virus help?

L

lukasxfreak

New member
Ello, yes I was wondering if you could help me. I had a virus
and I do belive I got rid of it but my computer is still acting up a tad.
Could you tell me if Im clean or not? And if I am not could you help
get rid of it?

Hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:46 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Keith\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe FUD.EXE
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A78B8C-4B1E-4BF6-91C4-CAB27EA8AE22} - C:\WINDOWS\system32\mljjg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] lvnleq.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Microsoft Update Machine] lvnleq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ssqrpqn - ssqrpqn.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8986 bytes
 
Hi

Disable Spybot's TeaTimer
  • Run Spybot-S&D in Advanced Mode
  • If it is not already set to do this, go to the Mode menu
    select
    Advanced Mode
  • On the left hand side, click on Tools
  • Then click on the Resident icon in the list
  • Uncheck
    Resident TeaTimer
     and OK any prompts.
  • Restart your computer

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
 
I can not get ComboFix to work =[
I've used it before and never had such problems ><
The guide said to download a bootdisk for my version,
but they didnt have the media center version in that section.
 
Hi

Please disable antivirus protection until during combofix scan. If that doesn't help try running combofix in safe mode.
 
Hi

Have you tried downloading latest version of ComboFix and running it? If not, please do. If that still doesn't work then we can try Deckard System Scanner. Follow instructions below only if you can't make ComboFix work. Otherwise follow the instructions in previous post.


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
 
Deckard's System Scanner v20071014.68
Run by Keith on 2008-04-14 17:45:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
67: 2008-04-14 22:41:36 UTC - RP67 - Deckard's System Scanner Restore Point
66: 2008-04-14 01:40:00 UTC - RP66 - Installed Logitech Desktop Messenger
65: 2008-04-13 05:25:33 UTC - RP65 - System Checkpoint
64: 2008-04-09 03:38:26 UTC - RP64 - Software Distribution Service 3.0
63: 2008-04-06 19:28:53 UTC - RP63 - System Checkpoint


-- First Restore Point --
1: 2008-03-21 08:52:33 UTC - RP1 - Installed Digital Media Feature Pack for Windows Media Center 2005


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Keith.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:30 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Keith\Desktop\dss.exe
C:\DOCUME~1\Keith\MYDOCU~1\Keith.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe FUD.EXE
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A78B8C-4B1E-4BF6-91C4-CAB27EA8AE22} - C:\WINDOWS\system32\mljjg.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] lvnleq.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Microsoft Update Machine] lvnleq.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O18 - Protocol: bw+0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ssqrpqn - ssqrpqn.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 21805 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-14 and 2008-04-14 -----------------------------

