View Full Version : Problems with Wintems.exe
I made a booboo and got my pc all infected with the Wintems.exe Trojan. This has caused me huge headaches. It blew away my anti-virus and firewall and it keeps recreating itself every time I get rid of it with Spyware Nuker.
On the advice of my service provider I've tried to uninstall Norton but I couldn't uninstall it. Although I can access the internet I can't download anything. When I try to, it starts up Windows installer and gives me a message "Norton AntiVirus 2006 does not support the repair feature. Please uninstall and reinstall.". Whatever solutions I try will have to be done with the resources I currently have on my computer.
I tried the solution of another website but that didn't work either. I couldn't access safe mode when rebooting.
I'm really at a loss and would greatly appreciate any help I can get!!!
Bob
shelf life
2008-11-13, 00:33
Hi,
i would use the computer as little as possible, when not in use pull the plug on the modem. do not do any financial transactions etc. Not being able to boot into safe mode may complicate things. we will get two downloads to use. the first is HJT, the second is combofix.
hjt:
HiJackThis log - Trend Micro HijackThis 2.0.2
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis .
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
* Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your (Click --> ) own new topic
Combofix:
there is a guide for using combofix below;it seems long but only requires a few steps on your part. please read through it first.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
post in your reply the hjt log and the combofix log.
also you can try a online scan here after the above;
ESET online scanner:
http://www.eset.com/onlinescan/
uses Internet Explorer only
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan unwanted applications"
click scan
when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
please copy/paste that log in next reply.
With much difficulty I finally downloaded the apps only to receive a message saying "not a valid Win32 application".
What next?
Appreciatively,
Bob
shelf life
2008-11-14, 00:49
most likely it is the malware/virus causing this, try the online scan and see if that gets you anywhere.
since you are unable to boot into safe mode try this: turn your computer off with the power button, not using the start button. wait a minute and turn it back on. since it didnt shut down correctly you may get the booting options screen. if so: arrow up to safe mode (first option).
once at the safe mode desktop run your anti-virus, and combofix.
It won't work. Every time I try to download anything I get the following:
Windows installer starts, I get a message saying Norton Antivirus 2006 does not support the repair feature, please uninstall and reinstall.
shelf life
2008-11-14, 03:12
we will try to boot into safe mode using the msconfig utility.
start>run and type in msconfig
click ok
system config utility window will open (we hope)
select the BOOT.INI tab
put a check in the box next to /SAFEBOOT
click apply, then ok
at the prompt restart computer
if that works run your AV and combofix in safe mode
to remove the option, run msconfig again and uncheck the /SAFEBOOT option.
if that fails; are you able to bring up task manager by hitting crtl-alt-delete? that may be disabled also.
Hi again,
As I mentioned in my PM to you, while rebooting in safe mode, I would get the blue screen of death. Having changed back that option in the boot.ini file, I can now get back into windows but I can't install the two programs. What's next?
Thanx,
Bob
shelf life
2008-12-06, 01:16
hi,
i assume you can get on the internet? you can delete the copy of combofix you have like this:
start>run and type in: combofix /u
click ok or enter
note the space after the x and before the /
we will try this:
go to one of the sites below to download combofix
this time before you save it:
change its name to scanme.exe
then save it to your desktop
doubleclick the icon to start and follow the prompts.
combofix links:
http://subs.geekstogo.com/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Hi,
Thanx for getting back to me. The download worked and combofix ran, creating a logfile.
What's next?
P.S. my internet is running considerably faster...baby steps!!:)
shelf life
2008-12-09, 04:14
ok good. post the combofix log.
I've been able to reinstall Norton which I ran and it came up with nothing. Same with Spyware Nuker. I think combofix solved my problems!
Here's the Combofix log:
ComboFix 08-12-06.06 - bomb121 2008-12-08 0:22:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.274 [GMT -5:00]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\bomb121\Application Data\Adobe\Manager.exe
c:\documents and settings\bomb121\Application Data\m
c:\documents and settings\bomb121\Application Data\m\data.oct
c:\documents and settings\bomb121\Application Data\m\flec006.exe
c:\documents and settings\bomb121\Application Data\m\list.oct
c:\documents and settings\bomb121\Application Data\m\shared\1st Windows System & Internet Washer Pro 3.33.zip
c:\documents and settings\bomb121\Application Data\m\shared\ABBIcon 4.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Acronis Migrate Easy 7.0.0 Build 645 [With Crack].zip
c:\documents and settings\bomb121\Application Data\m\shared\ActiveStartup Deluxe 1.20 build 45.zip
c:\documents and settings\bomb121\Application Data\m\shared\Advanced PDF2HTM (PDF to HTML) 2.00.zip
c:\documents and settings\bomb121\Application Data\m\shared\agASCII_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\America's_Greatest_Solitaire_1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Anand Daily Dilbert 2.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Apis DVD Ripper 2.24 (Key+Serial).zip
