1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Firefox search engine taken over by Windiwsfsearch.com

Discussion in 'Virus & Other Malware Removal' started by auenbear, Oct 11, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    When I try and use the search box in the upper right corner of Firefox instead of getting a google search I get redirected to:
    http://searchportal.information.com...GVEUCCRtWV1USXwpBawBUVgZYUQUNU0VZOg9XXANSA1sN

    It says that it is a search engine called Windiwsfsearch.com. I used about:config to try and reset the default search engine to google. It lets me set it but when I do a search it still goes to Windiwsfsearch.com.

    Here is a copy of the hijackthis.log

    Please help.

    Thanks


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:22:55, on 10/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINNT\System32\CTSvcCDA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\Program Files\Galleon\bin\Wrapper.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\WINNT\system32\java.exe
    C:\WINNT\System32\svchost.exe
    c:\progra~1\traffi~1\traffi~1.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\WINNT\MXOALDR.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [LDM] \Program\
    O4 - HKCU\..\Run: [FolderShare] "C:\Program Files\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] lsac.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] lsac.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
    O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: NetVanta VPN Client.lnk = C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: Domain = adtran.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: NameServer = 172.22.48.47,208.67.220.220
    O18 - Protocol: bw+0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe
    O23 - Service: TiVo: TrafficCam Viewer - http://bitrazor.com/tc - c:\progra~1\traffi~1\traffi~1.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe (file missing)
    --
    End of file - 23192 bytes
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    hi, welcome to TSG.


    Go to add/remove and uninstall Logitech\Desktop Messenger, you don't need it!




    Go here and downlaod the latest version of java, once
    downloaded, go to add/remove and uninstall all previous versions of java
    from add/remove and then instlall the latest version you just downloaded!


    http://java.com/en/download/manual.jsp



    * Click here to download ATF Cleaner by Atribune and save it to your
    desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords,
    please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords,
    please click No at the prompt.
    * Click Exit on the Main menu to close the program.




    Download SDFix and save it to your Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :

    * Restart your computer
    * After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, the Advanced Options Menu should
    appear;
    * Select the first option, to run Windows in Safe Mode, then press
    Enter.
    * Choose your usual account.

    * Open the extracted SDFix folder and double click RunThis.bat to start
    the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds
    then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the
    removal process then display Finished, press any key to end the script and
    load your desktop icons.
    * Once the desktop icons load the SDFix report will open on screen and
    also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on
    the forum).
    * Finally paste the contents of the Report.txt back on the forum with a
    new HijackThis log

    _____________________________________________________________________

    NOTE: If you have downloaded ComboFix previously please delete that
    version and download it again!


    Please visit this webpage for instructions for downloading and running
    ComboFix.


    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    Post the log from ComboFix when you've accomplished that along with a
    new HijackThis log.


    Download ComboFix from
    Here
    or
    Here
    to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just
    before Windows starts to load. If done right a Windows Advanced Options menu
    will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a
      HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its
    running. That may cause it to stall






    * Download Dr.Web CureIt to the desktop:
    ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

    * Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    * This will scan the files currently running in memory and when something is
    found,
    click the yes button when it asks you if you want to cure it. This is only a
    short scan.
    * Once the short scan has finished, Click Options > Change settings
    * Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
    * Back at the main window, mark the drives that you want to scan.
    * Select all drives. A red dot shows which drives have been chosen.
    * Click the green arrow at the right, and the scan will start.
    * Click 'Yes to all' if it asks if you want to cure/move the file.
    * When the scan has finished, look if you can click next icon next to the
    files found: IPB Image
    * If so, click it and then click the next icon right below and select Move
    incurable as you'll see in next image:
    IPB Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it
    can't be cured. (this in case if we need samples)
    * After selecting, in the Dr.Web CureIt menu on top, click file and choose
    save report list
    * Save the report to your desktop. The report will be called DrWeb.csv
    * Close Dr.Web Cureit.
    * Reboot your computer!! Because it could be possible that files in use will
    be moved/deleted during reboot.




    Post a new hijack this, the dr web scan log, the combo log and the sdfix log!
     
  3. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    Thanks for the quick reply. I'll go through the steps you provided and post the response.

    Thanks
     
  4. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    I had to break this into several posts due to 30000 character limit.

    POST 1


    OK, I deleted Logitech\Desktop, removed old Java, installed jre-6u7-windows-i586-p-iftw.exe Java, ran ATF Cleaner, ran SDFix, ran ComboFix, ran Dr.Web Cureit and ran Hijackthis.

    One strange occurance is that my computer clock is now in military time. Should one of these scans have caused that?

    Also, the original problem still exists in that when I try and use the search box in the upper right corner of Firefox instead of getting a google search I get redirected to:
    http://searchportal.information.com/...VZOg9XXANSA1sN

    Thanks for the help.

    Here are the report and log file data from SDFix, ComboFix, Dr.Web Cureit and Hijackthis, :



    SDFix: Version 1.234
    Run by Owner on Sat 10/11/2008 at 11:11
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Checking Services :

    Restoring Default Security Values
    Restoring Default Hosts File
    Rebooting

    Checking Files :
    Trojan Files Found:
    C:\Documents and Settings\Owner\My Documents\My Documents.url - Deleted
    C:\Documents and Settings\Owner\My Documents\My Music\My Music.url - Deleted
    C:\Documents and Settings\Owner\My Documents\My Pictures\My Pictures.url - Deleted
    C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url - Deleted
    C:\WINNT\system32\s.ico - Deleted
    C:\Documents and Settings\Owner\Favorites\Search Online.url - Deleted


    Removing Temp Files
    ADS Check :

    C:\WINNT\system32
    :{DA6227CB-326B-4B4D-9A81-04B81F1538DD} 12
    Total size: 12 bytes.
    system32: deleted 12 bytes in 1 streams.
    Checking for remaining Streams
    C:\WINNT\system32
    No streams found.

