Solved: Firefox search engine taken over by Windiwsfsearch.com

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
When I try and use the search box in the upper right corner of Firefox instead of getting a google search I get redirected to:
http://searchportal.information.com...GVEUCCRtWV1USXwpBawBUVgZYUQUNU0VZOg9XXANSA1sN

It says that it is a search engine called Windiwsfsearch.com. I used about:config to try and reset the default search engine to google. It lets me set it but when I do a search it still goes to Windiwsfsearch.com.

Here is a copy of the hijackthis.log

Please help.

Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:22:55, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Galleon\bin\Wrapper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINNT\system32\java.exe
C:\WINNT\System32\svchost.exe
c:\progra~1\traffi~1\traffi~1.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINNT\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] lsac.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] lsac.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NetVanta VPN Client.lnk = C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: Domain = adtran.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: NameServer = 172.22.48.47,208.67.220.220
O18 - Protocol: bw+0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe
O23 - Service: TiVo: TrafficCam Viewer - http://bitrazor.com/tc - c:\progra~1\traffi~1\traffi~1.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe (file missing)
--
End of file - 23192 bytes
 
Joined
Feb 15, 2004
Messages
12,302
hi, welcome to TSG.


Go to add/remove and uninstall Logitech\Desktop Messenger, you don't need it!




Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!


http://java.com/en/download/manual.jsp



* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html


* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
* Click Exit on the Main menu to close the program.




Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should
appear;
* Select the first option, to run Windows in Safe Mode, then press
Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start
the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds
then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the
removal process then display Finished, press any key to end the script and
load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and
also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on
the forum).
* Finally paste the contents of the Report.txt back on the forum with a
new HijackThis log

_____________________________________________________________________

NOTE: If you have downloaded ComboFix previously please delete that
version and download it again!


Please visit this webpage for instructions for downloading and running
ComboFix.


http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Post the log from ComboFix when you've accomplished that along with a
new HijackThis log.


Download ComboFix from
Here
or
Here
to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just
before Windows starts to load. If done right a Windows Advanced Options menu
will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a
    HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its
running. That may cause it to stall






* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

* Doubleclick the drweb-cureit.exe file and Allow to run the express scan
* This will scan the files currently running in memory and when something is
found,
click the yes button when it asks you if you want to cure it. This is only a
short scan.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
* Back at the main window, mark the drives that you want to scan.
* Select all drives. A red dot shows which drives have been chosen.
* Click the green arrow at the right, and the scan will start.
* Click 'Yes to all' if it asks if you want to cure/move the file.
* When the scan has finished, look if you can click next icon next to the
files found: IPB Image
* If so, click it and then click the next icon right below and select Move
incurable as you'll see in next image:
IPB Image
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it
can't be cured. (this in case if we need samples)
* After selecting, in the Dr.Web CureIt menu on top, click file and choose
save report list
* Save the report to your desktop. The report will be called DrWeb.csv
* Close Dr.Web Cureit.
* Reboot your computer!! Because it could be possible that files in use will
be moved/deleted during reboot.




Post a new hijack this, the dr web scan log, the combo log and the sdfix log!
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
Thanks for the quick reply. I'll go through the steps you provided and post the response.

Thanks
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
I had to break this into several posts due to 30000 character limit.

POST 1


OK, I deleted Logitech\Desktop, removed old Java, installed jre-6u7-windows-i586-p-iftw.exe Java, ran ATF Cleaner, ran SDFix, ran ComboFix, ran Dr.Web Cureit and ran Hijackthis.

One strange occurance is that my computer clock is now in military time. Should one of these scans have caused that?

Also, the original problem still exists in that when I try and use the search box in the upper right corner of Firefox instead of getting a google search I get redirected to:
http://searchportal.information.com/...VZOg9XXANSA1sN

Thanks for the help.

Here are the report and log file data from SDFix, ComboFix, Dr.Web Cureit and Hijackthis, :



SDFix: Version 1.234
Run by Owner on Sat 10/11/2008 at 11:11
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\Documents and Settings\Owner\My Documents\My Documents.url - Deleted
C:\Documents and Settings\Owner\My Documents\My Music\My Music.url - Deleted
C:\Documents and Settings\Owner\My Documents\My Pictures\My Pictures.url - Deleted
C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url - Deleted
C:\WINNT\system32\s.ico - Deleted
C:\Documents and Settings\Owner\Favorites\Search Online.url - Deleted


Removing Temp Files
ADS Check :

C:\WINNT\system32
:{DA6227CB-326B-4B4D-9A81-04B81F1538DD} 12
Total size: 12 bytes.
system32: deleted 12 bytes in 1 streams.
Checking for remaining Streams
C:\WINNT\system32
No streams found.

Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 11:39:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F2E616B-BB6F-6CFF-0843-48BE68C69C38}]
"iagcjhnimlaifnppdf"=hex:6b,61,70,70,63,6d,6a,6e,6c,62,6a,69,68,68,65,61,6d,64,61,6b,66,..
"hamdlongjeajlfhg"=hex:6a,61,70,70,6d,6c,70,6f,69,6c,6f,6a,61,65,69,6d,65,67,6d,66,00,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe:*:Enabled:TiVo Server"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
"C:\\Program Files\\iVisit\\iVisit.exe"="C:\\Program Files\\iVisit\\iVisit.exe:*:Enabled: iVisit "
"C:\\WINNT\\system32\\dpnsvr.exe"="C:\\WINNT\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\TivoHME\\tra14\\trafficcam\\TrafficCam_Viewer_Service.exe"="C:\\TivoHME\\tra14\\trafficcam\\TrafficCam_Viewer_Service.exe:LocalSubNet:Enabled:TiVo: TrafficCam Viewer Service"
"C:\\Program Files\\TrafficCam Viewer\\TrafficCam_Viewer_Service.exe"="C:\\Program Files\\TrafficCam Viewer\\TrafficCam_Viewer_Service.exe:LocalSubNet:Enabled:TiVo: TrafficCam Viewer Service"
"C:\\Program Files\\Stock Viewer for TiVo\\Stock_Viewer_Windows_Service.exe"="C:\\Program Files\\Stock Viewer for TiVo\\Stock_Viewer_Windows_Service.exe:LocalSubNet:Enabled:TiVo: Stock Viewer"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\Replay7\\Tuner.exe"="C:\\Program Files\\Replay7\\Tuner.exe:*:Enabled:Replay Tuner"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe:*:Disabled:Orb Stream Client"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Disabled:OrbTVGuide"
"C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"="C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe:*:Enabled:eek:nlineTV"
"C:\\Program Files\\Galleon\\bin\\Wrapper.exe"="C:\\Program Files\\Galleon\\bin\\Wrapper.exe:*:Enabled:Galleon"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"="C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe:*:Enabled:eek:nlineTV"
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 13 May 2005 217,073 A.SHR --- "C:\WINNT\meta4.exe"
Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINNT\MOTA113.exe"
Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINNT\x2.64.exe"
Mon 8 May 2006 249,856 A..H. --- "C:\Program Files\BabasChess\BabasCrashReport.exe"
Sat 3 Feb 2001 48,640 A..H. --- "C:\Program Files\BabasChess\timeseal.exe"
Sun 13 Feb 2005 56 A.SHR --- "C:\WINNT\system32\9BD4D0C454.sys"
Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINNT\system32\avisynth.dll"
Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINNT\system32\AVSredirect.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINNT\system32\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINNT\system32\cygz.dll"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINNT\system32\i420vfw.dll"
Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINNT\system32\Smab.dll"
Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINNT\system32\x.264.exe"
Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINNT\system32\yv12vfw.dll"
Wed 2 Jul 2008 56 A.SH. --- "C:\Documents and Settings\All Users\Application Data\dc64vg9.sys"
Sat 19 Jun 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 22 Jun 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Sat 14 Apr 2007 361 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiBE.tmp"
Sun 12 Feb 2006 72,704 ..SHR --- "C:\Program Files\Jim Willsher\Bulk Rename Utility\Setup.exe"
Sat 10 Nov 2007 316 A.SH. --- "C:\Program Files\TSSI\File & Folder Lister\options.dll"
Tue 26 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 3 May 2004 67,944 ...H. --- "C:\Program Files\Ahead\Ahead\data\Nero PhotoShow Express.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sat 29 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\Owner\Desktop\Downloads\ZipBabasChess_3_6\BabasChess\timeseal.exe"
Finished!
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST 2