c:\documents and settings\bomb121\Application Data\m\shared\Apple_PowerCD_Update_1.0.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Aqua_Blocks_for_Symbian_Series_60_Devices_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Aquarium_Lab_2.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\AriaRSS 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\ASPNetFlash 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Audio_Hijack_2.2.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Audio_MP3_ID3_Tag_Editor_1.00.zip
c:\documents and settings\bomb121\Application Data\m\shared\Backup E-mail 1.91.zip
c:\documents and settings\bomb121\Application Data\m\shared\BackupSQL_Studio_1.0.4.0_KeyGen.zip
c:\documents and settings\bomb121\Application Data\m\shared\bbTablet.zip
c:\documents and settings\bomb121\Application Data\m\shared\Breath_1.3.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\CD_ROM_Drive_Remote_Disabler_2.zip
c:\documents and settings\bomb121\Application Data\m\shared\CETuner_2004_2.16.zip
c:\documents and settings\bomb121\Application Data\m\shared\Change Navigator 1.2.zip
c:\documents and settings\bomb121\Application Data\m\shared\Command & Conquer Red Alert 2 Yuri's Revenge 1.001 patch.zip
c:\documents and settings\bomb121\Application Data\m\shared\CommuniCrypt_Mail_1.16.zip
c:\documents and settings\bomb121\Application Data\m\shared\Compressed NTFS File Decompressor 1.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\CompuApps_DriveWizard_3.15_[KeyGen].zip
c:\documents and settings\bomb121\Application Data\m\shared\Conquer_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Contactmatrix_1.2.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Crypto-Lock 2.02.zip
c:\documents and settings\bomb121\Application Data\m\shared\Daily Horoscope 1.0.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\dampfplatz font 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Data Control Font 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Data_Destroyer_8.27t_Key+Serial.zip
c:\documents and settings\bomb121\Application Data\m\shared\DCI_Organizer_1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Disk_Secure_Eraser_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\DIY_Passport_Photos_0.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\DMT SQL Decryptor 3.2.5.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\DP_CD_DVD_Burner_1.1_beta_8.zip
c:\documents and settings\bomb121\Application Data\m\shared\Drivers_Ed_Game_1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Dungeon Siege Elys DS Succubus Mod.zip
c:\documents and settings\bomb121\Application Data\m\shared\DVD_Reauthor_Professional_3.2.zip
c:\documents and settings\bomb121\Application Data\m\shared\DVD_Region+CSS_Free_Lite_5.9.8.5.zip
c:\documents and settings\bomb121\Application Data\m\shared\EasyChat_1.0_[KeyGen].zip
c:\documents and settings\bomb121\Application Data\m\shared\Ebay Profit Calculator UK 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\eDocPrinter_PDF_Pro_6.34_build_5032.zip
c:\documents and settings\bomb121\Application Data\m\shared\Email Collector 1.7.2.8.zip
c:\documents and settings\bomb121\Application Data\m\shared\EmailPipe 2.2.zip
c:\documents and settings\bomb121\Application Data\m\shared\Fantastico_ftpBackup_1.0.309.zip
c:\documents and settings\bomb121\Application Data\m\shared\Firespawn_1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Firetrust_Benign_1.5.zip
c:\documents and settings\bomb121\Application Data\m\shared\FlashPoint_Pro_2.41.zip
c:\documents and settings\bomb121\Application Data\m\shared\Full Convert Standard MySQL Edition 1.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\Geo Gizmo 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\GG Tools 1.zip
c:\documents and settings\bomb121\Application Data\m\shared\GoodOK DVD to iPod MP4 MP3 AMR Ripper 3.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\GoodSync 7.2.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\HandyFileSearch_1.1.0_[Key+Serial].zip
c:\documents and settings\bomb121\Application Data\m\shared\HiHi_Order_System_5.1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\HTML-to-RTF Pro DLL 1.8.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Icon Seizer 1.9.zip
c:\documents and settings\bomb121\Application Data\m\shared\IE_ScrollBar_FreeStyler_Plus_1.0_(Serial).zip
c:\documents and settings\bomb121\Application Data\m\shared\Indentix_Component_Suite_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\JRActivesizer_1.6.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Keybreeze_Basic_2.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Koepi XviD 1.1.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\Konvertor_eps2xxx 2.05.zip
c:\documents and settings\bomb121\Application Data\m\shared\ksColorPick_1.00.zip
c:\documents and settings\bomb121\Application Data\m\shared\KSplitter 6.0.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\LottoWin 1.1.6.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\LOVEIRAN toolbar for Firefox 1.0.1.30.zip
c:\documents and settings\bomb121\Application Data\m\shared\Macromedia Flash Player Uninstaller 7.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\MagicMedia 3.31.zip
c:\documents and settings\bomb121\Application Data\m\shared\Math Stars 5.5.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\MathHelper 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\MB Free Leo Astrology 1.50.zip
c:\documents and settings\bomb121\Application Data\m\shared\Millennia Calendar 2.3.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\mmSensitivity_2.07_(Key).zip
c:\documents and settings\bomb121\Application Data\m\shared\Mystic_Forest_Screensaver_[Serial].zip
c:\documents and settings\bomb121\Application Data\m\shared\NetSess 2.00.00.zip
c:\documents and settings\bomb121\Application Data\m\shared\NetworkProcMonitor_1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Observer_2.7.7.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\OhMyGolf_1.3.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\Panda.Antivirus.Titanium.User.Name.Password.zip
c:\documents and settings\bomb121\Application Data\m\shared\Passage_Of_Time_1.3_(Cracked).zip
c:\documents and settings\bomb121\Application Data\m\shared\Password manager 2.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\PerlWiz_1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\PhotoBrowser 1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Plasteroid 1.31.zip
c:\documents and settings\bomb121\Application Data\m\shared\PlotLab VC++ 3.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Pocket_Mahjongg_for_Sony_CLIE_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Portable_FastStone_MaxView_2.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\PPCMorse_1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Print_Preview_5.20.1_Patch.zip
c:\documents and settings\bomb121\Application Data\m\shared\Qmulate_Enterprise_Manager_1.7_Beta_2.zip
c:\documents and settings\bomb121\Application Data\m\shared\RADMan_3.0.871.zip
c:\documents and settings\bomb121\Application Data\m\shared\Record Disc SDK Professional 1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Regex File Searcher 1.5b.zip
c:\documents and settings\bomb121\Application Data\m\shared\Scrabble 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Seven_Kingdoms_demo.zip
c:\documents and settings\bomb121\Application Data\m\shared\Simple Sticky 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Slice 'n' Splice 2.2.zip
c:\documents and settings\bomb121\Application Data\m\shared\SolidShare_2.6.11.zip
c:\documents and settings\bomb121\Application Data\m\shared\StartMenuEx_0.4.9.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\Super_Speed_Launcher_1.01.zip
c:\documents and settings\bomb121\Application Data\m\shared\SysTray Menu ActiveX 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\TelnetLauncher_2.7.5.zip
c:\documents and settings\bomb121\Application Data\m\shared\Temporary Inbox 2.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Terminus_demo_patch_1.2.zip
c:\documents and settings\bomb121\Application Data\m\shared\This Is PK Mind Over Matter.zip
c:\documents and settings\bomb121\Application Data\m\shared\Transym_OCR_2.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\TreeSize_Pro_4.3.2_Patch.zip
c:\documents and settings\bomb121\Application Data\m\shared\Ultra Trigger FX 1.144.zip
c:\documents and settings\bomb121\Application Data\m\shared\UMSLite_4.0_(Serial).zip
c:\documents and settings\bomb121\Application Data\m\shared\Unreal_Tournament_2003_-_SuperBots_1.2_mod.zip
c:\documents and settings\bomb121\Application Data\m\shared\Vbs2Exe_4.0.1.2_Key.zip
c:\documents and settings\bomb121\Application Data\m\shared\VBto_Converter_2.18.zip
c:\documents and settings\bomb121\Application Data\m\shared\VideoCharge_2.3.zip
c:\documents and settings\bomb121\Application Data\m\shared\Website_Popularity_1.7_(Key+Serial).zip
c:\documents and settings\bomb121\Application Data\m\shared\Wild_Metal_Country_demo.zip
c:\documents and settings\bomb121\Application Data\m\shared\Window_Cleanser_1.7.2.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\WindVisible 1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\Wondershare DVD to Apple TV Ripper 3.1.21 [KeyGen].zip
c:\documents and settings\bomb121\Application Data\m\shared\Word AutoForms & Beginning VBA 1.1.zip
c:\documents and settings\bomb121\Application Data\m\shared\Words_Extractor_1.6.5.22.zip
c:\documents and settings\bomb121\Application Data\m\shared\World of Warcraft Ring of Fire movie.zip
c:\documents and settings\bomb121\Application Data\m\shared\Xe847_ProPlus_Plugin_for_Photoshop_1.0.zip
c:\documents and settings\bomb121\Application Data\m\shared\ZeboPhoto_1.9.1.zip
c:\documents and settings\bomb121\Application Data\m\srvlist.oct
c:\program files\Mozilla Firefox\plugins\npclntax.dll
c:\program files\screensavers.com
c:\program files\screensavers.com\Installer\bin\siuninst.exe
c:\program files\screensavers.com\Wallpaper\Sunset at the Beach.jpg
c:\program files\screensavers.com\Wallpaper\swpstart.exe
c:\program files\screensavers.com\Wallpaper\Wintery Woods.jpg
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\downld\100203.exe
c:\windows\system32\drivers\downld\103067234.exe
c:\windows\system32\drivers\downld\103084265.exe
c:\windows\system32\drivers\downld\103089578.exe
c:\windows\system32\drivers\downld\103110203.exe
c:\windows\system32\drivers\downld\103115609.exe
c:\windows\system32\drivers\downld\103151406.exe
c:\windows\system32\drivers\downld\103300296.exe
c:\windows\system32\drivers\downld\103317750.exe
c:\windows\system32\drivers\downld\103320234.exe
c:\windows\system32\drivers\downld\103890.exe
c:\windows\system32\drivers\downld\106218.exe
c:\windows\system32\drivers\downld\107078.exe
c:\windows\system32\drivers\downld\115046.exe
c:\windows\system32\drivers\downld\117625.exe
c:\windows\system32\drivers\downld\117739421.exe
c:\windows\system32\drivers\downld\117758921.exe
c:\windows\system32\drivers\downld\117762046.exe
c:\windows\system32\drivers\downld\117771062.exe
c:\windows\system32\drivers\downld\117781359.exe
c:\windows\system32\drivers\downld\117787609.exe
c:\windows\system32\drivers\downld\117811890.exe
c:\windows\system32\drivers\downld\117843.exe
c:\windows\system32\drivers\downld\117931203.exe
c:\windows\system32\drivers\downld\117952390.exe
c:\windows\system32\drivers\downld\117955000.exe
c:\windows\system32\drivers\downld\119953.exe
c:\windows\system32\drivers\downld\121140.exe
c:\windows\system32\drivers\downld\123968.exe
c:\windows\system32\drivers\downld\124890.exe
c:\windows\system32\drivers\downld\126468.exe
c:\windows\system32\drivers\downld\127125.exe
c:\windows\system32\drivers\downld\132372390.exe
c:\windows\system32\drivers\downld\132387625.exe
c:\windows\system32\drivers\downld\132389734.exe
c:\windows\system32\drivers\downld\132401265.exe
c:\windows\system32\drivers\downld\132412250.exe
c:\windows\system32\drivers\downld\132432218.exe
c:\windows\system32\drivers\downld\132551515.exe
c:\windows\system32\drivers\downld\132566937.exe
c:\windows\system32\drivers\downld\132577406.exe
c:\windows\system32\drivers\downld\140546.exe
c:\windows\system32\drivers\downld\146996984.exe
c:\windows\system32\drivers\downld\147030000.exe
c:\windows\system32\drivers\downld\147031921.exe
c:\windows\system32\drivers\downld\147048953.exe
c:\windows\system32\drivers\downld\147055546.exe
c:\windows\system32\drivers\downld\147169812.exe
c:\windows\system32\drivers\downld\147297281.exe
c:\windows\system32\drivers\downld\147334609.exe
c:\windows\system32\drivers\downld\14781796.exe
c:\windows\system32\drivers\downld\14803531.exe
c:\windows\system32\drivers\downld\14805890.exe
c:\windows\system32\drivers\downld\14859593.exe
c:\windows\system32\drivers\downld\14882859.exe
c:\windows\system32\drivers\downld\14887203.exe
c:\windows\system32\drivers\downld\14887421.exe
c:\windows\system32\drivers\downld\14892734.exe
c:\windows\system32\drivers\downld\14902500.exe
c:\windows\system32\drivers\downld\14907359.exe
c:\windows\system32\drivers\downld\14914109.exe
c:\windows\system32\drivers\downld\14923390.exe
c:\windows\system32\drivers\downld\14936093.exe
c:\windows\system32\drivers\downld\14940656.exe
c:\windows\system32\drivers\downld\14944343.exe
c:\windows\system32\drivers\downld\14971265.exe
c:\windows\system32\drivers\downld\14975906.exe
c:\windows\system32\drivers\downld\14999828.exe
c:\windows\system32\drivers\downld\15026156.exe
c:\windows\system32\drivers\downld\15045343.exe
c:\windows\system32\drivers\downld\15057671.exe
c:\windows\system32\drivers\downld\150672453.exe
c:\windows\system32\drivers\downld\150683421.exe
c:\windows\system32\drivers\downld\150705437.exe
c:\windows\system32\drivers\downld\150707375.exe
c:\windows\system32\drivers\downld\150725031.exe
c:\windows\system32\drivers\downld\150753375.exe
c:\windows\system32\drivers\downld\150765343.exe
c:\windows\system32\drivers\downld\150797843.exe
c:\windows\system32\drivers\downld\150836500.exe
c:\windows\system32\drivers\downld\150865859.exe
c:\windows\system32\drivers\downld\150870593.exe
c:\windows\system32\drivers\downld\150877796.exe
c:\windows\system32\drivers\downld\15089078.exe
c:\windows\system32\drivers\downld\150933734.exe
c:\windows\system32\drivers\downld\150990796.exe
c:\windows\system32\drivers\downld\15108937.exe
c:\windows\system32\drivers\downld\15111937.exe
c:\windows\system32\drivers\downld\15153828.exe
c:\windows\system32\drivers\downld\15158984.exe
c:\windows\system32\drivers\downld\152375.exe
c:\windows\system32\drivers\downld\1564578.exe
c:\windows\system32\drivers\downld\1606656.exe
c:\windows\system32\drivers\downld\1609312.exe
c:\windows\system32\drivers\downld\161800328.exe
c:\windows\system32\drivers\downld\161813218.exe
c:\windows\system32\drivers\downld\161814562.exe
c:\windows\system32\drivers\downld\161853625.exe
c:\windows\system32\drivers\downld\161858171.exe
c:\windows\system32\drivers\downld\161883453.exe
c:\windows\system32\drivers\downld\162006234.exe
c:\windows\system32\drivers\downld\162035187.exe
c:\windows\system32\drivers\downld\162049296.exe
c:\windows\system32\drivers\downld\1649296.exe
c:\windows\system32\drivers\downld\1654109.exe
c:\windows\system32\drivers\downld\169875.exe
c:\windows\system32\drivers\downld\1700437.exe
c:\windows\system32\drivers\downld\174187.exe
c:\windows\system32\drivers\downld\176470765.exe
c:\windows\system32\drivers\downld\176496515.exe
c:\windows\system32\drivers\downld\176498609.exe
c:\windows\system32\drivers\downld\176522343.exe
c:\windows\system32\drivers\downld\176531671.exe
c:\windows\system32\drivers\downld\176553140.exe
c:\windows\system32\drivers\downld\176672343.exe
c:\windows\system32\drivers\downld\176692468.exe
c:\windows\system32\drivers\downld\176702984.exe
c:\windows\system32\drivers\downld\180546.exe
c:\windows\system32\drivers\downld\1817515.exe
c:\windows\system32\drivers\downld\182406.exe
c:\windows\system32\drivers\downld\1842484.exe
c:\windows\system32\drivers\downld\1853390.exe
c:\windows\system32\drivers\downld\191162046.exe
c:\windows\system32\drivers\downld\191176859.exe
c:\windows\system32\drivers\downld\191182515.exe
c:\windows\system32\drivers\downld\191274734.exe
c:\windows\system32\drivers\downld\191286828.exe
c:\windows\system32\drivers\downld\191291578.exe
c:\windows\system32\drivers\downld\191313203.exe
c:\windows\system32\drivers\downld\191426750.exe
c:\windows\system32\drivers\downld\191461515.exe
c:\windows\system32\drivers\downld\191464718.exe
c:\windows\system32\drivers\downld\200046.exe
c:\windows\system32\drivers\downld\204031.exe
c:\windows\system32\drivers\downld\211062.exe
c:\windows\system32\drivers\downld\213062.exe
c:\windows\system32\drivers\downld\213843.exe
c:\windows\system32\drivers\downld\215750.exe
c:\windows\system32\drivers\downld\219421.exe
c:\windows\system32\drivers\downld\219656.exe
c:\windows\system32\drivers\downld\220343.exe
c:\windows\system32\drivers\downld\223953.exe
c:\windows\system32\drivers\downld\226640.exe
c:\windows\system32\drivers\downld\230156.exe
c:\windows\system32\drivers\downld\230687.exe
c:\windows\system32\drivers\downld\233796.exe
c:\windows\system32\drivers\downld\235765.exe