    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 11:39:38
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    scanning hidden registry entries ...
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5F2E616B-BB6F-6CFF-0843-48BE68C69C38}]
    "iagcjhnimlaifnppdf"=hex:6b,61,70,70,63,6d,6a,6e,6c,62,6a,69,68,68,65,61,6d,64,61,6b,66,..
    "hamdlongjeajlfhg"=hex:6a,61,70,70,6d,6c,70,6f,69,6c,6f,6a,61,65,69,6d,65,67,6d,66,00,..
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"="C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe:*:Enabled:TiVo Server"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windowsr NetMeetingr"
    "C:\\Program Files\\iVisit\\iVisit.exe"="C:\\Program Files\\iVisit\\iVisit.exe:*:Enabled: iVisit "
    "C:\\WINNT\\system32\\dpnsvr.exe"="C:\\WINNT\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\TivoHME\\tra14\\trafficcam\\TrafficCam_Viewer_Service.exe"="C:\\TivoHME\\tra14\\trafficcam\\TrafficCam_Viewer_Service.exe:LocalSubNet:Enabled:TiVo: TrafficCam Viewer Service"
    "C:\\Program Files\\TrafficCam Viewer\\TrafficCam_Viewer_Service.exe"="C:\\Program Files\\TrafficCam Viewer\\TrafficCam_Viewer_Service.exe:LocalSubNet:Enabled:TiVo: TrafficCam Viewer Service"
    "C:\\Program Files\\Stock Viewer for TiVo\\Stock_Viewer_Windows_Service.exe"="C:\\Program Files\\Stock Viewer for TiVo\\Stock_Viewer_Windows_Service.exe:LocalSubNet:Enabled:TiVo: Stock Viewer"
    "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "C:\\Program Files\\Replay7\\Tuner.exe"="C:\\Program Files\\Replay7\\Tuner.exe:*:Enabled:Replay Tuner"
    "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbRMStreamerClient.exe:*:Disabled:Orb Stream Client"
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb3GPStreamerClient.exe:*:Disabled:Orb Stream Client"
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Disabled:OrbTVGuide"
    "C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe:*:Enabled:Media Player Classic"
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb"
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray"
    "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
    "C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"="C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe:*:Enabled:eek:nlineTV"
    "C:\\Program Files\\Galleon\\bin\\Wrapper.exe"="C:\\Program Files\\Galleon\\bin\\Wrapper.exe:*:Enabled:Galleon"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe:*:Enabled:IreIke"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"="C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
    "C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"="C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe:*:Enabled:eek:nlineTV"
    "C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe:*:Enabled:Windows Live FolderShare Beta"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe:*:Enabled:IreIke"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe"="C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Fri 13 May 2005 217,073 A.SHR --- "C:\WINNT\meta4.exe"
    Mon 24 Oct 2005 66,560 A.SHR --- "C:\WINNT\MOTA113.exe"
    Thu 13 Oct 2005 422,400 A.SHR --- "C:\WINNT\x2.64.exe"
    Mon 8 May 2006 249,856 A..H. --- "C:\Program Files\BabasChess\BabasCrashReport.exe"
    Sat 3 Feb 2001 48,640 A..H. --- "C:\Program Files\BabasChess\timeseal.exe"
    Sun 13 Feb 2005 56 A.SHR --- "C:\WINNT\system32\9BD4D0C454.sys"
    Fri 7 Oct 2005 308,224 A.SHR --- "C:\WINNT\system32\avisynth.dll"
    Thu 14 Jul 2005 27,648 A.SHR --- "C:\WINNT\system32\AVSredirect.dll"
    Sun 26 Jun 2005 616,448 A.SHR --- "C:\WINNT\system32\cygwin1.dll"
    Tue 21 Jun 2005 45,568 A.SHR --- "C:\WINNT\system32\cygz.dll"
    Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINNT\system32\i420vfw.dll"
    Thu 27 Apr 2006 2,945,024 A.SHR --- "C:\WINNT\system32\Smab.dll"
    Mon 28 Feb 2005 240,128 A.SHR --- "C:\WINNT\system32\x.264.exe"
    Sun 25 Jan 2004 70,656 A.SHR --- "C:\WINNT\system32\yv12vfw.dll"
    Wed 2 Jul 2008 56 A.SH. --- "C:\Documents and Settings\All Users\Application Data\dc64vg9.sys"
    Sat 19 Jun 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 22 Jun 2006 72,192 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
    Sat 14 Apr 2007 361 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiBE.tmp"
    Sun 12 Feb 2006 72,704 ..SHR --- "C:\Program Files\Jim Willsher\Bulk Rename Utility\Setup.exe"
    Sat 10 Nov 2007 316 A.SH. --- "C:\Program Files\TSSI\File & Folder Lister\options.dll"
    Tue 26 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Mon 3 May 2004 67,944 ...H. --- "C:\Program Files\Ahead\Ahead\data\Nero PhotoShow Express.exe"
    Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
    Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
    Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
    Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
    Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
    Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
    Mon 9 Dec 2002 94,208 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
    Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
    Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
    Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
    Fri 20 Feb 2004 548,940 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
    Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
    Sat 29 Jul 2006 48,640 A..H. --- "C:\Documents and Settings\Owner\Desktop\Downloads\ZipBabasChess_3_6\BabasChess\timeseal.exe"
    Finished!
     