2008-04-13 20:36:16 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-13 20:36:02 0 d-------- C:\Program Files\Logitech
2008-04-13 20:36:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-09 16:51:36 0 d-------- C:\Documents and Settings\Dad\Application Data\AVG7
2008-03-30 18:02:51 0 d-------- C:\Documents and Settings\Keith\Application Data\Viewpoint
2008-03-30 17:19:24 0 d-------- C:\Documents and Settings\Keith\Application Data\Help
2008-03-26 20:23:06 0 d-------- C:\Program Files\Windows Live Safety Center
2008-03-25 00:43:29 1158 --a------ C:\WINDOWS\mozver.dat
2008-03-25 00:01:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-25 00:01:08 0 d-------- C:\Documents and Settings\Keith\Application Data\Mozilla
2008-03-22 03:56:26 0 d-------- C:\Program Files\Photoshop 7.0
2008-03-22 01:13:10 0 d-------- C:\Documents and Settings\Keith\.housecall6.6
2008-03-22 01:12:45 0 d-------- C:\WINDOWS\Sun
2008-03-22 01:12:45 0 d-------- C:\Documents and Settings\Keith\Application Data\Sun
2008-03-22 01:09:08 0 d-------- C:\Program Files\Java
2008-03-22 01:07:48 0 d-------- C:\Program Files\Common Files\Java
2008-03-21 23:45:18 0 d-------- C:\Program Files\Alwil Software
2008-03-21 21:01:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-21 20:13:55 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-03-21 04:09:28 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-03-21 04:06:12 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-21 03:58:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-21 03:52:14 7353 --ahs---- C:\WINDOWS\system32\gjjlm.ini2
2008-03-21 03:49:22 0 d-------- C:\Program Files\Common Files\s?stem
2008-03-21 03:46:57 0 d-------- C:\WINDOWS\system32\sn7
2008-03-21 03:46:57 0 d-------- C:\WINDOWS\system32\rom5
2008-03-21 03:46:57 0 d-------- C:\WINDOWS\system32\rls3
2008-03-21 03:46:33 0 d-------- C:\WINDOWS\system32\iDlo01
2008-03-21 03:46:33 0 d-------- C:\Temp
2008-03-21 03:27:46 0 dr-h----- C:\$VAULT$.AVG
2008-03-21 02:54:22 0 d-------- C:\Documents and Settings\Keith\Application Data\AVG7
2008-03-21 02:54:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-21 02:53:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-21 02:53:31 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-21 02:43:07 0 d-------- C:\Program Files\AVG
2008-03-21 02:43:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-21 02:22:45 0 d-------- C:\Documents and Settings\Keith\Application Data\WinRAR
2008-03-20 23:25:40 0 d-------- C:\Documents and Settings\Keith\Application Data\Uniblue
2008-03-20 22:55:02 0 d-------- C:\Program Files\Soulseek
2008-03-20 22:19:28 0 d-------- C:\Program Files\MSXML 4.0
2008-03-20 21:59:45 0 d-------- C:\Program Files\SigmaTel
2008-03-20 21:57:55 0 d-------- C:\WINDOWS\system32\Lang
2008-03-20 21:57:44 0 d-------- C:\Intel
2008-03-20 21:56:51 0 d-------- C:\Program Files\DIFX
2008-03-20 21:12:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-20 21:11:36 0 d-------- C:\Program Files\Citrix
2008-03-20 02:01:53 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-19 21:33:38 0 d-------- C:\WINDOWS\Downloaded Installations
2008-03-19 21:33:10 0 d-------- C:\Program Files\Broadcom
2008-03-19 21:30:58 0 d-------- C:\Program Files\Common Files\Zeepe Framework 7
2008-03-19 21:30:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
2008-03-19 21:30:06 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-19 21:29:00 0 d-------- C:\Program Files\Digital Line Detect
2008-03-19 21:26:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-03-19 21:04:27 0 d-------- C:\Documents and Settings\Keith\Application Data\Aim
2008-03-19 21:04:10 0 d-------- C:\Program Files\AOD
2008-03-19 21:04:06 0 d-------- C:\Program Files\AIM
2008-03-19 20:57:09 0 d-------- C:\Documents and Settings\Keith\Contacts
2008-03-19 20:54:58 0 d-------- C:\Program Files\MSN Messenger
2008-03-19 20:52:50 770048 --a------ C:\WINDOWS\system32\BCMLogon.dll <Not Verified; Dell Inc.; Wireless Network Logon Provider>
2008-03-19 20:52:47 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-03-19 20:52:45 86016 --a------ C:\WINDOWS\system32\preflib.dll
2008-03-19 20:52:45 253952 --a------ C:\WINDOWS\system32\bcmwlu00.exe <Not Verified; Dell Inc.; Dell Wireless WLAN Card Uninstaller>
2008-03-19 20:52:45 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-03-19 20:52:44 20480 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2008-03-19 20:52:44 1392640 --a------ C:\WINDOWS\system32\WLTRAY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Tray Applet>
2008-03-19 20:52:44 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2008-03-19 20:52:44 1253376 --a------ C:\WINDOWS\system32\BCMWLTRY.EXE <Not Verified; Dell Inc.; Dell Wireless WLAN Card Wireless Network Controller>
2008-03-19 20:52:43 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2008-03-19 20:44:50 0 d-------- C:\Documents and Settings\Keith\Application Data\Google
2008-03-19 20:35:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-19 20:35:15 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-03-19 20:35:15 0 d-------- C:\Program Files\Google
2008-03-19 20:24:25 0 d-------- C:\WINDOWS\network diagnostic
2008-03-19 20:15:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-19 20:08:08 0 d-------- C:\Program Files\AOL Search
2008-03-19 20:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-19 20:07:53 0 d-------- C:\Program Files\Viewpoint
2008-03-19 20:07:37 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-03-19 20:07:37 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-19 20:07:17 0 d-------- C:\Program Files\Common Files\AOL
2008-03-19 20:06:33 0 d--hs---- C:\Documents and Settings\Keith\UserData
2008-03-19 20:01:52 0 d-------- C:\Documents and Settings\Dad\Application Data\Identities