c:\windows\system32\drivers\downld\245500.exe
c:\windows\system32\drivers\downld\249875.exe
c:\windows\system32\drivers\downld\250718.exe
c:\windows\system32\drivers\downld\251703.exe
c:\windows\system32\drivers\downld\254796.exe
c:\windows\system32\drivers\downld\255250.exe
c:\windows\system32\drivers\downld\262093.exe
c:\windows\system32\drivers\downld\264843.exe
c:\windows\system32\drivers\downld\265750.exe
c:\windows\system32\drivers\downld\275406.exe
c:\windows\system32\drivers\downld\279718.exe
c:\windows\system32\drivers\downld\288078.exe
c:\windows\system32\drivers\downld\29484000.exe
c:\windows\system32\drivers\downld\29484968.exe
c:\windows\system32\drivers\downld\29508468.exe
c:\windows\system32\drivers\downld\29545921.exe
c:\windows\system32\drivers\downld\29590593.exe
c:\windows\system32\drivers\downld\29592703.exe
c:\windows\system32\drivers\downld\29612125.exe
c:\windows\system32\drivers\downld\29634125.exe
c:\windows\system32\drivers\downld\29658796.exe
c:\windows\system32\drivers\downld\29729921.exe
c:\windows\system32\drivers\downld\29740890.exe
c:\windows\system32\drivers\downld\29779406.exe
c:\windows\system32\drivers\downld\29783984.exe
c:\windows\system32\drivers\downld\302187.exe
c:\windows\system32\drivers\downld\302968.exe
c:\windows\system32\drivers\downld\3088562.exe
c:\windows\system32\drivers\downld\3100015.exe
c:\windows\system32\drivers\downld\3101109.exe
c:\windows\system32\drivers\downld\311390.exe
c:\windows\system32\drivers\downld\3136046.exe
c:\windows\system32\drivers\downld\3143953.exe
c:\windows\system32\drivers\downld\3150703.exe
c:\windows\system32\drivers\downld\3173328.exe
c:\windows\system32\drivers\downld\321062.exe
c:\windows\system32\drivers\downld\327109.exe
c:\windows\system32\drivers\downld\3305687.exe
c:\windows\system32\drivers\downld\3354000.exe
c:\windows\system32\drivers\downld\3393234.exe
c:\windows\system32\drivers\downld\345187.exe
c:\windows\system32\drivers\downld\347312.exe
c:\windows\system32\drivers\downld\379265.exe
c:\windows\system32\drivers\downld\395437.exe
c:\windows\system32\drivers\downld\395796.exe
c:\windows\system32\drivers\downld\396062.exe
c:\windows\system32\drivers\downld\397984.exe
c:\windows\system32\drivers\downld\400890.exe
c:\windows\system32\drivers\downld\407363593.exe
c:\windows\system32\drivers\downld\407395656.exe
c:\windows\system32\drivers\downld\407399500.exe
c:\windows\system32\drivers\downld\407424765.exe
c:\windows\system32\drivers\downld\407462406.exe
c:\windows\system32\drivers\downld\407496390.exe
c:\windows\system32\drivers\downld\407515437.exe
c:\windows\system32\drivers\downld\407536406.exe
c:\windows\system32\drivers\downld\407578984.exe
c:\windows\system32\drivers\downld\407596937.exe
c:\windows\system32\drivers\downld\414250.exe
c:\windows\system32\drivers\downld\417718.exe
c:\windows\system32\drivers\downld\425484.exe
c:\windows\system32\drivers\downld\428406.exe
c:\windows\system32\drivers\downld\430625.exe
c:\windows\system32\drivers\downld\44163828.exe
c:\windows\system32\drivers\downld\44186656.exe
c:\windows\system32\drivers\downld\44196390.exe
c:\windows\system32\drivers\downld\44203578.exe
c:\windows\system32\drivers\downld\44248062.exe
c:\windows\system32\drivers\downld\44248843.exe
c:\windows\system32\drivers\downld\44250125.exe
c:\windows\system32\drivers\downld\44270484.exe
c:\windows\system32\drivers\downld\44273687.exe
c:\windows\system32\drivers\downld\44283312.exe
c:\windows\system32\drivers\downld\44300250.exe
c:\windows\system32\drivers\downld\44406187.exe
c:\windows\system32\drivers\downld\44417125.exe
c:\windows\system32\drivers\downld\44429421.exe
c:\windows\system32\drivers\downld\44429750.exe
c:\windows\system32\drivers\downld\44450000.exe
c:\windows\system32\drivers\downld\448578.exe
c:\windows\system32\drivers\downld\450578.exe
c:\windows\system32\drivers\downld\459203.exe
c:\windows\system32\drivers\downld\465015.exe
c:\windows\system32\drivers\downld\471062.exe
c:\windows\system32\drivers\downld\483890.exe
c:\windows\system32\drivers\downld\48663578.exe
c:\windows\system32\drivers\downld\48687500.exe
c:\windows\system32\drivers\downld\48704421.exe
c:\windows\system32\drivers\downld\48707078.exe
c:\windows\system32\drivers\downld\48804984.exe
c:\windows\system32\drivers\downld\48815859.exe
c:\windows\system32\drivers\downld\48852234.exe
c:\windows\system32\drivers\downld\48884125.exe
c:\windows\system32\drivers\downld\48905328.exe
c:\windows\system32\drivers\downld\48907125.exe
c:\windows\system32\drivers\downld\48914453.exe
c:\windows\system32\drivers\downld\48955750.exe
c:\windows\system32\drivers\downld\48972015.exe
c:\windows\system32\drivers\downld\499484.exe
c:\windows\system32\drivers\downld\500000.exe
c:\windows\system32\drivers\downld\519359.exe
c:\windows\system32\drivers\downld\58870093.exe
c:\windows\system32\drivers\downld\58887671.exe
c:\windows\system32\drivers\downld\58890484.exe
c:\windows\system32\drivers\downld\58913312.exe
c:\windows\system32\drivers\downld\58931843.exe
c:\windows\system32\drivers\downld\59067218.exe
c:\windows\system32\drivers\downld\59099875.exe
c:\windows\system32\drivers\downld\63394531.exe
c:\windows\system32\drivers\downld\63406140.exe
c:\windows\system32\drivers\downld\63406734.exe
c:\windows\system32\drivers\downld\63446109.exe
c:\windows\system32\drivers\downld\63485296.exe
c:\windows\system32\drivers\downld\63550234.exe
c:\windows\system32\drivers\downld\63551531.exe
c:\windows\system32\drivers\downld\63560843.exe
c:\windows\system32\drivers\downld\63616031.exe
c:\windows\system32\drivers\downld\63653609.exe
c:\windows\system32\drivers\downld\73536203.exe
c:\windows\system32\drivers\downld\73557781.exe
c:\windows\system32\drivers\downld\73560093.exe
c:\windows\system32\drivers\downld\73589078.exe
