84/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.70.11.13/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 08:48:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Promise\Utility\MsgAgt.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Promise\Utility\MsgSvr.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\progra~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\MSN Messenger\livecall.exe
c:\windows\system32\wscntfy.exe
c:\program files\MSN Messenger\usnsvc.exe
c:\program files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-12-22 8:52:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 16:52:18
ComboFix2.txt 2008-12-22 04:58:39

Pre-Run: 4,582,621,184 bytes free
Post-Run: 4,652,359,680 bytes free

298 --- E O F --- 2008-12-22 04:47:36





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:44 AM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Promise\Utility\MsgSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [tpb] C:\Program Files\tpb\tpb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08c2 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Autorun Killer.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Web-Based Email Tools - http://email.secures...et/Download.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://richardbeal.h.../SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://221.254.133.53:8001/kxhcm10.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132044576296
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.co...amPlayerOCX.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159072917343
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://207.178.234.1...activex/AMC.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.com.../vmLauncher.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://192.168.0.253/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://justright2.vi...sCamControl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://216.70.11.13/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15023/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15922 bytes
  • 0

#10
fenzodahl512
Posted 22 December 2008 - 11:26 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good.. How is the computer now?.. Lets do one online scan to see what might left :)



Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

Then, please download and install the latest Java from HERE



NEXT


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.


  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.


When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
  • 0

#11
walkngdude
Posted 23 December 2008 - 11:17 PM

walkngdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello again Fenzodahl512. I did as you requested and here are the results of the Kaspersky Scan. And by the way in case I don't hear from you again before Christmas, here is wishing you and family all the best, peace, love, health and prosperity for the holiday and on threw next year:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 23, 2008 14:58:02
Records in database: 1505032
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Scan statistics:
Files scanned: 263767
Threat name: 14
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 10:40:38


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\07E223D7.htm Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0A5D477C Infected: Trojan.Java.ClassLoader.ao 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0C304DC7 Infected: Exploit.Java.Gimsh.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0C3377C3 Infected: Exploit.Java.Gimsh.a 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A6068EB Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1A6412E8 Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\35263B54.wmf Infected: Trojan-Downloader.Win32.Agent.acd 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\355C6436 Infected: Trojan.Java.ClassLoader.ao 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3EA72B78 Infected: Exploit.Java.ByteVerify 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4BC73E5A.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4BC73E5A.tmp Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4BCB6857.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4BCB6857.tmp Infected: Trojan.Java.ClassLoader.au 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4E5C1C4F Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4E7D402C Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\64770EC2.htm Infected: Trojan-Downloader.JS.Agent.et 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65FF648E.pdf Infected: Exploit.Win32.Pidief.li 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\68113EF7.htm Infected: Trojan-Clicker.HTML.IFrame.ee 1
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6B044348 Infected: Trojan-Downloader.Java.OpenStream.ac 1
O:\Bitspirit downloads\BSPlayer Pro v2.23.953 + ICU KeyGen\bsplayer_pro223.953.exe Infected: Trojan-Dropper.NSIS.Agent.b 1
O:\Saved from My Documents 01-04-07\Programs\Mirc 03-03-06\mirc617.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1

The selected area was scanned.
  • 0

#12
fenzodahl512
Posted 23 December 2008 - 11:41 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Thanks for the wishes... Merry Christmas and Happy New Year to you and your beloved family.. Wish you all the best and happiness :)

Please go to this folder and delete everything inside.. Don't delete the folder itself, just leave it empty..

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine


Then manually delete this folder..

O:\Bitspirit downloads\BSPlayer Pro v2.23.953 + ICU KeyGen



After that, lets do some cleanup...

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image




Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#13
fenzodahl512
Posted 29 December 2008 - 10:37 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP