Auto update/pop ups/data execution prevention

**Shaba** · 2008-09-22, 10:42

Are both AVG8 and Norton AntiVirus up-to-date?

Also please try to re-run combofix in safe mode.

**stevew** · 2008-09-22, 16:03

Hi Shaba,

AVG8 is up to date but Norton is not because the subscription has expired.

ComboFix ran successfully in safe mode and below is the log. I also ran another HJT for you as well.

Things seem to be much better so thatnk you very much for all of your help to date.

ComboFix:
ComboFix 08-09-20.05 - Jordan Manning 2008-09-22 6:18:47.2 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Jordan Manning\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@2o7[1].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@ads.pointroll[2].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@advertising[2].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@insightexpressai[2].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@letssingit[2].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@revsci[1].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@specificclick[1].txt
C:\Documents and Settings\Jordan Manning\Cookies\jordan manning@ww0.timeout[1].txt
C:\WINDOWS\BM610060dc.txt
C:\WINDOWS\BM610060dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bfoseqhj.ini
C:\WINDOWS\system32\Cpl32ver.exe
C:\WINDOWS\system32\drivers\Vfm17.sys
C:\WINDOWS\system32\giwjnuhu.dll
C:\WINDOWS\system32\gtejcvcw.dll
C:\WINDOWS\system32\jhqesofb.dll
C:\WINDOWS\system32\jyhsgwts.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MTEMnUtv.ini
C:\WINDOWS\system32\MTEMnUtv.ini2
C:\WINDOWS\system32\vcmsdx.dll
C:\WINDOWS\system32\vtUnMETM.dll
C:\WINDOWS\system32\yvwfskwy.ini
C:\WINDOWS\system32\ywksfwvy.dll
C:\WINDOWS\system32\zeutal.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VFM17
-------\Service_Vfm17