ComboFix 08-10-10.09 - Owner 2008-10-11 12:10:03.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.274 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\system32\_003540_.tmp.dll
C:\WINNT\system32\_003541_.tmp.dll
C:\WINNT\system32\_003542_.tmp.dll
C:\WINNT\system32\_003543_.tmp.dll
C:\WINNT\system32\_003548_.tmp.dll
C:\WINNT\system32\_003549_.tmp.dll
C:\WINNT\system32\_003550_.tmp.dll
C:\WINNT\system32\_003551_.tmp.dll
C:\WINNT\system32\_003552_.tmp.dll
C:\WINNT\system32\_003553_.tmp.dll
C:\WINNT\system32\_003554_.tmp.dll
C:\WINNT\system32\_003555_.tmp.dll
C:\WINNT\system32\_003556_.tmp.dll
C:\WINNT\system32\_003557_.tmp.dll
C:\WINNT\system32\_003558_.tmp.dll
C:\WINNT\system32\_003559_.tmp.dll
C:\WINNT\system32\_003560_.tmp.dll
C:\WINNT\system32\_003561_.tmp.dll
C:\WINNT\system32\_003562_.tmp.dll
C:\WINNT\system32\_003563_.tmp.dll
C:\WINNT\system32\_003564_.tmp.dll
C:\WINNT\system32\_003565_.tmp.dll
C:\WINNT\system32\_003566_.tmp.dll
C:\WINNT\system32\_003567_.tmp.dll
C:\WINNT\system32\_003569_.tmp.dll
C:\WINNT\system32\_003570_.tmp.dll
C:\WINNT\system32\_003572_.tmp.dll
C:\WINNT\system32\_003573_.tmp.dll
C:\WINNT\system32\_003574_.tmp.dll
C:\WINNT\system32\_003575_.tmp.dll
C:\WINNT\system32\_003576_.tmp.dll
C:\WINNT\system32\_003577_.tmp.dll
C:\WINNT\system32\_003579_.tmp.dll
C:\WINNT\system32\_003580_.tmp.dll
C:\WINNT\system32\_003581_.tmp.dll
C:\WINNT\system32\_003582_.tmp.dll
C:\WINNT\system32\_003583_.tmp.dll
C:\WINNT\system32\_003584_.tmp.dll
C:\WINNT\system32\_003585_.tmp.dll
C:\WINNT\system32\_003586_.tmp.dll
C:\WINNT\system32\_003589_.tmp.dll
C:\WINNT\system32\_003590_.tmp.dll
C:\WINNT\system32\_003591_.tmp.dll
C:\WINNT\system32\_003592_.tmp.dll
C:\WINNT\system32\_003593_.tmp.dll
C:\WINNT\system32\_003594_.tmp.dll
C:\WINNT\system32\_003595_.tmp.dll
C:\WINNT\system32\_003597_.tmp.dll
C:\WINNT\system32\_003598_.tmp.dll
C:\WINNT\system32\_003599_.tmp.dll
C:\WINNT\system32\_003600_.tmp.dll
C:\WINNT\system32\_003601_.tmp.dll
C:\WINNT\system32\_003602_.tmp.dll
C:\WINNT\system32\_003603_.tmp.dll
C:\WINNT\system32\_003604_.tmp.dll
C:\WINNT\system32\_003605_.tmp.dll
C:\WINNT\system32\_003606_.tmp.dll
C:\WINNT\system32\_003607_.tmp.dll
C:\WINNT\system32\_003608_.tmp.dll
C:\WINNT\system32\_003610_.tmp.dll
C:\WINNT\system32\_003611_.tmp.dll
C:\WINNT\system32\_003612_.tmp.dll
C:\WINNT\system32\_003613_.tmp.dll
C:\WINNT\system32\_003615_.tmp.dll
C:\WINNT\system32\_003617_.tmp.dll
C:\WINNT\system32\_003618_.tmp.dll
C:\WINNT\system32\_003619_.tmp.dll
C:\WINNT\system32\_003620_.tmp.dll
C:\WINNT\system32\_003621_.tmp.dll
C:\WINNT\system32\_003622_.tmp.dll
C:\WINNT\system32\_003623_.tmp.dll
C:\WINNT\system32\_003625_.tmp.dll
C:\WINNT\system32\_003626_.tmp.dll
C:\WINNT\system32\_003627_.tmp.dll
C:\WINNT\system32\_003628_.tmp.dll
C:\WINNT\system32\_003629_.tmp.dll
C:\WINNT\system32\_003630_.tmp.dll
C:\WINNT\system32\_003631_.tmp.dll
C:\WINNT\system32\_003632_.tmp.dll
C:\WINNT\system32\_003634_.tmp.dll
C:\WINNT\system32\_003635_.tmp.dll
C:\WINNT\system32\_003637_.tmp.dll
C:\WINNT\system32\_003638_.tmp.dll
C:\WINNT\system32\_003640_.tmp.dll
C:\WINNT\system32\_003641_.tmp.dll
C:\WINNT\system32\_003645_.tmp.dll
C:\WINNT\system32\_003646_.tmp.dll
C:\WINNT\system32\_003648_.tmp.dll
C:\WINNT\system32\_003651_.tmp.dll
C:\WINNT\system32\_003653_.tmp.dll
C:\WINNT\system32\_003654_.tmp.dll
C:\WINNT\system32\_003655_.tmp.dll
C:\WINNT\system32\_003656_.tmp.dll
C:\WINNT\system32\_003659_.tmp.dll
C:\WINNT\system32\_003660_.tmp.dll
C:\WINNT\system32\_003661_.tmp.dll
C:\WINNT\system32\_003662_.tmp.dll
C:\WINNT\system32\_003663_.tmp.dll
C:\WINNT\system32\_003668_.tmp.dll
C:\WINNT\system32\_003670_.tmp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.
2008-10-11 11:10 . 2008-10-11 11:10 578,560 --a------ C:\WINNT\system32\dllcache\user32.dll
2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d-------- C:\WINNT\ERUNT
2008-10-11 10:56 . 2008-10-11 11:53 <DIR> d-------- C:\SDFix
2008-10-11 10:49 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
2008-10-11 10:47 . 2008-10-11 10:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-11 08:21 . 2008-10-11 08:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 07:52 . 2008-10-11 07:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-11 02:50 . 2008-10-11 02:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 02:50 . 2008-09-10 00:04 38,528 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-10-11 02:50 . 2008-09-10 00:03 17,200 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-10-11 02:12 . 2008-10-11 02:23 3,208 --a------ C:\WINNT\system32\tmp.reg
2008-10-04 05:30 . 2001-08-17 22:37 24,576 --a------ C:\WINNT\system32\dllcache\agcgauge.ax
2008-10-04 04:15 . 2001-08-17 12:19 747,392 --a------ C:\WINNT\system32\dllcache\adm8830.sys
2008-10-04 04:15 . 2001-08-17 12:19 584,448 --a------ C:\WINNT\system32\dllcache\adm8810.sys
2008-10-04 04:15 . 2001-08-17 12:19 553,984 --a------ C:\WINNT\system32\dllcache\adm8820.sys
2008-10-04 04:15 . 2001-08-17 12:11 46,112 --a------ C:\WINNT\system32\dllcache\adptsf50.sys
2008-10-04 04:15 . 2001-08-17 12:11 20,160 --a------ C:\WINNT\system32\dllcache\adm8511.sys
2008-10-04 04:15 . 2008-04-13 22:06 10,880 --a------ C:\WINNT\system32\dllcache\admjoy.sys
2008-10-04 04:15 . 2001-08-17 13:53 7,424 --a------ C:\WINNT\system32\dllcache\adicvls.sys
2008-09-18 21:43 . 2008-09-18 21:43 <DIR> d-------- C:\Program Files\MedianSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 17:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 15:49 --------- d-----w C:\Program Files\Java
2008-10-11 13:19 --------- d-----w C:\Program Files\Gateway
2008-10-11 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-06 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2008-10-04 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-09-28 08:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-09-14 12:30 --------- d-----w C:\Program Files\MediaMall
2008-09-12 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaMall
2008-09-11 04:59 --------- d-----w C:\Program Files\SAMSUNG
2008-09-11 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\TV-Websites
2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\ffdshowEx
2008-08-30 16:04 --------- d-----w C:\Program Files\Windows Resource Kits
2008-08-30 09:10 97,928 ----a-w C:\WINNT\system32\drivers\avgldx86.sys
2008-08-16 20:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-16 07:14 --------- d-----w C:\Program Files\Sytexis Software