2008-03-19 20:01:44 0 dr------- C:\Documents and Settings\Dad\Favorites
2008-03-19 20:01:44 0 d-------- C:\Documents and Settings\Dad\Desktop
2008-03-19 20:01:44 0 d--hs---- C:\Documents and Settings\Dad\Cookies
2008-03-19 20:01:44 0 dr-h----- C:\Documents and Settings\Dad\Application Data
2008-03-19 20:01:44 0 d---s---- C:\Documents and Settings\Dad\Application Data\Microsoft
2008-03-19 20:01:44 0 d-------- C:\Documents and Settings\Dad\Application Data\Intel
2008-03-19 20:01:43 0 d--h----- C:\Documents and Settings\Dad\Templates
2008-03-19 20:01:43 0 dr------- C:\Documents and Settings\Dad\Start Menu
2008-03-19 20:01:43 0 dr-h----- C:\Documents and Settings\Dad\SendTo
2008-03-19 20:01:43 0 dr-h----- C:\Documents and Settings\Dad\Recent
2008-03-19 20:01:43 0 d--h----- C:\Documents and Settings\Dad\PrintHood
2008-03-19 20:01:43 2097152 --ah----- C:\Documents and Settings\Dad\NTUSER.DAT
2008-03-19 20:01:43 0 d--h----- C:\Documents and Settings\Dad\NetHood
2008-03-19 20:01:43 0 dr------- C:\Documents and Settings\Dad\My Documents
2008-03-19 20:01:43 0 d--h----- C:\Documents and Settings\Dad\Local Settings
2008-03-19 20:00:54 0 d-------- C:\Documents and Settings\Amber\Application Data\Identities
2008-03-19 20:00:45 0 dr------- C:\Documents and Settings\Amber\Start Menu
2008-03-19 20:00:45 0 dr-h----- C:\Documents and Settings\Amber\SendTo
2008-03-19 20:00:45 0 dr-h----- C:\Documents and Settings\Amber\Recent
2008-03-19 20:00:45 0 d--h----- C:\Documents and Settings\Amber\PrintHood
2008-03-19 20:00:45 0 d--h----- C:\Documents and Settings\Amber\NetHood
2008-03-19 20:00:45 0 dr------- C:\Documents and Settings\Amber\My Documents
2008-03-19 20:00:45 0 d--h----- C:\Documents and Settings\Amber\Local Settings
2008-03-19 20:00:45 0 dr------- C:\Documents and Settings\Amber\Favorites
2008-03-19 20:00:45 0 d-------- C:\Documents and Settings\Amber\Desktop
2008-03-19 20:00:45 0 d---s---- C:\Documents and Settings\Amber\Cookies
2008-03-19 20:00:45 0 dr-h----- C:\Documents and Settings\Amber\Application Data
2008-03-19 20:00:45 0 d---s---- C:\Documents and Settings\Amber\Application Data\Microsoft
2008-03-19 20:00:45 0 d-------- C:\Documents and Settings\Amber\Application Data\Intel
2008-03-19 20:00:44 0 d--h----- C:\Documents and Settings\Amber\Templates
2008-03-19 20:00:44 1835008 --ah----- C:\Documents and Settings\Amber\NTUSER.DAT
2008-03-19 19:58:40 0 d-------- C:\WINDOWS\system32\FxsTmp
2008-03-19 19:58:15 0 d-------- C:\WINDOWS\system32\msmq
2008-03-19 19:46:07 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-03-19 19:45:44 0 d-------- C:\WINDOWS\system32\Cache
2008-03-19 19:44:59 0 d-------- C:\WINDOWS\system32\Logfiles
2008-03-19 19:44:59 0 d-------- C:\Inetpub
2008-03-19 19:37:26 666 --a------ C:\WINDOWS\speed.reg
2008-03-19 19:33:24 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-19 19:33:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-19 19:33:24 0 d-------- C:\Documents and Settings\Keith\Application Data\Intel
2008-03-19 19:33:24 0 d-------- C:\Documents and Settings\Default User\Application Data\Intel
2008-03-19 19:33:19 21425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
2008-03-19 19:33:19 319488 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-03-19 19:32:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-03-19 19:32:42 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-19 19:32:38 0 d-------- C:\Program Files\Intel
2008-03-19 18:52:31 0 d-------- C:\Documents and Settings\Keith\Application Data\Adobe
2008-03-19 18:49:28 0 d-------- C:\Documents and Settings\Keith\Application Data\Macromedia
2008-03-19 18:44:36 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-18 23:43:42 0 d-------- C:\Program Files\BroadJump
2008-03-18 23:43:41 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-03-18 23:42:10 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:09 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:09 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:09 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-03-18 23:42:09 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-03-18 23:42:07 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-03-18 23:42:07 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-03-18 23:42:07 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:07 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:42:06 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-03-18 23:40:58 266240 -----n--- C:\WINDOWS\SBCDSL.exe <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-03-18 23:28:15 5652 --a------ C:\WINDOWS\system32\drivers\bvrp_pci.sys
2008-03-18 23:21:35 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-18 23:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-18 23:18:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-03-18 23:15:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-18 23:15:08 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-18 23:15:07 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-18 23:14:50 0 d-------- C:\WINDOWS\system32\DLA
2008-03-18 23:14:38 0 d-------- C:\Program Files\Roxio
2008-03-18 23:09:14 4 --ah----- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
2008-03-18 23:09:12 61440 --a------ C:\WINDOWS\system32\KPower.dll <Not Verified; Intel Corporation; KPOWER>
2008-03-18 23:08:57 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-03-18 23:08:01 0 d-------- C:\Program Files\Modem Helper
2008-03-18 22:59:45 817 --a------ C:\WINDOWS\checkip.dat
2008-03-18 22:55:48 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-18 22:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-03-18 22:55:36 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-03-18 22:55:36 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-03-18 22:55:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-18 22:55:16 0 d-------- C:\Program Files\CyberLink