c:\windows\system32\drivers\downld\73598171.exe
c:\windows\system32\drivers\downld\73617671.exe
c:\windows\system32\drivers\downld\73809453.exe
c:\windows\system32\drivers\downld\73847500.exe
c:\windows\system32\drivers\downld\73864765.exe
c:\windows\system32\drivers\downld\78076453.exe
c:\windows\system32\drivers\downld\78083859.exe
c:\windows\system32\drivers\downld\78094390.exe
c:\windows\system32\drivers\downld\78095328.exe
c:\windows\system32\drivers\downld\78145984.exe
c:\windows\system32\drivers\downld\78196515.exe
c:\windows\system32\drivers\downld\78287796.exe
c:\windows\system32\drivers\downld\78288562.exe
c:\windows\system32\drivers\downld\78301968.exe
c:\windows\system32\drivers\downld\78338437.exe
c:\windows\system32\drivers\downld\78362921.exe
c:\windows\system32\drivers\downld\88293671.exe
c:\windows\system32\drivers\downld\88365937.exe
c:\windows\system32\drivers\downld\88367531.exe
c:\windows\system32\drivers\downld\88404625.exe
c:\windows\system32\drivers\downld\88445500.exe
c:\windows\system32\drivers\downld\88599312.exe
c:\windows\system32\drivers\downld\88625468.exe
c:\windows\system32\drivers\downld\88632046.exe
c:\windows\system32\drivers\downld\98828.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\srosa.sys
c:\windows\system32\drivers\srosa2.sys
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wintems.exe
c:\windows\system32\wpcap.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_NPF
-------\Legacy_SK9OU0S
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_NPF
-------\Service_sK9Ou0s
((((((((((((((((((((((((( Files Created from 2008-11-08 to 2008-12-08 )))))))))))))))))))))))))))))))
.
2008-12-07 23:57 . 2008-12-08 00:04 <DIR> d-------- C:\1 temp
2008-12-04 07:24 . 2008-12-04 07:24 <DIR> d-------- c:\documents and settings\bomb121 #2\Application Data\Logitech
2008-11-10 11:17 . 2008-11-10 13:32 <DIR> d-------- c:\program files\Guitar Pro 5.2
2008-11-09 14:57 . 2008-11-09 14:58 <DIR> d-------- c:\program files\RAR Password Cracker
2008-11-08 20:35 . 2008-11-08 22:15 70 --a------ c:\windows\TaskbarManager.INI
2008-11-08 20:34 . 2008-11-08 22:15 52 --a------ c:\windows\system32\tbm.set
2008-11-08 20:33 . 2008-11-08 20:33 <DIR> d-------- c:\program files\Askarya
2008-11-08 20:33 . 2008-11-08 20:33 9 --a------ c:\windows\system32\tbmlic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-08 05:04 --------- d-----w c:\documents and settings\bomb121\Application Data\TeraCopy
2008-12-04 12:26 67,645 -c--a-w c:\windows\system32\drivers\pshook11.sys
2008-12-02 22:03 5,680 -c--a-w c:\windows\system32\drivers\psntkd20.sys
2008-11-18 16:11 --------- d-----w c:\documents and settings\bomb121\Application Data\uTorrent
2008-11-11 13:56 --------- d-----w c:\program files\Security Task Manager
2008-11-11 05:42 --------- d-----w c:\program files\Yahoo!
2008-11-11 05:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-11 04:47 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-11 03:38 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-10 22:06 --------- d-----w c:\program files\CleanUp!
2008-11-10 18:29 --------- d-----w c:\program files\eMule
2008-10-31 15:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-26 02:18 --------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2008-10-22 12:57 --------- d-----w c:\documents and settings\bomb121\Application Data\Mp3tag
2008-10-22 02:33 --------- d-----w c:\program files\Mp3tag
2008-10-21 02:54 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-20 14:18 --------- d-----w c:\program files\Spyware Nuker
2008-10-11 07:50 3,532 ----a-w C:\drmHeader.bin
2006-10-08 17:11 774,144 -c--a-w c:\program files\RngInterstitial.dll
2008-03-08 20:48 217,073 -csha-r c:\windows\meta4.exe
2005-04-24 23:42 32 -csha-w c:\windows\{07F53D53-BC5F-48F4-99E8-99354F621F53}.dat
2005-04-24 23:32 32 -csha-w c:\windows\{61E9688B-663A-4618-8378-EE0B77A2B92B}.dat
2005-04-24 23:37 32 -csha-w c:\windows\{A2C2295F-DFB9-4565-B1FA-6C690F23C180}.dat
2005-04-24 23:42 32 -csha-w c:\windows\{B30046F2-3BD2-494B-92DB-1679BDDEF8B1}.dat
2005-04-24 23:32 32 -csha-w c:\windows\{CFDF7912-CB87-4156-88D1-78213D331E46}.dat
2005-04-24 23:32 32 -csha-w c:\windows\{E522B46F-0E67-4858-BB84-D3914A306938}.dat
2005-07-14 16:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll
2005-06-26 19:32 616,448 -csha-r c:\windows\system32\cygwin1.dll
2005-06-22 02:37 45,568 -csha-r c:\windows\system32\cygz.dll
2006-05-03 10:06 163,328 -csh--r c:\windows\system32\flvDX.dll
2004-01-25 04:00 70,656 -csha-r c:\windows\system32\i420vfw.dll
2008-07-27 10:55 11,270 -csha-w c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 -csh--r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 -csh--w c:\windows\system32\Smab0.dll
2008-02-04 19:26 151,040 -csh--w c:\windows\system32\VistaUltm.dll
2005-02-28 17:16 240,128 -csha-r c:\windows\system32\x.264.exe
2004-01-25 04:00 70,656 -csha-r c:\windows\system32\yv12vfw.dll
2005-04-24 23:32 32 -csha-w c:\windows\system32\{2B458525-6256-4090-B8FF-93BEBAFD85F7}.dat
2005-04-24 23:37 32 -csha-w c:\windows\system32\{476611D4-D71F-45D8-B1DD-DB7A7BBAD90B}.dat
2005-04-24 23:42 32 -csha-w c:\windows\system32\{5DBAAFFB-2F2A-4AD3-966C-846F7331B427}.dat
2005-04-24 23:42 32 -csha-w c:\windows\system32\{9D605AD1-9C6B-489D-8702-CCC11E46D350}.dat
2005-04-24 23:32 32 -csha-w c:\windows\system32\{D7B2711C-240C-486C-B425-6968B1B7ABBC}.dat
2005-04-24 23:32 32 -csha-w c:\windows\system32\{DB1A3662-A55C-406D-AB3C-3310B7176BD0}.dat
2008-05-24 01:06 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-05-24 01:06 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-05-24 01:06 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052320080524\index.dat
2008-05-24 01:06 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RAM Idle Professional"="c:\program files\RAM Idle LE\RAM_XP.exe" [2003-05-03 131584]