2008-08-16 07:13 --------- d-----w C:\Program Files\Yahoo!
2008-08-15 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\kds_kodak
2008-08-15 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
2008-08-15 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-15 01:33 --------- d-----w C:\Program Files\Kodak
2008-08-11 03:54 --------- d-----w C:\Program Files\Ashkon Software
2008-08-11 03:41 --------- d-----w C:\Program Files\VideoJoiner
2008-07-03 02:00 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
2007-12-12 13:48 43,152 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-04-29 05:10 4,735,318 ----a-w C:\Program Files\unboxondemand-0.27.zip
2006-12-02 18:34 142 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2006-11-20 01:58 158,520 ----a-w C:\Documents and Settings\Owner\whois.exe
2006-10-23 04:09 78,392 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-07-23 18:20 665 ----a-w C:\Documents and Settings\Owner\Application Data\waver_2.95.dat
2005-08-29 16:28 21 ----a-w C:\Documents and Settings\Owner\close.bat
2005-02-17 03:46 18,764 ----a-w C:\Program Files\recording.ivb
2005-02-16 01:08 483,401 ----a-w C:\Documents and Settings\Owner\gotomypc.exe
2005-02-14 12:35 2,449,408 ----a-w C:\Documents and Settings\Owner\gosetup.exe
2005-05-13 22:12 217,073 --sha-r C:\WINNT\meta4.exe
2005-10-24 16:13 66,560 --sha-r C:\WINNT\MOTA113.exe
2005-10-14 02:27 422,400 --sha-r C:\WINNT\x2.64.exe
2005-02-13 20:03 56 --sha-r C:\WINNT\system32\9BD4D0C454.sys
2005-10-08 00:14 308,224 --sha-r C:\WINNT\system32\avisynth.dll
2005-07-14 17:31 27,648 --sha-r C:\WINNT\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINNT\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINNT\system32\cygz.dll
2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\i420vfw.dll
2006-04-27 15:24 2,945,024 --sha-r C:\WINNT\system32\Smab.dll
2005-02-28 18:16 240,128 --sha-r C:\WINNT\system32\x.264.exe
2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Windows Live FolderShare"="C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 925728]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 916240]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"igfxpers"="C:\WINNT\system32\igfxpers.exe" [2005-09-20 114688]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"EKIJ5000StatusMonitor"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-05-17 2299400]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-11-06 2577120]
"MXOBG"="C:\WINNT\MXOALDR.EXE" [2003-10-10 94208]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-02-03 435736]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2004-08-31 110592]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NetVanta VPN Client.lnk - C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe [2007-02-11 73780]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\iVisit\\iVisit.exe"=
"C:\\WINNT\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Replay7\\Tuner.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe"=
"C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
"C:\\Program Files\\Galleon\\bin\\Wrapper.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"=
"C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2190:UDP"= 2190:UDP:HMO
"8081:TCP"= 8081:TCP:HMO
"2190:TCP"= 2190:TCP:HMO
"1527:TCP"= 1527:TCP:Galleon
"1099:TCP"= 1099:TCP:Galleon
"5353:UDP"= 5353:UDP:HME
"7288:TCP"= 7288:TCP:HME
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINNT\system32\Drivers\IPSECDRV.sys [2005-11-30 136760]
R1 Pivot;Pivot;C:\WINNT\system32\drivers\pivot.sys [2006-08-24 17465]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Crypto;Crypto;C:\WINNT\system32\Drivers\Crypto.sys [2005-08-15 536634]
R2 Galleon;Galleon;C:\Program Files\Galleon\bin\Wrapper.exe [2006-04-15 110592]
R2 TiVo: TrafficCam Viewer;TiVo: TrafficCam Viewer;c:\progra~1\traffi~1\traffi~1.exe [2006-03-12 154624]
R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2006-07-11 857088]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINNT\system32\DRIVERS\vap.sys [2001-12-14 36188]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINNT\system32\DRIVERS\lknuhst.sys [2006-10-18 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINNT\system32\DRIVERS\lknuhub.sys [2006-10-18 37248]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINNT\system32\drivers\pivotmou.sys [2006-08-24 11323]
S2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
S2 SVKP;SVKP;C:\WINNT\System32\SVKP.sys [ ]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 LKNUCMP;Linksys Network USB Composite Device;C:\WINNT\system32\DRIVERS\lknucmp.sys [2006-10-18 11648]
S3 SaiH0464;SaiH0464;C:\WINNT\system32\DRIVERS\SaiH0464.sys [2004-06-11 56576]
S3 SndTDriverV32;SndTDriverV32;C:\WINNT\system32\drivers\SndTDriverV32.sys [2007-01-30 513152]
S3 TiVo.Net Auto-Transcoding Service;TiVo.Net Auto-Transcoding Service;C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe [2007-02-09 20480]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe [ ]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\XE104Sp50.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\WINNT\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-10-10 C:\WINNT\Tasks\EasyShare Registration Task.job
- C:\WINNT\system32\rundll32.exe [2008-04-14 05:42]
2008-10-03 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2007-05-12 C:\WINNT\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2006-07-23 C:\WINNT\Tasks\XoftSpy.job
- C:\Program Files\XoftSpy\XoftSpy.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-FolderShare - C:\Program Files\FolderShare\FolderShare.exe
HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\haz2xmy6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.drudgereport.com/
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 12:19:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TiVo: TrafficCam Viewer]
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINNT\system32\drivers\CDANTSRV.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
C:\WINNT\system32\CTSVCCDA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINNT\system32\java.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-11 12:34:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-11 17:34:14
Pre-Run: 25,739,157,504 bytes free
Post-Run: 25,062,703,104 bytes free
391 --- E O F --- 2008-09-14 15:08:57
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST 3


DrWeb.csv

Fport.exe;C:\;Program.FPort.20;Incurable.Moved.;add_remove.exe;C:\clippy;Joke.Addrem;Incurable.Moved.;burp.exe;C:\clippy;Joke.Burper;Incurable.Moved.;dxmani.exe;C:\Documents and Settings\Owner\Desktop\Downloads;Program.AnalogProxy;Incurable.Moved.;Fport.exe;C:\Documents and Settings\Owner\Desktop\Downloads\fport\Fport-2.0;Program.FPort.20;Incurable.Moved.;Process.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;restart.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;A0263615.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1858;Adware.Bho.73;Incurable.Moved.;A0263941.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Program.PsExec.170;Incurable.Moved.;A0263978.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263978.exe;Program.PsExec.171;;A0263978.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263979.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263979.exe;Tool.Prockill;;A0263979.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263980.exe\SmitfraudFix\AntiXPVSTFix.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263980.exe;BackDoor.IRC.Dosig.15;;A0263980.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263980.exe;Tool.Prockill;;A0263980.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263980.exe;Tool.ShutDown.11;;A0263980.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263981.exe\add_remove.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263981.exe;Joke.Addrem;;A0263981.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263982.exe\data038;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263982.exe;Adware.Aws;;A0263982.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263983.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;BackDoor.IRC.Dosig.15;Deleted.;AntiXPVSTFix.exe;C:\WINNT\system32;BackDoor.IRC.Dosig.15;Deleted.;Process.exe;C:\WINNT\system32;Tool.Prockill;Incurable.Moved.;




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:18:30, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Galleon\bin\Wrapper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINNT\system32\java.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\System32\svchost.exe
c:\progra~1\traffi~1\traffi~1.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINNT\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: NetVanta VPN Client.lnk = C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: Domain = adtran.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: NameServer = 172.22.48.47,208.67.220.220
O18 - Protocol: bw+0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe
O23 - Service: TiVo: TrafficCam Viewer - http://bitrazor.com/tc - c:\progra~1\traffi~1\traffi~1.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe (file missing)
--
End of file - 22819 bytes
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST 4

I had to break this reply into 4 posts due to 30000 character limit per post. Please view this one and the three previous ones as a single post. Please read comments at the begining of post 1.

Thanks for any help.
 
Joined
Feb 15, 2004
Messages
12,302
* Copy the entire contents of the Quote Box below to Notepad.
* Name the file as CFScript.txt
* Change the Save as Type to All Files
* and Save it on the desktop


KILLALL::

File::
C:\WINNT\system32\9BD4D0C454.sys



Driver::
9BD4D0C454
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall




Download Superantispyware (SAS):

http://www.superantispyware.com/supe....html?rid=3132


Once downloaded and installed update the defintions
and then run a full system scan quarantine what it finds!