2008-03-18 22:54:38 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-18 22:52:57 0 d-------- C:\Program Files\CONEXANT
2008-03-18 22:52:27 0 d-------- C:\WINDOWS\system32\vmm32
2008-03-18 22:52:27 0 d-------- C:\Program Files\Dell
2008-03-18 22:48:47 0 d-------- C:\Documents and Settings\Keith\Application Data\Identities
2008-03-18 22:45:21 0 d-------- C:\WINDOWS\RegisteredPackages
2008-03-18 22:38:59 0 d-------- C:\WINDOWS\system32\URTTemp
2008-03-18 22:38:22 0 d-------- C:\Program Files\RGB
2008-03-18 22:31:07 0 d--h----- C:\Documents and Settings\Keith\Templates
2008-03-18 22:31:07 0 dr------- C:\Documents and Settings\Keith\Start Menu
2008-03-18 22:31:07 0 dr-h----- C:\Documents and Settings\Keith\SendTo
2008-03-18 22:31:07 0 dr-h----- C:\Documents and Settings\Keith\Recent
2008-03-18 22:31:07 0 d--h----- C:\Documents and Settings\Keith\PrintHood
2008-03-18 22:31:07 4194304 --ah----- C:\Documents and Settings\Keith\NTUSER.DAT
2008-03-18 22:31:07 0 d--h----- C:\Documents and Settings\Keith\NetHood
2008-03-18 22:31:07 0 dr------- C:\Documents and Settings\Keith\My Documents
2008-03-18 22:31:07 0 d--h----- C:\Documents and Settings\Keith\Local Settings
2008-03-18 22:31:07 0 dr------- C:\Documents and Settings\Keith\Favorites
2008-03-18 22:31:07 0 d-------- C:\Documents and Settings\Keith\Desktop
2008-03-18 22:31:07 0 d--hs---- C:\Documents and Settings\Keith\Cookies
2008-03-18 22:31:07 0 dr-h----- C:\Documents and Settings\Keith\Application Data
2008-03-18 22:29:29 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-18 22:29:26 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-18 22:29:26 0 d-------- C:\WINDOWS\Prefetch
2008-03-18 22:29:25 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-18 22:29:25 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-18 22:29:25 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-03-18 22:29:25 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-18 22:29:25 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-18 22:28:59 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-18 22:28:59 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-03-18 22:28:59 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-18 22:28:59 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-18 22:28:58 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-18 22:24:37 0 d-------- C:\WINDOWS\system32\xircom
2008-03-18 22:24:37 0 d-------- C:\Program Files\microsoft frontpage
2008-03-18 22:23:28 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-18 22:23:28 0 d-------- C:\DELL
2008-03-18 22:23:16 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-18 22:22:55 0 -rahs---- C:\MSDOS.SYS
2008-03-18 22:22:55 0 -rahs---- C:\IO.SYS
2008-03-18 22:22:55 0 --a------ C:\CONFIG.SYS
2008-03-18 22:22:55 0 --a------ C:\AUTOEXEC.BAT
2008-03-18 22:21:21 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-18 22:21:11 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-18 22:21:11 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-18 22:20:59 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-18 22:20:35 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-18 22:20:03 0 d---s---- C:\WINDOWS\Tasks
2008-03-18 22:20:02 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-18 22:19:58 0 d-------- C:\WINDOWS\srchasst
2008-03-18 22:19:57 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-18 22:19:38 0 d-------- C:\WINDOWS\system32\Restore
2008-03-18 22:18:12 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-18 22:17:52 0 d-------- C:\WINDOWS\Registration
2008-03-18 22:17:42 0 d-------- C:\Program Files\Online Services
2008-03-18 22:16:45 0 d-------- C:\Program Files\Windows Plus
2008-03-18 22:16:25 0 d-------- C:\Program Files\Movie Maker
2008-03-18 22:14:42 0 d-------- C:\Program Files\Messenger
2008-03-18 22:14:38 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-18 22:13:56 0 d-------- C:\Program Files\Windows NT
2008-03-18 22:13:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-18 22:13:51 0 d-------- C:\WINDOWS\system32\Com
2008-03-18 14:07:24 0 d--hs---- C:\WINDOWS\Installer
2008-03-18 14:07:23 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-18 14:07:19 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-18 14:07:18 0 dr------- C:\Program Files
2008-03-18 14:07:18 0 d-------- C:\Program Files\Common Files
2008-03-18 14:06:55 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-18 14:06:55 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-18 14:06:55 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-18 14:06:55 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-18 14:06:55 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-18 14:06:55 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-18 14:06:55 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-18 14:06:55 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-18 14:06:55 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-18 14:06:55 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-18 14:06:55 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-18 14:06:55 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-18 14:06:55 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-18 14:06:55 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-18 14:06:55 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-18 14:06:55 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-18 14:06:42 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-18 14:06:42 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-18 14:06:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-18 14:06:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-18 14:06:36 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-18 14:06:36 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-18 14:05:21 0 d-------- C:\Documents and Settings