((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-22 06:15 . 2008-09-22 06:17 <DIR> d-------- C:\32788R22FWJFW
2008-09-21 14:23 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-21 11:58 . 2008-09-21 13:43 <DIR> d-------- C:\Documents and Settings\Jordan Manning\Application Data\U3
2008-09-18 21:45 . 2008-09-18 21:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 20:35 . 2008-09-18 20:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-18 20:35 . 2008-09-18 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 19:54 . 2004-08-04 05:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-09-18 19:54 . 2004-08-04 05:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-09-18 19:52 . 2004-08-04 05:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-09-18 19:52 . 2004-08-04 05:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2008-09-18 19:52 . 2004-08-04 05:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2008-09-18 19:52 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-09-18 19:52 . 2004-08-04 05:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2008-09-18 19:52 . 2004-08-04 05:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll
2008-09-18 19:52 . 2004-08-04 05:00 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2008-09-18 19:52 . 2004-08-04 05:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\pmxmcro.dll
2008-09-18 19:52 . 2004-08-04 05:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2008-09-18 19:51 . 2004-08-04 05:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2008-09-18 19:51 . 2004-08-04 05:00 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
2008-09-18 19:51 . 2001-08-17 22:36 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2008-09-18 19:51 . 2004-08-04 05:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\iprip.dll
2008-09-18 19:51 . 2004-08-04 05:00 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
2008-09-18 19:51 . 2004-08-04 05:00 22,528 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-09-18 19:51 . 2004-08-04 05:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2008-09-18 19:51 . 2004-08-04 05:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\jupiw.dll
2008-09-18 19:49 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-09-18 19:45 . 2008-09-18 19:45 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-18 19:43 . 2004-08-04 05:00 40,960 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2008-09-18 19:40 . 2004-08-04 05:00 88,064 --a------ C:\WINDOWS\system32\charmap.exe
2008-09-18 19:08 . 2004-08-04 05:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-09-18 19:07 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SETCD.tmp
2008-09-18 19:07 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SETCA.tmp
2008-09-18 18:28 . 2004-08-04 05:00 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_10021.nls
2008-09-18 18:28 . 2004-08-04 05:00 66,082 --a------ C:\WINDOWS\system32\c_10021.nls
2008-09-18 18:28 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2008-09-18 18:28 . 2004-08-04 05:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftlx041e.dll
2008-09-18 18:26 . 2008-09-18 18:29 18,461 --a------ C:\WINDOWS\setupapi.old
2008-09-18 11:01 . 2008-09-18 11:01 <DIR> d--hs---- C:\found.001
2008-09-17 21:26 . 2005-05-26 05:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-09-17 21:26 . 2005-05-26 05:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-09-17 21:25 . 2008-09-17 21:26 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-17 17:25 . 2008-09-21 23:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 17:22 . 2008-09-22 02:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Program Files\AVG
2008-09-17 17:22 . 2008-09-18 03:58 <DIR> d-------- C:\Documents and Settings\Jordan Manning\Application Data\AVGTOOLBAR
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 17:22 . 2008-09-17 17:22 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-17 17:22 . 2008-09-17 17:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-17 17:22 . 2008-09-17 17:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-17 16:38 . 2008-09-17 16:40 2 --a------ C:\1647530991
2008-09-14 19:05 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-09-14 19:05 . 2008-09-14 19:05 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-09-14 19:05 . 2008-09-14 19:05 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-09-14 19:05 . 2008-09-14 19:05 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-09-14 19:00 . 2008-09-14 19:00 <DIR> d-------- C:\Program Files\Autodesk
2008-09-14 18:54 . 2008-09-14 18:54 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-09-14 18:48 . 2008-09-14 19:26 <DIR> d-------- C:\FlexLM
2008-09-14 18:46 . 2008-09-14 18:46 <DIR> d-------- C:\Program Files\gBurner
2008-09-09 21:55 . 2008-09-09 21:55 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2008-09-09 21:55 . 2008-09-09 21:55 <DIR> d-------- C:\Documents and Settings\Jordan Manning\WINDOWS
2008-09-09 21:55 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sy_
2008-09-09 21:55 . 2001-06-21 21:39 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-09-09 21:55 . 2001-06-21 21:39 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL
2008-09-09 21:55 . 2001-06-21 21:39 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-09-09 21:55 . 2001-06-21 21:39 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2008-09-09 21:55 . 2001-06-21 21:39 9,949 --a------ C:\WINDOWS\system32\SENTINEL.HLP
2008-09-09 21:55 . 2008-09-09 21:56 2,624 --a------ C:\WINDOWS\system32\config.hsp
2008-09-09 21:43 . 2008-09-09 21:44 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-09-09 21:43 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-09 21:42 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-08-29 16:40 . 2008-08-29 17:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-27 21:13 . 2008-08-27 21:35 <DIR> d-------- C:\Program Files\EphPod
2008-08-26 18:54 . 2008-08-26 18:54 244 --ah----- C:\sqmnoopt03.sqm
2008-08-26 18:54 . 2008-08-26 18:54 232 --ah----- C:\sqmdata03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 20:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-18 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 02:04 --------- d-----w C:\Program Files\Microsoft Works
2008-09-18 01:57 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-17 23:44 --------- d-----w C:\Documents and Settings\Jordan Manning\Application Data\uTorrent
2008-09-11 05:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 18:00 --------- d-----w C:\Program Files\PowerISO
2008-09-02 20:03 --------- d-----w C:\Program Files\InterVideo
2008-09-02 20:03 --------- d-----w C:\Program Files\Corel
2008-09-02 20:03 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-09-02 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-25 20:33 --------- d-----w C:\Documents and Settings\Jordan Manning\Application Data\Apple Computer
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-28 00:31 47,360 -c--a-w C:\Documents and Settings\Jordan Manning\Application Data\pcouffin.sys
2007-04-25 08:49 328 ----a-w C:\Program Files\GuideMenuSetup.iss
2007-04-06 03:28 1,237 ----a-w C:\Program Files\WinDVDSetup.iss
2006-08-17 06:56 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 17:12 22016 ea980033b10c23cacc33b2f86adad0f4 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-04-13 17:12 22016 2f92fc71928bbe9d791d922faaa050ea C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 05:00 22016 19afd6fc20c66fa7bbf3c58c74fcc988 C:\WINDOWS\system32\svchost.exe
2004-08-04 05:00 22016 0debad96628c5a44e00994655fa39d74 C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-04 05:00 1039872 3fc2b9e3235df490c613ba9a244ecae5 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1040896 3a28282d61cf719adc650e823de70db8 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-13 17:12 1041408 dc5d08a1f68c741e1c8b8b0d838ef794 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2008-04-13 17:12 1041408 2d13747b3ccc1174539fdad66d0c5e5d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2008-04-13 17:12 23040 aadb5543ecd71dd8d9ffaf8415a160a2 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2008-04-13 17:12 23040 5d386e0f624dff4f9fa7346e9c5d9108 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 05:00 23040 29ce32d3839702f44ea10d60793dea9a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 05:00 23040 df77c7cd1497ff4089d1ddebb7fc5d63 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 17:17 65536 4216c5933b06f46106670e3161c8bfdc C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2008-04-13 17:12 65536 fd4ed3d172942d60238af45efaccd945 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2008-04-13 17:12 65536 f3b9a923b3afa7a716ff498006159503 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2004-08-04 05:00 65536 52974f50227346a6f7ecd0acf4f7694d C:\WINDOWS\system32\spoolsv.exe