  5. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST 2

    ComboFix 08-10-10.09 - Owner 2008-10-11 12:10:03.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.274 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\WINNT\system32\_003540_.tmp.dll
    C:\WINNT\system32\_003541_.tmp.dll
    C:\WINNT\system32\_003542_.tmp.dll
    C:\WINNT\system32\_003543_.tmp.dll
    C:\WINNT\system32\_003548_.tmp.dll
    C:\WINNT\system32\_003549_.tmp.dll
    C:\WINNT\system32\_003550_.tmp.dll
    C:\WINNT\system32\_003551_.tmp.dll
    C:\WINNT\system32\_003552_.tmp.dll
    C:\WINNT\system32\_003553_.tmp.dll
    C:\WINNT\system32\_003554_.tmp.dll
    C:\WINNT\system32\_003555_.tmp.dll
    C:\WINNT\system32\_003556_.tmp.dll
    C:\WINNT\system32\_003557_.tmp.dll
    C:\WINNT\system32\_003558_.tmp.dll
    C:\WINNT\system32\_003559_.tmp.dll
    C:\WINNT\system32\_003560_.tmp.dll
    C:\WINNT\system32\_003561_.tmp.dll
    C:\WINNT\system32\_003562_.tmp.dll
    C:\WINNT\system32\_003563_.tmp.dll
    C:\WINNT\system32\_003564_.tmp.dll
    C:\WINNT\system32\_003565_.tmp.dll
    C:\WINNT\system32\_003566_.tmp.dll
    C:\WINNT\system32\_003567_.tmp.dll
    C:\WINNT\system32\_003569_.tmp.dll
    C:\WINNT\system32\_003570_.tmp.dll
    C:\WINNT\system32\_003572_.tmp.dll
    C:\WINNT\system32\_003573_.tmp.dll
    C:\WINNT\system32\_003574_.tmp.dll
    C:\WINNT\system32\_003575_.tmp.dll
    C:\WINNT\system32\_003576_.tmp.dll
    C:\WINNT\system32\_003577_.tmp.dll
    C:\WINNT\system32\_003579_.tmp.dll
    C:\WINNT\system32\_003580_.tmp.dll
    C:\WINNT\system32\_003581_.tmp.dll
    C:\WINNT\system32\_003582_.tmp.dll
    C:\WINNT\system32\_003583_.tmp.dll
    C:\WINNT\system32\_003584_.tmp.dll
    C:\WINNT\system32\_003585_.tmp.dll
    C:\WINNT\system32\_003586_.tmp.dll
    C:\WINNT\system32\_003589_.tmp.dll
    C:\WINNT\system32\_003590_.tmp.dll
    C:\WINNT\system32\_003591_.tmp.dll
    C:\WINNT\system32\_003592_.tmp.dll
    C:\WINNT\system32\_003593_.tmp.dll
    C:\WINNT\system32\_003594_.tmp.dll
    C:\WINNT\system32\_003595_.tmp.dll
    C:\WINNT\system32\_003597_.tmp.dll
    C:\WINNT\system32\_003598_.tmp.dll
    C:\WINNT\system32\_003599_.tmp.dll
    C:\WINNT\system32\_003600_.tmp.dll
    C:\WINNT\system32\_003601_.tmp.dll
    C:\WINNT\system32\_003602_.tmp.dll
    C:\WINNT\system32\_003603_.tmp.dll
    C:\WINNT\system32\_003604_.tmp.dll
    C:\WINNT\system32\_003605_.tmp.dll
    C:\WINNT\system32\_003606_.tmp.dll
    C:\WINNT\system32\_003607_.tmp.dll
    C:\WINNT\system32\_003608_.tmp.dll
    C:\WINNT\system32\_003610_.tmp.dll
    C:\WINNT\system32\_003611_.tmp.dll
    C:\WINNT\system32\_003612_.tmp.dll
    C:\WINNT\system32\_003613_.tmp.dll
    C:\WINNT\system32\_003615_.tmp.dll
    C:\WINNT\system32\_003617_.tmp.dll
    C:\WINNT\system32\_003618_.tmp.dll
    C:\WINNT\system32\_003619_.tmp.dll
    C:\WINNT\system32\_003620_.tmp.dll
    C:\WINNT\system32\_003621_.tmp.dll
    C:\WINNT\system32\_003622_.tmp.dll
    C:\WINNT\system32\_003623_.tmp.dll
    C:\WINNT\system32\_003625_.tmp.dll
    C:\WINNT\system32\_003626_.tmp.dll
    C:\WINNT\system32\_003627_.tmp.dll
    C:\WINNT\system32\_003628_.tmp.dll
    C:\WINNT\system32\_003629_.tmp.dll
    C:\WINNT\system32\_003630_.tmp.dll
    C:\WINNT\system32\_003631_.tmp.dll
    C:\WINNT\system32\_003632_.tmp.dll
    C:\WINNT\system32\_003634_.tmp.dll
    C:\WINNT\system32\_003635_.tmp.dll
    C:\WINNT\system32\_003637_.tmp.dll
    C:\WINNT\system32\_003638_.tmp.dll
    C:\WINNT\system32\_003640_.tmp.dll
    C:\WINNT\system32\_003641_.tmp.dll
    C:\WINNT\system32\_003645_.tmp.dll
    C:\WINNT\system32\_003646_.tmp.dll
    C:\WINNT\system32\_003648_.tmp.dll
    C:\WINNT\system32\_003651_.tmp.dll
    C:\WINNT\system32\_003653_.tmp.dll
    C:\WINNT\system32\_003654_.tmp.dll
    C:\WINNT\system32\_003655_.tmp.dll
    C:\WINNT\system32\_003656_.tmp.dll
    C:\WINNT\system32\_003659_.tmp.dll
    C:\WINNT\system32\_003660_.tmp.dll
    C:\WINNT\system32\_003661_.tmp.dll
    C:\WINNT\system32\_003662_.tmp.dll
    C:\WINNT\system32\_003663_.tmp.dll
    C:\WINNT\system32\_003668_.tmp.dll
    C:\WINNT\system32\_003670_.tmp.dll
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_NPF
    -------\Service_NPF

    ((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
    .
    2008-10-11 11:10 . 2008-10-11 11:10 578,560 --a------ C:\WINNT\system32\dllcache\user32.dll
    2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d-------- C:\WINNT\ERUNT
    2008-10-11 10:56 . 2008-10-11 11:53 <DIR> d-------- C:\SDFix
    2008-10-11 10:49 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
    2008-10-11 10:47 . 2008-10-11 10:47 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-10-11 08:21 . 2008-10-11 08:21 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-11 07:52 . 2008-10-11 07:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-11 02:50 . 2008-10-11 02:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 02:50 . 2008-09-10 00:04 38,528 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
    2008-10-11 02:50 . 2008-09-10 00:03 17,200 --a------ C:\WINNT\system32\drivers\mbam.sys
    2008-10-11 02:12 . 2008-10-11 02:23 3,208 --a------ C:\WINNT\system32\tmp.reg
    2008-10-04 05:30 . 2001-08-17 22:37 24,576 --a------ C:\WINNT\system32\dllcache\agcgauge.ax
    2008-10-04 04:15 . 2001-08-17 12:19 747,392 --a------ C:\WINNT\system32\dllcache\adm8830.sys
    2008-10-04 04:15 . 2001-08-17 12:19 584,448 --a------ C:\WINNT\system32\dllcache\adm8810.sys
    2008-10-04 04:15 . 2001-08-17 12:19 553,984 --a------ C:\WINNT\system32\dllcache\adm8820.sys
    2008-10-04 04:15 . 2001-08-17 12:11 46,112 --a------ C:\WINNT\system32\dllcache\adptsf50.sys
    2008-10-04 04:15 . 2001-08-17 12:11 20,160 --a------ C:\WINNT\system32\dllcache\adm8511.sys
    2008-10-04 04:15 . 2008-04-13 22:06 10,880 --a------ C:\WINNT\system32\dllcache\admjoy.sys
    2008-10-04 04:15 . 2001-08-17 13:53 7,424 --a------ C:\WINNT\system32\dllcache\adicvls.sys
    2008-09-18 21:43 . 2008-09-18 21:43 <DIR> d-------- C:\Program Files\MedianSoft
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-11 17:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-11 15:49 --------- d-----w C:\Program Files\Java
    2008-10-11 13:19 --------- d-----w C:\Program Files\Gateway
    2008-10-11 08:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-06 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
    2008-10-04 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2008-09-28 08:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
    2008-09-14 12:30 --------- d-----w C:\Program Files\MediaMall
    2008-09-12 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaMall
    2008-09-11 04:59 --------- d-----w C:\Program Files\SAMSUNG
    2008-09-11 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\TV-Websites
    2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\ffdshowEx
    2008-08-30 16:04 --------- d-----w C:\Program Files\Windows Resource Kits
    2008-08-30 09:10 97,928 ----a-w C:\WINNT\system32\drivers\avgldx86.sys
    2008-08-16 20:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-08-16 07:14 --------- d-----w C:\Program Files\Sytexis Software
    2008-08-16 07:13 --------- d-----w C:\Program Files\Yahoo!
    2008-08-15 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\kds_kodak
    2008-08-15 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
    2008-08-15 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
    2008-08-15 01:33 --------- d-----w C:\Program Files\Kodak
    2008-08-11 03:54 --------- d-----w C:\Program Files\Ashkon Software
    2008-08-11 03:41 --------- d-----w C:\Program Files\VideoJoiner
    2008-07-03 02:00 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
    2007-12-12 13:48 43,152 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2007-04-29 05:10 4,735,318 ----a-w C:\Program Files\unboxondemand-0.27.zip
    2006-12-02 18:34 142 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
    2006-11-20 01:58 158,520 ----a-w C:\Documents and Settings\Owner\whois.exe
    2006-10-23 04:09 78,392 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2006-07-23 18:20 665 ----a-w C:\Documents and Settings\Owner\Application Data\waver_2.95.dat
    2005-08-29 16:28 21 ----a-w C:\Documents and Settings\Owner\close.bat
    2005-02-17 03:46 18,764 ----a-w C:\Program Files\recording.ivb
    2005-02-16 01:08 483,401 ----a-w C:\Documents and Settings\Owner\gotomypc.exe
    2005-02-14 12:35 2,449,408 ----a-w C:\Documents and Settings\Owner\gosetup.exe
    2005-05-13 22:12 217,073 --sha-r C:\WINNT\meta4.exe
    2005-10-24 16:13 66,560 --sha-r C:\WINNT\MOTA113.exe
    2005-10-14 02:27 422,400 --sha-r C:\WINNT\x2.64.exe
    2005-02-13 20:03 56 --sha-r C:\WINNT\system32\9BD4D0C454.sys
    2005-10-08 00:14 308,224 --sha-r C:\WINNT\system32\avisynth.dll
    2005-07-14 17:31 27,648 --sha-r C:\WINNT\system32\AVSredirect.dll
    2005-06-26 20:32 616,448 --sha-r C:\WINNT\system32\cygwin1.dll
    2005-06-22 03:37 45,568 --sha-r C:\WINNT\system32\cygz.dll
    2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\i420vfw.dll
    2006-04-27 15:24 2,945,024 --sha-r C:\WINNT\system32\Smab.dll
    2005-02-28 18:16 240,128 --sha-r C:\WINNT\system32\x.264.exe
    2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\yv12vfw.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
    @="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
    [HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
    "TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
    "TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "Windows Live FolderShare"="C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 925728]
    "Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 916240]
    "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "igfxpers"="C:\WINNT\system32\igfxpers.exe" [2005-09-20 114688]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
    "Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
    "EKIJ5000StatusMonitor"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
    "sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
    "RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-05-17 2299400]
    "PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-11-06 2577120]
    "MXOBG"="C:\WINNT\MXOALDR.EXE" [2003-10-10 94208]
    "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-02-03 435736]
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2004-08-31 110592]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NetVanta VPN Client.lnk - C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe [2007-02-11 73780]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCpl"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)
    "DisableLockWorkstation"= 0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuPinnedList"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    "NoPrinterTabs"= 0 (0x0)
    "NoDeletePrinter"= 0 (0x0)
    "NoAddPrinter"= 0 (0x0)
    "NoPrinters"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoChangeAnimation"= 0 (0x0)
    "NoChangeKeyboardNavigationIndicators"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll
    "msacm.avis"= ff_acm.acm
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\iVisit\\iVisit.exe"=
    "C:\\WINNT\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Replay7\\Tuner.exe"=
    "C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe"=
    "C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
    "C:\\Program Files\\Galleon\\bin\\Wrapper.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"=
    "C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
    "C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
    "C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2190:UDP"= 2190:UDP:HMO
    "8081:TCP"= 8081:TCP:HMO
    "2190:TCP"= 2190:TCP:HMO
    "1527:TCP"= 1527:TCP:Galleon
    "1099:TCP"= 1099:TCP:Galleon
    "5353:UDP"= 5353:UDP:HME
    "7288:TCP"= 7288:TCP:HME
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-08-30 97928]
    R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINNT\system32\Drivers\IPSECDRV.sys [2005-11-30 136760]
    R1 Pivot;Pivot;C:\WINNT\system32\drivers\pivot.sys [2006-08-24 17465]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
    R2 Crypto;Crypto;C:\WINNT\system32\Drivers\Crypto.sys [2005-08-15 536634]
    R2 Galleon;Galleon;C:\Program Files\Galleon\bin\Wrapper.exe [2006-04-15 110592]
    R2 TiVo: TrafficCam Viewer;TiVo: TrafficCam Viewer;c:\progra~1\traffi~1\traffi~1.exe [2006-03-12 154624]
    R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2006-07-11 857088]
    R3 DniVap;SafeNet WAN Miniport (VA);C:\WINNT\system32\DRIVERS\vap.sys [2001-12-14 36188]
    R3 lknuhst;Linksys Network USB Host Controller;C:\WINNT\system32\DRIVERS\lknuhst.sys [2006-10-18 11136]
    R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINNT\system32\DRIVERS\lknuhub.sys [2006-10-18 37248]
    R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINNT\system32\drivers\pivotmou.sys [2006-08-24 11323]
    S2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
    S2 SVKP;SVKP;C:\WINNT\System32\SVKP.sys [ ]
    S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\APLMp50.sys [2005-02-16 18816]
    S3 LKNUCMP;Linksys Network USB Composite Device;C:\WINNT\system32\DRIVERS\lknucmp.sys [2006-10-18 11648]
    S3 SaiH0464;SaiH0464;C:\WINNT\system32\DRIVERS\SaiH0464.sys [2004-06-11 56576]
    S3 SndTDriverV32;SndTDriverV32;C:\WINNT\system32\drivers\SndTDriverV32.sys [2007-01-30 513152]
    S3 TiVo.Net Auto-Transcoding Service;TiVo.Net Auto-Transcoding Service;C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe [2007-02-09 20480]
    S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe [ ]
    S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\XE104Sp50.sys [ ]
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-07 C:\WINNT\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
    2008-10-10 C:\WINNT\Tasks\EasyShare Registration Task.job
    - C:\WINNT\system32\rundll32.exe [2008-04-14 05:42]
    2008-10-03 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
    2007-05-12 C:\WINNT\Tasks\Uniblue SpyEraser.job
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
    2006-07-23 C:\WINNT\Tasks\XoftSpy.job
    - C:\Program Files\XoftSpy\XoftSpy.exe []
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-FolderShare - C:\Program Files\FolderShare\FolderShare.exe
    HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\haz2xmy6.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.drudgereport.com/
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-11 12:19:22
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    "ImagePath"="\"C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe\""
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TiVo: TrafficCam Viewer]
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\WINNT\system32\drivers\CDANTSRV.EXE
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    C:\WINNT\system32\CTSVCCDA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINNT\system32\java.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-11 12:34:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-11 17:34:14
    Pre-Run: 25,739,157,504 bytes free
    Post-Run: 25,062,703,104 bytes free
    391 --- E O F --- 2008-09-14 15:08:57
     