2008-03-18 14:05:20 0 d--hs---- C:\System Volume Information
2008-03-18 13:40:58 0 d-------- C:\WINDOWS
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\WinSxS
2008-03-18 13:40:58 0 dr------- C:\WINDOWS\Web
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\twain_32
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\wins
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\wbem
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\usmt
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\spool
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\Setup
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\ras
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\oobe
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\npp
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\mui
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\IME
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\ias
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\export
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\drivers
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-18 13:40:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\config
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\3076
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\2052
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1054
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1042
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1041
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1037
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1033
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1031
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1028
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system32\1025
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\system
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\security
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Resources
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\repair
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Provisioning
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\PeerNet
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\pchealth
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\mui
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\msapps
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\msagent
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Media
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\java
2008-03-18 13:40:58 0 d--h----- C:\WINDOWS\inf
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\ime
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Help
2008-03-18 13:40:58 0 dr--s---- C:\WINDOWS\Fonts
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\ehome
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Driver Cache
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\dell
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Debug
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Cursors
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\Config
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\AppPatch
2008-03-18 13:40:58 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-03-21 20:13:28 0 d-------- C:\Program Files\Common Files\s?stem
2008-03-18 14:06:55 62 --ahs---- C:\Documents and Settings\Keith\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
03/06/2008 04:24 PM 111968 --a------ C:\Program Files\AOL Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A78B8C-4B1E-4BF6-91C4-CAB27EA8AE22}]
C:\WINDOWS\system32\mljjg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 04:56 PM]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [10/20/2006 08:23 PM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/03/2006 09:51 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 02:35 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 02:37 PM]
"RecoverFromReboot"="C:\WINDOWS\Temp\RecoverFromReboot.exe" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [09/11/2002 12:26 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/18/2006 09:04 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/18/2006 08:58 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 09:10 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [03/30/2007 11:00 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [03/30/2007 11:00 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [03/30/2007 10:59 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 01:22 PM]
"Microsoft Update Machine"="lvnleq.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [03/21/2008 02:55 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 06:25 AM]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [06/26/2006 09:46 AM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [06/26/2006 10:34 AM]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [06/26/2006 10:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/19/2008 08:45 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 03:54 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 06:35 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Microsoft Update Machine"="lvnleq.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [04/13/2008 08:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/19/2008 9:29:06 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/13/2008 8:40:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"= C:\WINDOWS\system32\ssqrpqn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe FUD.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrpqn]
ssqrpqn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjg.dll




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

7934 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-14 17:52:28 ------------
 
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel(R) CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 88%
Physical Memory (total/avail): 246.37 MiB / 28.99 MiB
Pagefile Memory (total/avail): 603.07 MiB / 232.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1879.4 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 24.09 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHY2080BH - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Soulseek-Test\\slsk.exe"="C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\WINDOWS\\system32\\lvnleq.exe"="C:\\WINDOWS\\system32\\lvnleq.exe:*:Enabled:lvnleq"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Keith\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAWRXMINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Keith
LOGONSERVER=\\RAWRXMINE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Keith\LOCALS~1\Temp
TMP=C:\DOCUME~1\Keith\LOCALS~1\Temp
USERDOMAIN=RAWRXMINE
USERNAME=Keith
USERPROFILE=C:\Documents and Settings\Keith
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Keith (admin)
Dad (admin)
Amber (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Search --> C:\Program Files\AOL Search\uninstaller.exe AOL Search
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Dell Mobile Broadband Card Utility --> MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}
Dell Resource CD --> MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GoToAssist 8.0.0.480 --> C:\Program Files\Citrix\GoToAssist\480\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Keith\My Documents\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}
Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Premier --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Premier --> MsiExec.exe /I{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
UMVPLStandalone --> MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1303 / Success
Event Submitted/Written: 04/14/2008 05:37:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1295 / Warning
Event Submitted/Written: 04/14/2008 05:27:08 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type1294 / Warning
Event Submitted/Written: 04/14/2008 05:27:08 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type1276 / Error
Event Submitted/Written: 04/13/2008 07:05:55 PM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Event Record #/Type1275 / Error
Event Submitted/Written: 04/13/2008 07:05:55 PM
Event ID/Source: 4124 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3782 / Warning
Event Submitted/Written: 04/14/2008 05:31:29 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{16746B92-25F6-4348-8D10-31967A4194E6}.

Event Record #/Type3781 / Warning
Event Submitted/Written: 04/14/2008 05:31:25 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0016CF3EFD15. The IP address being used is 169.254.168.86.

Event Record #/Type3780 / Warning
Event Submitted/Written: 04/14/2008 05:31:15 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CF3EFD15. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3779 / Error
Event Submitted/Written: 04/14/2008 05:30:37 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0228576F-6E6C-4E1A-B175-0E46A316AFE2} did not register with DCOM within the required timeout.