2008-04-13 17:12 33792 e71a05d5761e13e95a3d0e03d6bf2102 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2008-04-13 17:12 33792 0cc3605d6bfeb3b1c4b1a57b0ccf1f2e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 05:00 32256 d0ef2a1a01ee832067beb20a32fa6c70 C:\WINDOWS\system32\userinit.exe
2004-08-04 05:00 32256 ed2fd1889b42d5e559bd8e9f2f20ed43 C:\WINDOWS\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-22 67128]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 204800]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 23040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 348160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 45167]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 802816]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 57344]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 110684]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 700508]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 52840]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 299008]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 262144]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 241726]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-09-01 229376]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-09-07 442368]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 270336]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 176128]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 294912]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 90112]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1892352]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 217144]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 51712]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 74680]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 462848]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 462848]

C:\Documents and Settings\Jordan Manning\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 121344]
MP3 Downloads (silent).lnk - C:\Program Files\MP3 Downloads\MP3Downloads_on_startup.exe [2006-12-11 66171]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 37376]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-22 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll vcmsdx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
S2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-17 875288]
S2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-17 76040]
S2 HPFECP12;HPFECP12;C:\WINDOWS\system32\drivers\HPFECP12.SYS [1998-10-19 52800]
S3 f86e9153-eb58-47f1-b33e-8e9b87bbdc9c;f86e9153-eb58-47f1-b33e-8e9b87bbdc9c;D:\CDS300\cds300.dll [ ]
S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-09-01 16768]
S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51556a3d-bac5-11db-bb8a-0014a5293e64}]
\Shell\AutoRun\command - ep9otvan.com
\Shell\explore\Command - ep9otvan.com
\Shell\open\Command - ep9otvan.com
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{00CA0203-DCBB-4E51-ACAB-0A09887E0B07} - C:\WINDOWS\system32\vtUnMETM.dll
BHO-{47836122-9D2E-476C-9763-B1D366F704E1} - C:\WINDOWS\system32\yayvsrPG.dll
BHO-{648BFE63-5212-4975-8C4E-7FD859A18AC9} - (no file)
BHO-{D7EE7B68-1B8F-4EF7-9E1F-29D660F99ED9} - (no file)
HKLM-Run-VideoraiPodConverter - C:\Program Files\VideoraiPodConverter\VideoraConverter.exe
HKLM-Run-BM610060dc - C:\WINDOWS\system32\jyhsgwts.dll
ShellExecuteHooks-{47836122-9D2E-476C-9763-B1D366F704E1} - C:\WINDOWS\system32\yayvsrPG.dll
Notify-winjrs32 - winjrs32.dll
Notify-yayvsrPG - yayvsrPG.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jordan Manning\Application Data\Mozilla\Firefox\Profiles\sjt0zhix.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.team-integra.net/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 06:26:08
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????T&?|(??|???|?? ???B?????????????hLC? ??????

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-09-22 6:39:05
ComboFix-quarantined-files.txt 2008-09-22 13:38:01

Pre-Run: 41,932,529,664 bytes free
Post-Run: 41,929,977,856 bytes free

296 --- E O F --- 2008-09-22 10:07:14

HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:45 AM, on 22/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\stevew.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.team-integra.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {47836122-9D2E-476C-9763-B1D366F704E1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {648BFE63-5212-4975-8C4E-7FD859A18AC9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {D7EE7B68-1B8F-4EF7-9E1F-29D660F99ED9} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MP3 Downloads (silent).lnk = C:\Program Files\MP3 Downloads\MP3Downloads_on_startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103w.bay103.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1221794375419
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll vcmsdx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 17697 bytes

**Shaba** · 2008-09-22, 16:08

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

**stevew** · 2008-09-22, 19:22

Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore DVD 2.0
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 7.0
Adobe Setup
Adobe Setup
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite 1.3
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Autodesk DirectConnect 2.0
AVG Free 8.0
AviSynth 2.5
BitZipper 5.0.1
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ZoomBrowser EX (E)
CC_ccProxyExt
ccCommon
ccCommon
ccPxyCore
Compaq Presario r4000 User Guides
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
Data Fax SoftModem with SmartCP
EphPod
gBurner
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP DeskJet 880C Series (Remove only)
HP Help and Support
HP Software Update
HP Wireless Assistant 1.01 A3
Huffyuv AVI lossless video codec (Remove Only)
Internet Worm Protection
InterVideo WinDVD
InterVideo WinDVD SE
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Camera Driver
Logitech Desktop Messenger
Logitech QuickCam Software
Magic ISO Maker v5.3 (build 0221)
Maya 2008
Maya 2008 Documentation (en_US)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Money 2005
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
Mozilla Firefox (2.0.0.11)
MP3 Downloads
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NAVShortcut
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
PDF Settings
PowerISO
Quick Launch Buttons 5.10 B3
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Sentinel System Driver
SmartSound Quicktracks Plugin
SonicStage 3.4
SoulSeek 157 test 5
SPBBC
Spybot - Search & Destroy
Symantec
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
UserGuides
Videora iPod Converter 0.91
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10

**Shaba** · 2008-09-22, 19:28

Open notepad and copy/paste the text in the codebox below into it:

Code:

Folder::
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent
C:\Program Files\uTorrent

Driver::
f86e9153-eb58-47f1-b33e-8e9b87bbdc9c

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="vcmsdx.dll"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51556a3d-bac5-11db-bb8a-0014a5293e64}]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

**stevew** · 2008-09-22, 20:12

Should this be done in safe mode? I did as requested and ComboFix tried to start but it just sat there with the blue window and a blinking cursor (this is the problem I had before).

Task Manager showed fndstr running and I ended that but nothing happened after.

Thanks.

**Shaba** · 2008-09-22, 20:15

Yes, please

**stevew** · 2008-09-22, 21:34

Ok so ComboFix ran and then rebotted back in normal mode. It now says it's preparing the log report but it's been about an hour and none of the processes you mention are running.

The other item of note is S B S&D noted a registry change from google to microsoft search (which I allowed).

Thanks.

**Shaba** · 2008-09-22, 21:39

Then stop that and see if it produced report in c:\ComboFix.txt, please.