  6. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST 3


    DrWeb.csv

    Fport.exe;C:\;Program.FPort.20;Incurable.Moved.;add_remove.exe;C:\clippy;Joke.Addrem;Incurable.Moved.;burp.exe;C:\clippy;Joke.Burper;Incurable.Moved.;dxmani.exe;C:\Documents and Settings\Owner\Desktop\Downloads;Program.AnalogProxy;Incurable.Moved.;Fport.exe;C:\Documents and Settings\Owner\Desktop\Downloads\fport\Fport-2.0;Program.FPort.20;Incurable.Moved.;Process.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Moved.;restart.exe;C:\Documents and Settings\Owner\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;A0263615.dll;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1858;Adware.Bho.73;Incurable.Moved.;A0263941.EXE;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Program.PsExec.170;Incurable.Moved.;A0263978.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263978.exe;Program.PsExec.171;;A0263978.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263979.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263979.exe;Tool.Prockill;;A0263979.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263980.exe\SmitfraudFix\AntiXPVSTFix.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263980.exe;BackDoor.IRC.Dosig.15;;A0263980.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263980.exe;Tool.Prockill;;A0263980.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263980.exe;Tool.ShutDown.11;;A0263980.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263981.exe\add_remove.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263981.exe;Joke.Addrem;;A0263981.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263982.exe\data038;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862\A0263982.exe;Adware.Aws;;A0263982.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;Archive contains infected objects;Moved.;A0263983.exe;C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1862;BackDoor.IRC.Dosig.15;Deleted.;AntiXPVSTFix.exe;C:\WINNT\system32;BackDoor.IRC.Dosig.15;Deleted.;Process.exe;C:\WINNT\system32;Tool.Prockill;Incurable.Moved.;




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:18:30, on 10/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINNT\System32\CTSvcCDA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\Program Files\Galleon\bin\Wrapper.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\WINNT\system32\java.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINNT\System32\svchost.exe
    c:\progra~1\traffi~1\traffi~1.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\WINNT\MXOALDR.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
    O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    O4 - Global Startup: NetVanta VPN Client.lnk = C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: Domain = adtran.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: NameServer = 172.22.48.47,208.67.220.220
    O18 - Protocol: bw+0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe
    O23 - Service: TiVo: TrafficCam Viewer - http://bitrazor.com/tc - c:\progra~1\traffi~1\traffi~1.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe (file missing)
    --
    End of file - 22819 bytes
     
  7. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST 4

    I had to break this reply into 4 posts due to 30000 character limit per post. Please view this one and the three previous ones as a single post. Please read comments at the begining of post 1.

    Thanks for any help.
     
  8. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    * Copy the entire contents of the Quote Box below to Notepad.
    * Name the file as CFScript.txt
    * Change the Save as Type to All Files
    * and Save it on the desktop


    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause
    it to stall




    Download Superantispyware (SAS):

    http://www.superantispyware.com/supe....html?rid=3132


    Once downloaded and installed update the defintions
    and then run a full system scan quarantine what it finds!


    * Double-click SUPERAntiSypware.exe and use the default settings for
    installation.
    * An icon will be created on your desktop. Double-click that icon to launch
    the program.
    * If asked to update the program definitions, click "Yes". If not, update
    the definitions before scanning by selecting "Check for Updates". (If you
    encounter any problems while downloading the updates, manually download and
    unzip them from here.)

    http://www.superantispyware.com/definitions.html

    * Under "Configuration and Preferences", click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all
    others unchecked):
    o Close browsers before scanning.
    o Scan for tracking cookies.
    o Terminate memory threats before quarantining.
    * Click the "Close" button to leave the control center screen.
    * Back on the main screen, under "Scan for Harmful Software" click Scan your
    computer.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, under "Complete Scan", choose Perform Complete Scan.
    * Click "Next" to start the scan. Please be patient while it scans your
    computer.
    * After the scan is complete, a Scan Summary box will appear with
    potentially harmful items that were detected. Click "OK".
    * Make sure everything has a checkmark next to it and click "Next".
    * A notification will appear that "Quarantine and Removal is Complete".
    Click "OK" and then click the "Finish" button to return to the main menu.
    * If asked if you want to reboot, click "Yes".
    * To retrieve the removal information after reboot, launch SUPERAntispyware
    again.
    o Click Preferences, then click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o If there are several logs, click the current dated log and press View log.
    A text file will open in your default text editor.
    o Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.




    Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2

    http://malwarebytes.gt500.org/mbam-setup.exe

    http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

    * Make sure you are connected to the Internet.
    * Double-click on Download_mbam-setup.exe to install the application.
    * When the installation begins, follow the prompts and do not make any changes to default settings.
    * When installation has finished, make sure you leave both of these checked:
    o Update Malwarebytes' Anti-Malware
    o Launch Malwarebytes' Anti-Malware
    * Then click Finish.
    * MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    * On the Scanner tab:
    o Make sure the "Perform Quick Scan" option is selected.
    o Then click on the Scan button.
    * If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    * The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    * When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    * Click OK to close the message box and continue with the removal process.
    * Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    * Make sure that everything is checked, and click Remove Selected.
    * When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    * The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    * Copy and paste the contents of that report in your next reply with a new hijackthis log.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    post another log, the combo, the super and the malwarebytes log!
     
  9. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST1

    OK, I have run everything. I am breaking this up into 4 posts. Here is the Combofix with the special script log.