"SWN2"="c:\program files\Spyware Nuker\swnxt.exe" [2006-06-09 4060160]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-12-07 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"DJSNetCN"="c:\program files\Common Files\Symantec Shared\DJSNETCN.exe" [2006-02-02 54976]
c:\documents and settings\bomb121\Start Menu\Programs\Startup\
FSScrCtl.lnk - d:\windows\FSScrCtl.exe [2000-09-16 249344]
point32.lnk - c:\mouse\point32.exe [2006-09-07 176128]
Simply Transparent.lnk - d:\program files\JonathanGrimes\Simply Transparent\SimplyTransparent.exe [2001-01-20 299008]
Super Finder.lnk - c:\program files\FSL\SuperFinder\SuperFinder.exe [2008-07-31 738816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-04-07 24576]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-10-26 688128]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 1 (0x1)
"NoPwdPage"= 1 (0x1)
"NoProfilePage"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 01000000
"NoViewOnDrive"= 0 (0x0)
"NoWinKeys"= 00000000
"NoStrCmpLogical"= 00000000
"MemCheckBoxInRunDlg"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.I263"= I263_32.drv
"vidc.IV45"= Ir41_qc.dll
"msacm.l3acm"= l3codecp.acm
"VIDC.X264"= x264vfw.dll
"VIDC.DIV3"= DivXc32.dll
"VIDC.DIV4"= DivXc32f.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CleanSweep Smart Sweep-Internet Sweep.lnk
backup=c:\windows\pss\CleanSweep Smart Sweep-Internet Sweep.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^JamLab Control Panel Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\JamLab Control Panel Launcher.lnk
backup=c:\windows\pss\JamLab Control Panel Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
backup=c:\windows\pss\Launchy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup=c:\windows\pss\Norton System Doctor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^4t Tray Minimizer.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\4t Tray Minimizer.lnk
backup=c:\windows\pss\4t Tray Minimizer.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^BHODemon 2.0.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\BHODemon 2.0.lnk
backup=c:\windows\pss\BHODemon 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^MPXPTray.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\MPXPTray.lnk
backup=c:\windows\pss\MPXPTray.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\Norton Disk Doctor.lnk
backup=c:\windows\pss\Norton Disk Doctor.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^RAR Password Cracker.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\RAR Password Cracker.lnk
backup=c:\windows\pss\RAR Password Cracker.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^SimplyTransparent.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\SimplyTransparent.lnk
backup=c:\windows\pss\SimplyTransparent.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^bomb121^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\bomb121\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a--c--- 2008-07-10 08:47 116040 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHR4]
--a--c--- 2005-09-14 23:47 4448256 c:\program files\Zamaan's Software\Browser Hijack Retaliator 4\BHR4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-12-03 05:57 53408 c:\program files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a--c--- 2004-10-04 19:53 176216 c:\program files\Executive Software\Diskeeper\DkIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2005-01-12 14:54 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-09-20 09:32 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-09-20 09:36 114688 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2005-09-20 09:35 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 09:51 289064 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2006-10-26 19:50 20480 c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp4 Player]
--a--c--- 2007-03-14 04:36 598528 c:\program files\Mp4 Player\Mp4Player.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hsc--- 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a--c--- 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a--c--- 2004-11-11 20:50 212992 c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a--c--- 2008-11-21 12:42 2577632 c:\progra~1\Sygate\SPF\Smc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 20:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasDTServ]
--a--c--- 2005-03-18 14:04 843776 c:\program files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunasServ]
--a--c--- 2005-03-18 12:40 430080 c:\program files\Sunbelt Software\CounterSpy Client\sunasServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tray Commander Lite]
--a--c--- 2008-12-07 23:59 319488 c:\program files\Tray Commander Lite\TC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2005-11-15 14:31 33792 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2007-01-23 14:44 101136 c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"O&O Defrag"=2 (0x2)
"DJSNETCN"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26699:TCP"= 26699:TCP:BitComet 26699 TCP
"26699:UDP"= 26699:UDP:BitComet 26699 UDP
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2006-06-25 10240]
R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2006-08-20 3744]
R2 JamLabInstallerService;JamLab Installer;c:\program files\M-Audio JamLab\Install\JamLabInst.exe [2006-06-22 49152]
R2 MAPMEM;MAPMEM;\??\c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2006-08-20 3904]
R3 MA763013;M-Audio JamLab;c:\windows\system32\drivers\MA763013.sys [2006-06-22 89856]
S3 QDFSDRV;QDFSDRV;\??\c:\windows\system32\drivers\qdfsdrv.sys [2005-04-24 13792]
S4 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE []
.
Contents of the 'Scheduled Tasks' folder
2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-12-08 c:\windows\Tasks\BACKUP.job
- c:\windows\system32\ntbackup.exe [2001-08-17 22:36]
2008-12-06 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - bomb121.job
- c:\progra~1\Yahoo!\NAV\Navw32.exe [2008-12-08 00:06]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-<NO NAME> - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe
MSConfigStartUp-DIGServices - c:\program files\ESPNRunTime\DIGServices.exe
MSConfigStartUp-DIGStream - c:\program files\DIGStream\digstream.exe
MSConfigStartUp-drvsyskit - c:\windows\system32\drivers\winfilse.exe
MSConfigStartUp-gcasServ - c:\program files\Microsoft AntiSpyware\gcasServ.exe
MSConfigStartUp-gxwlzjuA - c:\windows\gxwlzjuA.exe
MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-MoneyAgent - c:\program files\Microsoft Money\System\Money Express.exe
MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-QD FastAndSafe - c:\program files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe
MSConfigStartUp-Run - c:\documents and settings\bomb121\Application Data\Adobe\Manager.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
MSConfigStartUp-zgvsved - c:\windows\zgvsved.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = hxxp://localhost;localhost;*.local
IE: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - i:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
c:\windows\Downloaded Program Files\StreamPlug.dll - O16 -: {2019DC25-D1C0-11D6-97B3-0008A124F542}
hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
O16 -: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
c:\windows\Downloaded Program Files\HPeServicesLocalPrint.inf
FireFox -: Profile - c:\documents and settings\bomb121\Application Data\Mozilla\Firefox\Profiles\xk9sahfl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://express.rogers.yahoo.com/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npclntax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\windows\system32\C2MP\npdivx32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 00:29:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Executive Software\Diskeeper\DkService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Registry Defragmentation\RegManServ.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-12-08 0:40:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-08 05:40:30
Pre-Run: 6,751,522,816 bytes free
Post-Run: 6,808,301,568 bytes free
816 --- E O F --- 2008-10-24 10:33:20
shelf life
2008-12-11, 00:45
hi,
ok thanks for the log. three comments;
there is plenty of malware distributed on p2p networks
see all those files in your shared folder comobfix removed? they are p2p worms for more hapless downloaders. added by malware, most likely your client was also 'changed' to run all the time also.
cracks and keygens are very popular as malware payloads. it takes time and money to develop software. pay for it.
this is not a proven trustworthy malware application:
Spyware Nuker
i would remove it via add/remove programs panel
looks like you had superantispyware at one time. we will get another download to use:
Please download Malwarebytes' Anti-Malware (MBAM) to your desktop:
http://www.malwarebytes.org/mbam.php
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
please post the MBAM log in reply. also a new hjt log after you use MBAM
Hi,
Here's the Malwarebyte log:
Malwarebytes' Anti-Malware 1.31
Database version: 1483
Windows 5.1.2600 Service Pack 3
10/12/2008 9:36:10 PM
mbam-log-2008-12-10 (21-36-10).txt
Scan type: Quick Scan
Objects scanned: 64060
Time elapsed: 17 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\WINDOWS\system32\SYSTEM32 (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\SYSTEM32\APPHELP.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
And the Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:43 AM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\M-Audio JamLab\Install\JamLabInst.exe
C:\windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Registry Defragmentation\RegManServ.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\WINDOWS\FSScrCtl.exe
D:\Program Files\JonathanGrimes\Simply Transparent\SimplyTransparent.exe
C:\Program Files\FSL\SuperFinder\SuperFinder.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Symantec Shared\SecurityStatusSDK\SSDK02.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\windows\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: FSScrCtl.lnk = D:\WINDOWS\FSScrCtl.exe
O4 - Startup: point32.lnk = C:\Mouse\point32.exe
O4 - Startup: Simply Transparent.lnk = D:\Program Files\JonathanGrimes\Simply Transparent\SimplyTransparent.exe
O4 - Startup: Super Finder.lnk = C:\Program Files\FSL\SuperFinder\SuperFinder.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.allmusic.com
O15 - Trusted Zone: http://www.sploofus.com
O15 - Trusted Zone: http://watch.thecomedynetwork.ca
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/beta/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
O18 - Protocol: bw+0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2DEC55E3-E5EF-4148-AB59-ECDC31A63960} - I:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JamLab Installer (JamLabInstallerService) - M-Audio - C:\Program Files\M-Audio JamLab\Install\JamLabInst.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\windows\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 24990 bytes
shelf life
2008-12-12, 05:09
hi,
ok so hows it looking on your end now?
this app you have installed:RAM Idle LE
read these articles:
http://www.bitsum.com/winmemboost.asp
http://windowsitpro.com/article/articleid/41095/the-memory-optimization-hoax.html
Everything is working fine now. I thank you very much for your help.
I'll uninstall RAM Idle. I usually assume that if I can get it on download.com that it's a good app. I guess that's not always true.
Thanx again,
Bob
shelf life
2008-12-12, 05:42
ok your welcome. i will get a better look at the combofix log and post back later. pressed for time right now.
shelf life
2008-12-18, 03:32
hi bomb121,
sorry for the delay. When I saw I made the last reply i didnt check the thread. Never got a longer look at the log.
Since its been awhile:
combofix has been updated by now. you can double click the icon on your desktop if you still have it. combofix will ask you if you want to update it. If for some reason it cant get the updates it should run in a reduced functionality mode. let it run either way and post the new log please and we will go from there.