**stevew** · 2008-09-22, 21:48

ComboFix 08-09-20.05 - Jordan Manning 2008-09-22 11:28:03.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Jordan Manning\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jordan Manning\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe CS3 Master Collection Full Version + Keygen.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe Encore DVD 2.0.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-language Incl Crack.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe_Encore_DVD_v2_0.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe_Illustrator_CS3_Full_Version_with_Crack.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe_Premiere_Pro_2_[with_SSG_keygen_MULTILANGUAGE].torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe_Premiere_Pro_CS3_Full_Version_with_Crack.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Adobe_Premiere_Pro_CS3_Full_with_Crack(snipereg).torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Autodesk Maya 2008 Unlimited Keygen included Win32.1.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Autodesk Maya 2008 Unlimited Keygen included Win32.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Autodesk Maya 2008 Unlimited(win32).torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Autodesk Maya Unlimited 2008 HYBRID DVD + Crack.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\dht.dat
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\dht.dat.old
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\MagicIso 5.3b221 + Crack.rar.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\Maya 2008 KeyGen.EXE.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\New Yankee Workshop - The_Poker_Table.avi.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\P90X & P90X+ Plus - Extreme Home Fitness Exercise Videos - Portable MP4 (PSP-IPOD).torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\resume.dat
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\resume.dat.old
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\rss.dat
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\rss.dat.old
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\settings.dat
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\settings.dat.old
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\The.Amazing.Race.S12E01.PDTV.XviD-2HD.avi.torrent
C:\Documents and Settings\Jordan Manning\Application Data\uTorrent\utorrent.lng
C:\Program Files\uTorrent
C:\Program Files\uTorrent\uTorrent.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_f86e9153-eb58-47f1-b33e-8e9b87bbdc9c