    ComboFix 08-10-11.04 - Owner 2008-10-12 13:44:32.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.187 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
    * Created a new restore point
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    FILE ::
    C:\WINNT\system32\9BD4D0C454.sys
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\WINNT\system32\9BD4D0C454.sys
    F:\Autorun.inf
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .
    2008-10-11 12:42 . 2008-10-11 14:55 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
    2008-10-11 11:10 . 2008-10-11 11:10 578,560 --a------ C:\WINNT\system32\dllcache\user32.dll
    2008-10-11 11:06 . 2008-10-11 11:06 <DIR> d-------- C:\WINNT\ERUNT
    2008-10-11 10:56 . 2008-10-11 11:53 <DIR> d-------- C:\SDFix
    2008-10-11 10:49 . 2008-06-10 02:32 73,728 --a------ C:\WINNT\system32\javacpl.cpl
    2008-10-11 10:47 . 2008-10-11 10:47 <DIR> d-------- C:\Program Files\Common Files\Java
    2008-10-11 08:21 . 2008-10-11 08:21 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-11 07:52 . 2008-10-11 07:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
    2008-10-11 02:50 . 2008-10-11 02:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
    2008-10-11 02:50 . 2008-10-11 02:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-11 02:50 . 2008-09-10 00:04 38,528 --a------ C:\WINNT\system32\drivers\mbamswissarmy.sys
    2008-10-11 02:50 . 2008-09-10 00:03 17,200 --a------ C:\WINNT\system32\drivers\mbam.sys
    2008-10-11 02:23 . 2007-09-06 00:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
    2008-10-11 02:23 . 2006-04-27 17:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
    2008-10-11 02:23 . 2008-10-01 15:51 87,552 --a------ C:\WINNT\system32\VACFix.exe
    2008-10-11 02:23 . 2008-10-10 08:58 82,944 --a------ C:\WINNT\system32\o4Patch.exe
    2008-10-11 02:23 . 2008-05-18 21:40 82,944 --a------ C:\WINNT\system32\IEDFix.exe
    2008-10-11 02:23 . 2008-10-10 08:58 82,944 --a------ C:\WINNT\system32\IEDFix.C.exe
    2008-10-11 02:23 . 2008-08-18 12:19 82,432 --a------ C:\WINNT\system32\404Fix.exe
    2008-10-11 02:23 . 2004-07-31 18:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
    2008-10-11 02:23 . 2007-10-04 00:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
    2008-10-11 02:12 . 2008-10-11 02:23 3,208 --a------ C:\WINNT\system32\tmp.reg
    2008-10-04 05:30 . 2001-08-17 22:37 24,576 --a------ C:\WINNT\system32\dllcache\agcgauge.ax
    2008-10-04 04:15 . 2001-08-17 12:19 747,392 --a------ C:\WINNT\system32\dllcache\adm8830.sys
    2008-10-04 04:15 . 2001-08-17 12:19 584,448 --a------ C:\WINNT\system32\dllcache\adm8810.sys
    2008-10-04 04:15 . 2001-08-17 12:19 553,984 --a------ C:\WINNT\system32\dllcache\adm8820.sys
    2008-10-04 04:15 . 2001-08-17 12:11 46,112 --a------ C:\WINNT\system32\dllcache\adptsf50.sys
    2008-10-04 04:15 . 2001-08-17 12:11 20,160 --a------ C:\WINNT\system32\dllcache\adm8511.sys
    2008-10-04 04:15 . 2008-04-13 22:06 10,880 --a------ C:\WINNT\system32\dllcache\admjoy.sys
    2008-10-04 04:15 . 2001-08-17 13:53 7,424 --a------ C:\WINNT\system32\dllcache\adicvls.sys
    2008-09-18 21:43 . 2008-09-18 21:43 <DIR> d-------- C:\Program Files\MedianSoft
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-12 18:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-12 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-10-11 15:49 --------- d-----w C:\Program Files\Java
    2008-10-11 13:19 --------- d-----w C:\Program Files\Gateway
    2008-10-06 03:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
    2008-10-04 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2008-09-28 08:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
    2008-09-14 12:30 --------- d-----w C:\Program Files\MediaMall
    2008-09-12 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaMall
    2008-09-11 04:59 --------- d-----w C:\Program Files\SAMSUNG
    2008-09-11 04:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\TV-Websites
    2008-09-09 03:39 --------- d-----w C:\Program Files\Common Files\ffdshowEx
    2008-08-30 16:04 --------- d-----w C:\Program Files\Windows Resource Kits
    2008-08-30 09:10 97,928 ----a-w C:\WINNT\system32\drivers\avgldx86.sys
    2008-08-16 20:19 --------- d-----w C:\Program Files\Microsoft ActiveSync
    2008-08-16 07:14 --------- d-----w C:\Program Files\Sytexis Software
    2008-08-16 07:13 --------- d-----w C:\Program Files\Yahoo!
    2008-08-15 11:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\kds_kodak
    2008-08-15 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
    2008-08-15 01:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
    2008-08-15 01:33 --------- d-----w C:\Program Files\Kodak
    2008-07-03 02:00 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
    2007-12-12 13:48 43,152 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
    2007-04-29 05:10 4,735,318 ----a-w C:\Program Files\unboxondemand-0.27.zip
    2006-12-02 18:34 142 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
    2006-11-20 01:58 158,520 ----a-w C:\Documents and Settings\Owner\whois.exe
    2006-10-23 04:09 78,392 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
    2006-07-23 18:20 665 ----a-w C:\Documents and Settings\Owner\Application Data\waver_2.95.dat
    2005-08-29 16:28 21 ----a-w C:\Documents and Settings\Owner\close.bat
    2005-02-17 03:46 18,764 ----a-w C:\Program Files\recording.ivb
    2005-02-16 01:08 483,401 ----a-w C:\Documents and Settings\Owner\gotomypc.exe
    2005-02-14 12:35 2,449,408 ----a-w C:\Documents and Settings\Owner\gosetup.exe
    2005-05-13 22:12 217,073 --sha-r C:\WINNT\meta4.exe
    2005-10-24 16:13 66,560 --sha-r C:\WINNT\MOTA113.exe
    2005-10-14 02:27 422,400 --sha-r C:\WINNT\x2.64.exe
    2005-10-08 00:14 308,224 --sha-r C:\WINNT\system32\avisynth.dll
    2005-07-14 17:31 27,648 --sha-r C:\WINNT\system32\AVSredirect.dll
    2005-06-26 20:32 616,448 --sha-r C:\WINNT\system32\cygwin1.dll
    2005-06-22 03:37 45,568 --sha-r C:\WINNT\system32\cygz.dll
    2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\i420vfw.dll
    2006-04-27 15:24 2,945,024 --sha-r C:\WINNT\system32\Smab.dll
    2005-02-28 18:16 240,128 --sha-r C:\WINNT\system32\x.264.exe
    2004-01-25 05:00 70,656 --sha-r C:\WINNT\system32\yv12vfw.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
    @="{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}"
    [HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2008-06-13 23:19 527296 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2006-07-11 1174528]
    "TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2006-07-11 341504]