* Double-click SUPERAntiSypware.exe and use the default settings for
installation.
* An icon will be created on your desktop. Double-click that icon to launch
the program.
* If asked to update the program definitions, click "Yes". If not, update
the definitions before scanning by selecting "Check for Updates". (If you
encounter any problems while downloading the updates, manually download and
unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all
others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your
computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your
computer.
* After the scan is complete, a Scan Summary box will appear with
potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete".
Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware
again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.




Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2

http://malwarebytes.gt500.org/mbam-setup.exe

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
o Update Malwarebytes' Anti-Malware
o Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
* On the Scanner tab:
o Make sure the "Perform Quick Scan" option is selected.
o Then click on the Scan button.
* If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the contents of that report in your next reply with a new hijackthis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


post another log, the combo, the super and the malwarebytes log!
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST1

OK, I have run everything. I am breaking this up into 4 posts. Here is the Combofix with the special script log.

ComboFix 08-10-11.04 - Owner 2008-10-12 13:44:32.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.187 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINNT\system32\9BD4D0C454.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\system32\9BD4D0C454.sys
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-11 12:42 . 2008-10-11 14:55 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2008-10-11 11:10 . 2008-10-11 11:10 578,560 --a------ C:\WINNT\system32\dllcache\user32.dll
2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d-------- C:\WINNT\ERUNT
2008-10-11 10:56 . 2008-10-11 11:53 <DIR> d-------- C:\SDFix
2008-10-11 10:49 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
2008-10-11 10:47 . 2008-10-11 10:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-11 08:21 . 2008-10-11 08:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-11 07:52 . 2008-10-11 07:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-10-11 02:50 . 2008-10-11 02:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 02:50 . 2008-09-10 00:04 38,528 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
2008-10-11 02:50 . 2008-09-10 00:03 17,200 --a------ C:\WINNT\system32\drivers\mbam.sys
2008-10-11 02:23 . 2007-09-06 00:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-10-11 02:23 . 2006-04-27 17:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2008-10-11 02:23 . 2008-10-01 15:51 87,552 --a------ C:\WINNT\system32\VACFix.exe
2008-10-11 02:23 . 2008-10-10 08:58 82,944 --a------ C:\WINNT\system32\o4Patch.exe
2008-10-11 02:23 . 2008-05-18 21:40 82,944 --a------ C:\WINNT\system32\IEDFix.exe
2008-10-11 02:23 . 2008-10-10 08:58 82,944 --a------ C:\WINNT\system32\IEDFix.C.exe
2008-10-11 02:23 . 2008-08-18 12:19 82,432 --a------ C:\WINNT\system32\404Fix.exe
2008-10-11 02:23 . 2004-07-31 18:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
2008-10-11 02:23 . 2007-10-04 00:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-10-11 02:12 . 2008-10-11 02:23 3,208 --a------ C:\WINNT\system32\tmp.reg
2008-10-04 05:30 . 2001-08-17 22:37 24,576 --a------ C:\WINNT\system32\dllcache\agcgauge.ax
2008-10-04 04:15 . 2001-08-17 12:19 747,392 --a------ C:\WINNT\system32\dllcache\adm8830.sys
2008-10-04 04:15 . 2001-08-17 12:19 584,448 --a------ C:\WINNT\system32\dllcache\adm8810.sys
2008-10-04 04:15 . 2001-08-17 12:19 553,984 --a------ C:\WINNT\system32\dllcache\adm8820.sys
2008-10-04 04:15 . 2001-08-17 12:11 46,112 --a------ C:\WINNT\system32\dllcache\adptsf50.sys
2008-10-04 04:15 . 2001-08-17 12:11 20,160 --a------ C:\WINNT\system32\dllcache\adm8511.sys
2008-10-04 04:15 . 2008-04-13 22:06 10,880 --a------ C:\WINNT\system32\dllcache\admjoy.sys
2008-10-04 04:15 . 2001-08-17 13:53 7,424 --a------ C:\WINNT\system32\dllcache\adicvls.sys
2008-09-18 21:43 . 2008-09-18 21:43 <DIR> d-------- C:\Program Files\MedianSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 18:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-12 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-11 15:49 --------- d-----w C:\Program Files\Java
2008-10-11 13:19 --------- d-----w C:\Program Files\Gateway
2008-10-06 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
2008-10-04 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-09-28 08:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-09-14 12:30 --------- d-----w C:\Program Files\MediaMall
2008-09-12 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaMall
2008-09-11 04:59 --------- d-----w C:\Program Files\SAMSUNG
2008-09-11 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\TV-Websites
2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\ffdshowEx
2008-08-30 16:04 --------- d-----w C:\Program Files\Windows Resource Kits
2008-08-30 09:10 97,928 ----a-w C:\WINNT\system32\drivers\avgldx86.sys
2008-08-16 20:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-16 07:14 --------- d-----w C:\Program Files\Sytexis Software
2008-08-16 07:13 --------- d-----w C:\Program Files\Yahoo!
2008-08-15 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\kds_kodak
2008-08-15 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
2008-08-15 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-08-15 01:33 --------- d-----w C:\Program Files\Kodak
2008-07-03 02:00 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
2007-12-12 13:48 43,152 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-04-29 05:10 4,735,318 ----a-w C:\Program Files\unboxondemand-0.27.zip
2006-12-02 18:34 142 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2006-11-20 01:58 158,520 ----a-w C:\Documents and Settings\Owner\whois.exe
2006-10-23 04:09 78,392 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-07-23 18:20 665 ----a-w C:\Documents and Settings\Owner\Application Data\waver_2.95.dat
2005-08-29 16:28 21 ----a-w C:\Documents and Settings\Owner\close.bat
2005-02-17 03:46 18,764 ----a-w C:\Program Files\recording.ivb
2005-02-16 01:08 483,401 ----a-w C:\Documents and Settings\Owner\gotomypc.exe
2005-02-14 12:35 2,449,408 ----a-w C:\Documents and Settings\Owner\gosetup.exe
2005-05-13 22:12 217,073 --sha-r C:\WINNT\meta4.exe
2005-10-24 16:13 66,560 --sha-r C:\WINNT\MOTA113.exe
2005-10-14 02:27 422,400 --sha-r C:\WINNT\x2.64.exe
2005-10-08 00:14 308,224 --sha-r C:\WINNT\system32\avisynth.dll
2005-07-14 17:31 27,648 --sha-r C:\WINNT\system32\AVSredirect.dll
2005-06-26 20:32 616,448 --sha-r C:\WINNT\system32\cygwin1.dll
2005-06-22 03:37 45,568 --sha-r C:\WINNT\system32\cygz.dll
2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\i420vfw.dll
2006-04-27 15:24 2,945,024 --sha-r C:\WINNT\system32\Smab.dll
2005-02-28 18:16 240,128 --sha-r C:\WINNT\system32\x.264.exe
2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Windows Live FolderShare"="C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 925728]
"Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 916240]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"igfxpers"="C:\WINNT\system32\igfxpers.exe" [2005-09-20 114688]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
"EKIJ5000StatusMonitor"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-05-17 2299400]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-11-06 2577120]
"MXOBG"="C:\WINNT\MXOALDR.EXE" [2003-10-10 94208]
"MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-02-03 435736]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2004-08-31 110592]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NetVanta VPN Client.lnk - C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe [2007-02-11 73780]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\iVisit\\iVisit.exe"=
"C:\\WINNT\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Replay7\\Tuner.exe"=
"C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe"=
"C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
"C:\\Program Files\\Galleon\\bin\\Wrapper.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"=
"C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2190:UDP"= 2190:UDP:HMO
"8081:TCP"= 8081:TCP:HMO
"2190:TCP"= 2190:TCP:HMO
"1527:TCP"= 1527:TCP:Galleon
"1099:TCP"= 1099:TCP:Galleon
"5353:UDP"= 5353:UDP:HME
"7288:TCP"= 7288:TCP:HME
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINNT\system32\Drivers\IPSECDRV.sys [2005-11-30 136760]
R1 Pivot;Pivot;C:\WINNT\system32\drivers\pivot.sys [2006-08-24 17465]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Crypto;Crypto;C:\WINNT\system32\Drivers\Crypto.sys [2005-08-15 536634]
R2 Galleon;Galleon;C:\Program Files\Galleon\bin\Wrapper.exe [2006-04-15 110592]
R2 TiVo: TrafficCam Viewer;TiVo: TrafficCam Viewer;c:\progra~1\traffi~1\traffi~1.exe [2006-03-12 154624]
R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2006-07-11 857088]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINNT\system32\DRIVERS\vap.sys [2001-12-14 36188]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINNT\system32\DRIVERS\lknuhst.sys [2006-10-18 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINNT\system32\DRIVERS\lknuhub.sys [2006-10-18 37248]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINNT\system32\drivers\pivotmou.sys [2006-08-24 11323]
S2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
S2 SVKP;SVKP;C:\WINNT\System32\SVKP.sys [ ]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 LKNUCMP;Linksys Network USB Composite Device;C:\WINNT\system32\DRIVERS\lknucmp.sys [2006-10-18 11648]
S3 SaiH0464;SaiH0464;C:\WINNT\system32\DRIVERS\SaiH0464.sys [2004-06-11 56576]
S3 SndTDriverV32;SndTDriverV32;C:\WINNT\system32\drivers\SndTDriverV32.sys [2007-01-30 513152]
S3 TiVo.Net Auto-Transcoding Service;TiVo.Net Auto-Transcoding Service;C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe [2007-02-09 20480]
S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe [ ]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\XE104Sp50.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-07 C:\WINNT\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-10-10 C:\WINNT\Tasks\EasyShare Registration Task.job
- C:\WINNT\system32\rundll32.exe [2008-04-14 05:42]
2008-10-03 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2007-05-12 C:\WINNT\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2006-07-23 C:\WINNT\Tasks\XoftSpy.job
- C:\Program Files\XoftSpy\XoftSpy.exe []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 13:53:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
"ImagePath"="\"C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TiVo: TrafficCam Viewer]
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\WINNT\system32\drivers\CDANTSRV.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
C:\WINNT\system32\CTSVCCDA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINNT\system32\java.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-12 14:10:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-12 19:10:39
ComboFix2.txt 2008-10-12 18:25:37
ComboFix3.txt 2008-10-11 17:34:33
Pre-Run: 24,875,225,088 bytes free
Post-Run: 24,860,696,576 bytes free
291 --- E O F --- 2008-09-14 15:08:57
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST2

Here is the SUPERAntiSpyware Scan Log - 10-12-2008 - 19-07-52.log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/12/2008 at 07:07 PM
Application Version : 4.21.1004
Core Rules Database Version : 3595
Trace Rules Database Version: 1582
Scan type : Complete Scan
Total Scan Time : 02:26:33
Memory items scanned : 466
Memory threats detected : 0
Registry items scanned : 7778
Registry threats detected : 0
File items scanned : 129407
File threats detected : 23
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Adware.GloboLook
C:\!CONMANIA COLLECTION\FOOD\BRAND NAMES\MARLBORO CIGARETTES.ICO
C:\!CONMANIA COLLECTION\MUSIC\LES PAUL.ICO
C:\!CONMANIA COLLECTION\ORGANIZATIONS\VISA.ICO
C:\!CONMANIA COLLECTION\SCIENCE\HEALTH\MEDICAL CARE.ICO
C:\!CONMANIA COLLECTION\SCIENCE\HEALTH\PILL.ICO
C:\!CONMANIA COLLECTION\SCIENCE\HEALTH\PRESCRIPTION BOTTLE.ICO
C:\!CONMANIA COLLECTION\SEASONS & HOLIDAYS\AUGUST.ICO
C:\!CONMANIA COLLECTION\SPORTS & RECREATION\BASKETBALL 01.ICO
C:\!CONMANIA COLLECTION\SPORTS & RECREATION\BLACKJACK.ICO
C:\!CONMANIA COLLECTION\TRANSPORTATION\JET.ICO
Rogue.Multi/Component
C:\DOCUMENTS AND SETTINGS\OWNER\DOCTORWEB\QUARANTINE\A0263615.DLL
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST3

Here is the mbam-log-2008-10-12 (21-20-59).txt log

Malwarebytes' Anti-Malware 1.28
Database version: 1261
Windows 5.1.2600 Service Pack 3
10/12/2008 9:20:59 PM
mbam-log-2008-10-12 (21-20-59).txt
Scan type: Quick Scan
Objects scanned: 60835
Time elapsed: 13 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
POST 4

And here is the new HiJackthis log. Thanks for all the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:24 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Gateway\EzTune\dtsslsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\Program Files\Galleon\bin\Wrapper.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINNT\system32\java.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\System32\svchost.exe
c:\progra~1\traffi~1\traffi~1.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINNT\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Eraser\Eraser.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: NetVanta VPN Client.lnk = C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: Domain = adtran.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: NameServer = 172.22.48.47,208.67.220.220
O18 - Protocol: bw+0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe
O23 - Service: TiVo: TrafficCam Viewer - http://bitrazor.com/tc - c:\progra~1\traffi~1\traffi~1.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe (file missing)
--
End of file - 23105 bytes
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
Please note that you have to look at all 4 previous posts to see all the info that was requested for me to gather. I had to break them up due to size.

Thanks.
 
Joined
Feb 15, 2004
Messages
12,302
clean log!


fix these with hijack this!


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)





You should now turn off system restore to flush out the bad restore points
and
then re-enable it and make a new clean restore point.


How to turn off system restore

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


http://support.microsoft.com/default.aspx?scid=kb;[LN];310405




Here's some free tools to keep you from getting infected in the future.


To stop reinfection get spywareblaster from


http://www.javacoolsoftware.com/downloads.html


get the hosts file from here.Unzip it to a folder!



http://www.mvps.org/winhelp2002/hosts.htm


put it into : or click the mvps bat and it should do it for you!


Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS



ie-spyad.Puts over 5000 sites in your restricted zone so you'll be protected

when you visit innocent-looking sites that aren't actually innocent at all.


http://www.spywarewarrior.com/uiuc/resource.htm




Use either Arovax or spyware terminator, you could try both and see
what one you like!


Arovax shield.

http://www.arovaxshield.com/


Spyware Terminator

http://www.spywareterminator.com/dnl/landing.aspx


In spyware terminator, click real time protection and tick the box to use
real time protection and tick all the boxes except file exceptions shield.
If your confident in using its advanced feature, click advanced and tick
the HIPS box.

If you want to install and uninstall programs it is best to
temporarily disable Spyware terminator and then re-enable it after you
have installed or uninstalled a program as it will create a lot of pop ups
asking you do you wish this to happen!

Right click spyware terminator on the bottom right of your status bar and
choose exit.Then tick the box and that is spyware terminator disabled!




I would also suggest switching to Mozilla's firefox browser, it's safer, has
a built in pop up blocker, blocks cookies and adds. Mozilla Thunderbird is
also a good
e-mail client.

http://www.mozilla.org/


Another good and free browser is Opera!

http://www.opera.com/


Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html


A good overall guide for firewalls, anti-virus, and anti-trojans as well as
regular spyware cleaners.

http://www.firewallguide.com/anti-trojan.htm



you can mark your own thread solved through thread tools at the top of
the page.
 

auenbear

Thread Starter
Joined
Oct 11, 2008
Messages
16
Many thanks to Khazars for all the help on this problem. I have marked this thread "Solved" and I really appreciate the help.

Auenbear
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top