((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-22 11:20 . 2008-09-22 11:26 <DIR> d-------- C:\32788R22FWJFW
2008-09-21 14:23 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-21 11:58 . 2008-09-21 13:43 <DIR> d-------- C:\Documents and Settings\Jordan Manning\Application Data\U3
2008-09-18 21:45 . 2008-09-18 21:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 20:35 . 2008-09-18 20:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-18 20:35 . 2008-09-18 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 19:54 . 2004-08-04 05:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2008-09-18 19:54 . 2004-08-04 05:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2008-09-18 19:52 . 2004-08-04 05:00 131,584 --a--c--- C:\WINDOWS\system32\dllcache\pmxviceo.dll
2008-09-18 19:52 . 2004-08-04 05:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia330.dll
2008-09-18 19:52 . 2004-08-04 05:00 79,872 --a--c--- C:\WINDOWS\system32\dllcache\rwia001.dll
2008-09-18 19:52 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-09-18 19:52 . 2004-08-04 05:00 26,624 --a--c--- C:\WINDOWS\system32\dllcache\rw330ext.dll
2008-09-18 19:52 . 2004-08-04 05:00 24,576 --a--c--- C:\WINDOWS\system32\dllcache\rw001ext.dll
2008-09-18 19:52 . 2004-08-04 05:00 20,736 --a--c--- C:\WINDOWS\system32\dllcache\ramdisk.sys
2008-09-18 19:52 . 2004-08-04 05:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\pmxmcro.dll
2008-09-18 19:52 . 2004-08-04 05:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\pmxgl.dll
2008-09-18 19:51 . 2004-08-04 05:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2008-09-18 19:51 . 2004-08-04 05:00 92,032 --a--c--- C:\WINDOWS\system32\dllcache\mga.dll
2008-09-18 19:51 . 2001-08-17 22:36 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2008-09-18 19:51 . 2004-08-04 05:00 35,328 --a--c--- C:\WINDOWS\system32\dllcache\iprip.dll
2008-09-18 19:51 . 2004-08-04 05:00 33,792 --a--c--- C:\WINDOWS\system32\dllcache\lmmib2.dll
2008-09-18 19:51 . 2004-08-04 05:00 22,528 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-09-18 19:51 . 2004-08-04 05:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2008-09-18 19:51 . 2004-08-04 05:00 18,432 --a--c--- C:\WINDOWS\system32\dllcache\jupiw.dll
2008-09-18 19:49 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-09-18 19:45 . 2008-09-18 19:45 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-18 19:44 . 2008-09-18 19:44 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-18 19:43 . 2004-08-04 05:00 40,960 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2008-09-18 19:40 . 2004-08-04 05:00 88,064 --a------ C:\WINDOWS\system32\charmap.exe
2008-09-18 19:08 . 2004-08-04 05:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-09-18 19:07 . 2004-08-04 05:00 1,086,058 -ra------ C:\WINDOWS\SETCD.tmp
2008-09-18 19:07 . 2004-08-04 05:00 1,042,903 -ra------ C:\WINDOWS\SETCA.tmp
2008-09-18 18:28 . 2004-08-04 05:00 66,082 --a--c--- C:\WINDOWS\system32\dllcache\c_10021.nls
2008-09-18 18:28 . 2004-08-04 05:00 66,082 --a------ C:\WINDOWS\system32\c_10021.nls
2008-09-18 18:28 . 2004-08-04 05:00 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2008-09-18 18:28 . 2004-08-04 05:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftlx041e.dll
2008-09-18 18:26 . 2008-09-18 18:29 18,461 --a------ C:\WINDOWS\setupapi.old
2008-09-18 11:01 . 2008-09-18 11:01 <DIR> d--hs---- C:\found.001
2008-09-17 21:26 . 2005-05-26 05:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-09-17 21:26 . 2005-05-26 05:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-09-17 21:25 . 2008-09-17 21:26 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-17 17:25 . 2008-09-21 23:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 17:22 . 2008-09-22 02:20 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Program Files\AVG
2008-09-17 17:22 . 2008-09-18 03:58 <DIR> d-------- C:\Documents and Settings\Jordan Manning\Application Data\AVGTOOLBAR
2008-09-17 17:22 . 2008-09-17 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 17:22 . 2008-09-17 17:22 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-17 17:22 . 2008-09-17 17:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-17 17:22 . 2008-09-17 17:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-17 16:38 . 2008-09-17 16:40 2 --a------ C:\1647530991
2008-09-14 19:05 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-09-14 19:05 . 2008-09-14 19:05 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-09-14 19:05 . 2008-09-14 19:05 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-09-14 19:05 . 2008-09-14 19:05 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-09-14 19:00 . 2008-09-14 19:00 <DIR> d-------- C:\Program Files\Autodesk
2008-09-14 18:54 . 2008-09-14 18:54 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-09-14 18:48 . 2008-09-14 19:26 <DIR> d-------- C:\FlexLM
2008-09-14 18:46 . 2008-09-14 18:46 <DIR> d-------- C:\Program Files\gBurner
2008-09-09 21:55 . 2008-09-09 21:55 <DIR> d-------- C:\WINDOWS\system32\RNBOSENT
2008-09-09 21:55 . 2008-09-09 21:55 <DIR> d-------- C:\Documents and Settings\Jordan Manning\WINDOWS
2008-09-09 21:55 . 2006-11-22 10:01 693,760 --a------ C:\WINDOWS\system32\drivers\hardlock.sy_