    "TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2006-07-11 1313792]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "Windows Live FolderShare"="C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" [2008-04-15 925728]
    "Eraser"="C:\Program Files\Eraser\Eraser.exe" [2007-12-22 916240]
    "ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2008-04-14 15360]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
    "igfxpers"="C:\WINNT\system32\igfxpers.exe" [2005-09-20 114688]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
    "Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-13 600000]
    "EKIJ5000StatusMonitor"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
    "sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2008-03-21 94208]
    "RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-05-17 2299400]
    "PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-11-06 2577120]
    "MXOBG"="C:\WINNT\MXOALDR.EXE" [2003-10-10 94208]
    "MaxtorOneTouch"="C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2004-08-31 823296]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-02-03 435736]
    C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
    Wallpaper Changer.lnk - C:\Program Files\WallpaperToy\Wallpapertoy.Exe [2004-08-31 110592]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    NetVanta VPN Client.lnk - C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe [2007-02-11 73780]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoSecCpl"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)
    "DisableLockWorkstation"= 0 (0x0)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuPinnedList"= 0 (0x0)
    "NoStartMenuMFUprogramsList"= 0 (0x0)
    "NoUserNameInStartMenu"= 0 (0x0)
    "NoStartMenuSubFolders"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)
    "NoPrinterTabs"= 0 (0x0)
    "NoDeletePrinter"= 0 (0x0)
    "NoAddPrinter"= 0 (0x0)
    "NoPrinters"= 0 (0x0)
    "NoFavoritesMenu"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoChangeAnimation"= 0 (0x0)
    "NoChangeKeyboardNavigationIndicators"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.yv12"= yv12vfw.dll
    "msacm.avis"= ff_acm.acm
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\iVisit\\iVisit.exe"=
    "C:\\WINNT\\system32\\dpnsvr.exe"=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\Replay7\\Tuner.exe"=
    "C:\\Documents and Settings\\Owner\\Desktop\\Downloads\\WMVClassic\\mplayerc.exe"=
    "C:\\Program Files\\concept design\\onlineTV 3\\onlineTV.exe"=
    "C:\\Program Files\\Galleon\\bin\\Wrapper.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\FolderShare\\FolderShare.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "C:\\Program Files\\ADTRAN\\NetVanta VPN Client\\IreIKE.exe"=
    "C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
    "C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
    "C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe"= C:\Program Files\ADTRAN\NetVanta VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "2190:UDP"= 2190:UDP:HMO
    "8081:TCP"= 8081:TCP:HMO
    "2190:TCP"= 2190:TCP:HMO
    "1527:TCP"= 1527:TCP:Galleon
    "1099:TCP"= 1099:TCP:Galleon
    "5353:UDP"= 5353:UDP:HME
    "7288:TCP"= 7288:TCP:HME
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-08-30 97928]
    R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINNT\system32\Drivers\IPSECDRV.sys [2005-11-30 136760]
    R1 Pivot;Pivot;C:\WINNT\system32\drivers\pivot.sys [2006-08-24 17465]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
    R2 Crypto;Crypto;C:\WINNT\system32\Drivers\Crypto.sys [2005-08-15 536634]
    R2 Galleon;Galleon;C:\Program Files\Galleon\bin\Wrapper.exe [2006-04-15 110592]
    R2 TiVo: TrafficCam Viewer;TiVo: TrafficCam Viewer;c:\progra~1\traffi~1\traffi~1.exe [2006-03-12 154624]
    R2 TivoBeacon2;TiVo Beacon;C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2006-07-11 857088]
    R3 DniVap;SafeNet WAN Miniport (VA);C:\WINNT\system32\DRIVERS\vap.sys [2001-12-14 36188]
    R3 lknuhst;Linksys Network USB Host Controller;C:\WINNT\system32\DRIVERS\lknuhst.sys [2006-10-18 11136]
    R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINNT\system32\DRIVERS\lknuhub.sys [2006-10-18 37248]
    R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINNT\system32\drivers\pivotmou.sys [2006-08-24 11323]
    S2 KodakSvc;Kodak AiO Device Service;C:\Program Files\Kodak\printer\center\KodakSvc.exe [2008-02-28 18944]
    S2 SVKP;SVKP;C:\WINNT\System32\SVKP.sys [ ]
    S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\APLMp50.sys [2005-02-16 18816]
    S3 LKNUCMP;Linksys Network USB Composite Device;C:\WINNT\system32\DRIVERS\lknucmp.sys [2006-10-18 11648]
    S3 SaiH0464;SaiH0464;C:\WINNT\system32\DRIVERS\SaiH0464.sys [2004-06-11 56576]
    S3 SndTDriverV32;SndTDriverV32;C:\WINNT\system32\drivers\SndTDriverV32.sys [2007-01-30 513152]
    S3 TiVo.Net Auto-Transcoding Service;TiVo.Net Auto-Transcoding Service;C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe [2007-02-09 20480]
    S3 WiselinkPro;SAMSUNG WiselinkPro Service;C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe [ ]
    S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;C:\WINNT\system32\Drivers\XE104Sp50.sys [ ]
    .
    Contents of the 'Scheduled Tasks' folder
    2008-10-07 C:\WINNT\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
    2008-10-10 C:\WINNT\Tasks\EasyShare Registration Task.job
    - C:\WINNT\system32\rundll32.exe [2008-04-14 05:42]
    2008-10-03 C:\WINNT\Tasks\Uniblue SpyEraser Nag.job
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
    2007-05-12 C:\WINNT\Tasks\Uniblue SpyEraser.job
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
    2006-07-23 C:\WINNT\Tasks\XoftSpy.job
    - C:\Program Files\XoftSpy\XoftSpy.exe []
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 13:53:57
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    "ImagePath"="\"C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe\""
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TiVo: TrafficCam Viewer]
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\WINNT\system32\drivers\CDANTSRV.EXE
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    C:\WINNT\system32\CTSVCCDA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINNT\system32\MsPMSPSv.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\WINNT\system32\java.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-12 14:10:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-12 19:10:39
    ComboFix2.txt 2008-10-12 18:25:37
    ComboFix3.txt 2008-10-11 17:34:33
    Pre-Run: 24,875,225,088 bytes free
    Post-Run: 24,860,696,576 bytes free
    291 --- E O F --- 2008-09-14 15:08:57
     