Event Record #/Type3777 / Warning
Event Submitted/Written: 04/14/2008 05:30:17 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CF3EFD15. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-14 17:52:28 ------------
 
Start hjt, do a system scan, check:
F2 - REG:system.ini: Shell=Explorer.exe FUD.EXE
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2A78B8C-4B1E-4BF6-91C4-CAB27EA8AE22} - C:\WINDOWS\system32\mljjg.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Update Machine] lvnleq.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] lvnleq.exe
O20 - Winlogon Notify: ssqrpqn - ssqrpqn.dll (file missing)

Close browsers and other windows. Click fix checked.


Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

Code: 
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A78B8C-4B1E-4BF6-91C4-CAB27EA8AE22}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{91223DE9-F8E6-4FFD-8889-BE6784C18696}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrpqn]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\WINDOWS\system32\appmgmt
C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\system32\gjjlm.ini2
C:\Program Files\Common Files\s?stem
C:\WINDOWS\system32\sn7
C:\WINDOWS\system32\rom5
C:\WINDOWS\system32\rls3
C:\WINDOWS\system32\iDlo01 
C:\WINDOWS\system32\FUD.exe
  • Return to OTMoveIt2, right click in the
    Paste Standard List of Files/Folders to Move
     window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Please post contents of that file & a fresh hjt log in your next reply.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
C:\WINDOWS\system32\appmgmt\S-1-5-21-1409082233-484061587-839522115-1003 moved successfully.
C:\WINDOWS\system32\appmgmt\MACHINE moved successfully.
C:\WINDOWS\system32\appmgmt moved successfully.
C:\Documents and Settings\All Users\Application Data\Rabio moved successfully.
C:\WINDOWS\system32\gjjlm.ini2 moved successfully.
< C:\Program Files\Common Files\s?stem >
Folder move failed. C:\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System scheduled to be moved on reboot.
C:\Program Files\Common Files\sуstem moved successfully.
C:\WINDOWS\system32\sn7 moved successfully.
C:\WINDOWS\system32\rom5 moved successfully.
C:\WINDOWS\system32\rls3 moved successfully.
C:\WINDOWS\system32\iDlo01 moved successfully.
File/Folder C:\WINDOWS\system32\FUD.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04162008_180124

Files moved on Reboot...
Folder move failed. C:\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\Ole DB scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\msadc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System\ado scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\System scheduled to be moved on reboot.





Malwarebytes' Anti-Malware 1.11
Database version: 636

Scan type: Full Scan (C:\|)
Objects scanned: 80011
Time elapsed: 1 hour(s), 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP56\A0004415.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP57\A0004513.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP57\A0004540.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP57\A0004579.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP57\A0004634.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP57\A0004640.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP59\A0005656.dll (Adware.RABCO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B3F63484-3D15-4B56-808D-EE886C847CFD}\RP59\A0005658.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04162008_180124\WINDOWS\system32\rls3\vlt33p02.exe (Adware.RABCO) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04162008_180124\WINDOWS\system32\sn7\xopz89104.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:18 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Keith\My Documents\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {35742A93-E043-479A-954D-24590FADDDEC} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 21646 bytes
 
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis





Next we remove all used tools.

Please download OTMoveIt2 and save it to desktop.
  • Double-click OTMoveIt2.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says
    The J2SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Comodo BOCLEAN <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • Download Adaware
    Adaware is a free program. It scans for known spyware on your computer. These scans should be run at least once every two weeks. For more information, see this tutorial
    The program is available for download here
  • Download Spybot
    Spybot is a scanner like adaware. It scans for spyware and other malicious programs. It is important to have both Adaware and Spybot on your computer because each program provides unique detection and pretection measures. Spybot has preventitive tools that stop programs from even installing on your computer.
    To see how to set this up as well as more spybot features, see here
    Spybot can be downloaded at this location
  • Download SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    SpywareBlaster tutorial
  • Download iespyad
    It puts many bad webpages on your restricted zones list. This means that you can still view the
    bad
    webpages, but the webpages cannot do certain things (such as use javascripts and cookies).
    If you need help understanding how it works, there is a tutorial here
    Download it here
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    See here to choose one


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the spybot and adaware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top