2008-09-09 21:55 . 2001-06-21 21:39 73,728 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-09-09 21:55 . 2001-06-21 21:39 49,664 --a------ C:\WINDOWS\system32\SNTI386.DLL
2008-09-09 21:55 . 2001-06-21 21:39 20,032 -ra------ C:\WINDOWS\system32\drivers\SNTNLUSB.SYS
2008-09-09 21:55 . 2001-06-21 21:39 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2008-09-09 21:55 . 2001-06-21 21:39 9,949 --a------ C:\WINDOWS\system32\SENTINEL.HLP
2008-09-09 21:55 . 2008-09-09 21:56 2,624 --a------ C:\WINDOWS\system32\config.hsp
2008-09-09 21:43 . 2008-09-09 21:44 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2008-09-09 21:43 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-09-09 21:42 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-08-29 16:40 . 2008-08-29 17:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-27 21:13 . 2008-08-27 21:35 <DIR> d-------- C:\Program Files\EphPod
2008-08-26 18:54 . 2008-08-26 18:54 244 --ah----- C:\sqmnoopt03.sqm
2008-08-26 18:54 . 2008-08-26 18:54 232 --ah----- C:\sqmdata03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 18:39 --------- d-----w C:\Documents and Settings\Jordan Manning\Application Data\uTorrent
2008-09-21 20:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-18 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-18 02:04 --------- d-----w C:\Program Files\Microsoft Works
2008-09-18 01:57 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-11 05:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-09 18:00 --------- d-----w C:\Program Files\PowerISO
2008-09-02 20:03 --------- d-----w C:\Program Files\InterVideo
2008-09-02 20:03 --------- d-----w C:\Program Files\Corel
2008-09-02 20:03 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-09-02 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-07-25 20:33 --------- d-----w C:\Documents and Settings\Jordan Manning\Application Data\Apple Computer
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-09-28 00:31 47,360 -c--a-w C:\Documents and Settings\Jordan Manning\Application Data\pcouffin.sys
2007-04-25 08:49 328 ----a-w C:\Program Files\GuideMenuSetup.iss
2007-04-06 03:28 1,237 ----a-w C:\Program Files\WinDVDSetup.iss
2006-08-17 06:56 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 17:12 22016 ea980033b10c23cacc33b2f86adad0f4 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2008-04-13 17:12 22016 2f92fc71928bbe9d791d922faaa050ea C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 05:00 22016 19afd6fc20c66fa7bbf3c58c74fcc988 C:\WINDOWS\system32\svchost.exe
2004-08-04 05:00 22016 0debad96628c5a44e00994655fa39d74 C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-04 05:00 1039872 3fc2b9e3235df490c613ba9a244ecae5 C:\WINDOWS\explorer.exe
2007-06-13 04:26 1040896 3a28282d61cf719adc650e823de70db8 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-13 17:12 1041408 dc5d08a1f68c741e1c8b8b0d838ef794 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2008-04-13 17:12 1041408 2d13747b3ccc1174539fdad66d0c5e5d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2008-04-13 17:12 23040 aadb5543ecd71dd8d9ffaf8415a160a2 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\ctfmon.exe
2008-04-13 17:12 23040 5d386e0f624dff4f9fa7346e9c5d9108 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 05:00 23040 29ce32d3839702f44ea10d60793dea9a C:\WINDOWS\system32\ctfmon.exe
2004-08-04 05:00 23040 df77c7cd1497ff4089d1ddebb7fc5d63 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 17:17 65536 4216c5933b06f46106670e3161c8bfdc C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2008-04-13 17:12 65536 fd4ed3d172942d60238af45efaccd945 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\spoolsv.exe
2008-04-13 17:12 65536 f3b9a923b3afa7a716ff498006159503 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2004-08-04 05:00 65536 52974f50227346a6f7ecd0acf4f7694d C:\WINDOWS\system32\spoolsv.exe

2008-04-13 17:12 33792 e71a05d5761e13e95a3d0e03d6bf2102 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
2008-04-13 17:12 33792 0cc3605d6bfeb3b1c4b1a57b0ccf1f2e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 05:00 32256 d0ef2a1a01ee832067beb20a32fa6c70 C:\WINDOWS\system32\userinit.exe
2004-08-04 05:00 32256 ed2fd1889b42d5e559bd8e9f2f20ed43 C:\WINDOWS\system32\dllcache\userinit.exe
.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45, on 2008-09-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\stevew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.team-integra.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {47836122-9D2E-476C-9763-B1D366F704E1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {648BFE63-5212-4975-8C4E-7FD859A18AC9} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {D7EE7B68-1B8F-4EF7-9E1F-29D660F99ED9} - (no file)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MP3 Downloads (silent).lnk = C:\Program Files\MP3 Downloads\MP3Downloads_on_startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103w.bay103.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1221794375419
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 17013 bytes

Thread: Auto update/pop ups/data execution prevention

Thread Tools

Display

Posting Permissions