  10. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST2

    Here is the SUPERAntiSpyware Scan Log - 10-12-2008 - 19-07-52.log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 10/12/2008 at 07:07 PM
    Application Version : 4.21.1004
    Core Rules Database Version : 3595
    Trace Rules Database Version: 1582
    Scan type : Complete Scan
    Total Scan Time : 02:26:33
    Memory items scanned : 466
    Memory threats detected : 0
    Registry items scanned : 7778
    Registry threats detected : 0
    File items scanned : 129407
    File threats detected : 23
    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    Adware.GloboLook
    C:\!CONMANIA COLLECTION\FOOD\BRAND NAMES\MARLBORO CIGARETTES.ICO
    C:\!CONMANIA COLLECTION\MUSIC\LES PAUL.ICO
    C:\!CONMANIA COLLECTION\ORGANIZATIONS\VISA.ICO
    C:\!CONMANIA COLLECTION\SCIENCE\HEALTH\MEDICAL CARE.ICO
    C:\!CONMANIA COLLECTION\SCIENCE\HEALTH\PILL.ICO
    C:\!CONMANIA COLLECTION\SCIENCE\HEALTH\PRESCRIPTION BOTTLE.ICO
    C:\!CONMANIA COLLECTION\SEASONS & HOLIDAYS\AUGUST.ICO
    C:\!CONMANIA COLLECTION\SPORTS & RECREATION\BASKETBALL 01.ICO
    C:\!CONMANIA COLLECTION\SPORTS & RECREATION\BLACKJACK.ICO
    C:\!CONMANIA COLLECTION\TRANSPORTATION\JET.ICO
    Rogue.Multi/Component
    C:\DOCUMENTS AND SETTINGS\OWNER\DOCTORWEB\QUARANTINE\A0263615.DLL
     
  11. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST3

    Here is the mbam-log-2008-10-12 (21-20-59).txt log

    Malwarebytes' Anti-Malware 1.28
    Database version: 1261
    Windows 5.1.2600 Service Pack 3
    10/12/2008 9:20:59 PM
    mbam-log-2008-10-12 (21-20-59).txt
    Scan type: Quick Scan
    Objects scanned: 60835
    Time elapsed: 13 minute(s), 22 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  12. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    POST 4

    And here is the new HiJackthis log. Thanks for all the help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:25:24 PM, on 10/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\WINNT\System32\CTSvcCDA.EXE
    C:\Program Files\Gateway\EzTune\DTSRVC.exe
    C:\Program Files\Galleon\bin\Wrapper.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Kodak\printer\center\KodakSvc.exe
    C:\WINNT\system32\java.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINNT\System32\svchost.exe
    c:\progra~1\traffi~1\traffi~1.exe
    C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    C:\Program Files\TVersity\Media Server\MediaServer.exe
    C:\WINNT\System32\MsPMSPSv.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\WINNT\MXOALDR.EXE
    C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
    C:\Program Files\TiVo\Desktop\TiVoNotify.exe
    C:\Program Files\TiVo\Desktop\TiVoServer.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Eraser\Eraser.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
    C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: GameKnot Chess - {61B5B39F-0750-4637-9D70-A63A79978B5D} - C:\WINNT\gameknot_toolbar.dll
    O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINNT\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [MXOBG] C:\WINNT\MXOALDR.EXE
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
    O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
    O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Windows Live FolderShare] "C:\Documents and Settings\Owner\Local Settings\Application Data\FolderShare\FolderShare.exe" /background
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d7 -f video -m logitech -d 10.5.1.2023 (User 'Default user')
    O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
    O4 - Global Startup: NetVanta VPN Client.lnk = C:\Program Files\ADTRAN\NetVanta VPN Client\SafeCfg.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: Domain = adtran.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{88EFB18B-7A2A-4255-BDCD-8D127E5ACB62}: NameServer = 172.22.48.47,208.67.220.220
    O18 - Protocol: bw+0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: offline-8876480 - {0F18FEF4-805E-45AB-885A-BEC189DED766} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Gateway\EzTune\dtsslsrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
    O23 - Service: Galleon - Unknown owner - C:\Program Files\Galleon\bin\Wrapper.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ADTRAN\NetVanta VPN Client\IreIKE.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: TiVo.Net Auto-Transcoding Service - Pipkin Technologies - C:\Program Files\Pipkin Technologies\TiVo.Net\TiVoDotNet.exe
    O23 - Service: TiVo: TrafficCam Viewer - http://bitrazor.com/tc - c:\progra~1\traffi~1\traffi~1.exe
    O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
    O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
    O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\SAMSUNG\SAMSUNG PC Share Manager\WiselinkPro.exe (file missing)
    --
    End of file - 23105 bytes
     
  13. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    Please note that you have to look at all 4 previous posts to see all the info that was requested for me to gather. I had to break them up due to size.

    Thanks.
     
  14. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    clean log!


    fix these with hijack this!


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)





    You should now turn off system restore to flush out the bad restore points
    and
    then re-enable it and make a new clean restore point.


    How to turn off system restore

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


    http://support.microsoft.com/default.aspx?scid=kb;[LN];310405




    Here's some free tools to keep you from getting infected in the future.


    To stop reinfection get spywareblaster from


    http://www.javacoolsoftware.com/downloads.html


    get the hosts file from here.Unzip it to a folder!



    http://www.mvps.org/winhelp2002/hosts.htm


    put it into : or click the mvps bat and it should do it for you!


    Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
    Win 98\ME = C:\WINDOWS



    ie-spyad.Puts over 5000 sites in your restricted zone so you'll be protected

    when you visit innocent-looking sites that aren't actually innocent at all.


    http://www.spywarewarrior.com/uiuc/resource.htm




    Use either Arovax or spyware terminator, you could try both and see
    what one you like!


    Arovax shield.

    http://www.arovaxshield.com/


    Spyware Terminator

    http://www.spywareterminator.com/dnl/landing.aspx


    In spyware terminator, click real time protection and tick the box to use
    real time protection and tick all the boxes except file exceptions shield.
    If your confident in using its advanced feature, click advanced and tick
    the HIPS box.

    If you want to install and uninstall programs it is best to
    temporarily disable Spyware terminator and then re-enable it after you
    have installed or uninstalled a program as it will create a lot of pop ups
    asking you do you wish this to happen!

    Right click spyware terminator on the bottom right of your status bar and
    choose exit.Then tick the box and that is spyware terminator disabled!




    I would also suggest switching to Mozilla's firefox browser, it's safer, has
    a built in pop up blocker, blocks cookies and adds. Mozilla Thunderbird is
    also a good
    e-mail client.

    http://www.mozilla.org/


    Another good and free browser is Opera!

    http://www.opera.com/


    Read here to see how to tighten your security:

    http://forums.techguy.org/t208517.html


    A good overall guide for firewalls, anti-virus, and anti-trojans as well as
    regular spyware cleaners.

    http://www.firewallguide.com/anti-trojan.htm



    you can mark your own thread solved through thread tools at the top of
    the page.
     
  15. auenbear

    auenbear Thread Starter

    Joined:
    Oct 11, 2008
    Messages:
    16
    Many thanks to Khazars for all the help on this problem. I have marked this thread "Solved" and I really appreciate the help.

    Auenbear
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758125

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice