Tech Support Forum - View Single Post

FireWalker42 · 11-10-2008, 06:07 PM

Thank you for all your help. I was rushed this afternoon and felt I was rude. I was supposed to be at work and of course my boss called me and I had to run.

I used a friends laptop and downloaded both files again and this time they worked. Good catch.

I still saw the rundll error when combofix restarted the PC.
I had to stop BugSolver process as it was eating all the resources. I have had issues with this before. Is this normal? Is this something we can fix?

Here are the logs requested:

ComboFix 08-11-09.04 - Administrator 2008-11-10 19:36:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1356 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\gadcom
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Administrator\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IA
c:\windows\system32\AutoRun.inf
c:\windows\system32\bbmdiyaa.dll
c:\windows\system32\drivers\8d034592.sys
c:\windows\system32\drivers\ati1yfxx.sys
c:\windows\system32\MSINET.oca
c:\windows\system32\sn.txt
c:\windows\system32\T2
c:\windows\system32\tgdgdk.dll
c:\windows\Tasks\nphzhsmw.job
c:\windows\Tasks\xzlxwwpn.job
H:\AutoRun.inf

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ati1yfxx
-------\Legacy_tdssserv.sys
-------\Service_ati1yfxx
-------\Service_restore
-------\Service_tdssserv.sys

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-10 12:52 . 2008-11-10 12:52 <DIR> d--hs---- C:\found.001
2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- C:\rsit
2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- c:\program files\trend micro
2008-11-07 16:43 . 2008-11-07 16:43 250 --a------ c:\windows\gmer.ini
2008-11-07 16:35 . 2008-11-08 04:31 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-07 03:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 03:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 02:09 . 2008-11-07 02:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-07 02:00 . 2008-11-07 02:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-11-07 01:55 . 2008-11-07 17:45 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\program files\AVG
2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2008-11-07 01:55 . 2008-11-07 01:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-07 01:55 . 2008-11-07 01:55 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-06 23:10 . 2008-11-06 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-06 22:57 . 2008-11-06 22:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IUpd721
2008-11-06 22:52 . 2008-11-06 22:52 1,997 --a------ c:\windows\search.yahoo.com-error.html
2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\windows\system32\uvb
2008-11-06 22:49 . 2008-11-07 19:57 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 22:49 . 2008-11-07 19:56 <DIR> d-------- c:\windows\system32\NPX
2008-11-06 22:49 . 2008-11-07 03:06 <DIR> d-------- c:\windows\system32\im
2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\temp\NT32
2008-11-06 22:49 . 2008-11-08 00:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\NI.GSCNS
2008-11-06 22:49 . 2008-11-06 22:49 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-06 22:49 . 2008-11-06 22:49 63,488 --a------ c:\windows\system32\rgv.xl
2008-11-06 22:49 . 2008-11-06 22:49 32,768 --a------ c:\windows\system32\fes.ra
2008-11-06 22:49 . 2008-11-06 22:49 32,768 --a------ c:\windows\system32\fe.sp
2008-11-06 22:49 . 2008-11-06 22:49 28,672 --a------ c:\windows\system32\def.help
2008-11-06 22:49 . 2008-11-06 22:49 28,672 --a------ c:\windows\system32\ceg.sdr
2008-11-06 22:49 . 2008-11-07 04:08 527 --a------ c:\windows\system32\TDSSmtvd.dat
2008-11-06 22:49 . 2008-11-06 22:49 2 --a------ C:\-457971425
2008-11-06 21:26 . 2007-07-02 14:02 996,648 --a------ c:\windows\system32\ShellManager10E2D762.dll
2008-11-06 21:26 . 2007-07-02 13:19 638,976 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-10-31 13:45 . 2008-11-05 20:32 <DIR> d-------- c:\program files\DOSBox-0.72
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-28 14:54 . 2008-10-29 01:58 <DIR> d-------- c:\program files\DayDawn
2008-10-23 23:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 04:22 . 2008-10-21 04:22 <DIR> d-------- c:\program files\AviSynth 2.5
2008-10-21 04:22 . 2004-02-22 09:11 719,872 --a------ c:\windows\system32\devil.dll
2008-10-21 04:22 . 2006-10-07 16:43 502,784 --a------ c:\windows\x2.64.exe
2008-10-21 04:22 . 2007-05-17 16:30 318,976 --a------ c:\windows\system32\avisynth.dll
2008-10-21 04:22 . 2005-02-28 12:16 240,128 --a------ c:\windows\system32\x.264.exe
2008-10-21 04:22 . 2006-04-12 08:47 217,073 --a------ c:\windows\meta4.exe
2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\yv12vfw.dll
2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2008-10-21 04:22 . 2006-04-05 07:09 66,560 --a------ c:\windows\MOTA113.exe
2008-10-21 04:22 . 2005-07-14 11:31 27,648 --a------ c:\windows\system32\AVSredirect.dll
2008-10-21 04:21 . 2008-10-21 04:21 <DIR> d-------- c:\program files\eRightSoft
2008-10-14 18:30 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 18:26 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 18:25 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 18:25 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 18:25 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 18:25 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 02:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 02:46 --------- d-----w c:\program files\Maxtor
2008-11-05 03:55 --------- d-----w c:\program files\DivX
2008-11-05 03:51 364 ----a-w C:\drmHeader.bin
2008-10-30 18:27 --------- d-----w c:\program files\SuperchipsUpdate
2008-10-24 10:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 09:19 --------- d-----w c:\documents and settings\Administrator\Application Data\Tunebite
2008-10-21 07:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-10-08 00:11 --------- d-----w c:\program files\iTunes
2008-10-08 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 00:10 --------- d-----w c:\program files\iPod
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-26 22:42 --------- d-----w c:\program files\NOS
2008-09-26 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-25 22:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-17 00:01 --------- d-----w c:\program files\QuickTime
2008-09-17 00:00 --------- d-----w c:\program files\Common Files\Apple
2008-09-16 23:56 --------- d-----w c:\program files\Bonjour
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.
file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes )
Infected c:\windows\system32\user32.dll hex repaired

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"wmpnscfg"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updatemgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"roboform"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-05 160592]
"msmsgs"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ldm"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-15 32768]
"h/pc connection agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"creative detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"avg8_tray"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-07 1234712]
"zune launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-01-11 166304]
"volpanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"updreg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"sunjavaupdatesched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"rcsystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"quicktime task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nerofiltercheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"launch lgdcore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"launch lcdmon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"languageshortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"hpqsrmon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"hpdj taskbar utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"hp software update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ehtray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ctdvddet"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"applesyncnotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"alienfxcontroller"="c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe" [2006-09-13 311296]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"logitech hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"kernel and hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"ctxfihlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]
"cthelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-15 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=2 (0x2)
"cmdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-07 97928]
R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2004-11-09 21968]
R1 TeksKernel;TeksKernel;c:\windows\system32\Drivers\TeksKernel.sys [2004-07-08 9060]
R2 aksfridge;aksfridge;c:\windows\system32\drivers\aksfridge.sys [2007-03-12 351744]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [ ]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 ProductivITService;ProductivIT Service;c:\program files\AlienAutopsy\TEKS_Service.exe [2004-07-08 77824]
R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\windows\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
S0 ccxh;ccxh;c:\windows\system32\drivers\hbjtfitt.sys [ ]
S0 epoj;epoj;c:\windows\system32\drivers\cqcbvf.sys [ ]
S1 8d034592;8d034592;c:\windows\system32\drivers\8d034592.sys [ ]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\DRIVERS\HidCom.sys [2004-08-10 21016]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2005-12-15 34639]
S3 uisp;Motorola USB ICP driver;c:\windows\system32\Drivers\usbicp.sys [ ]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\Drivers\xmuni.sys [2006-12-02 49408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-{3e-e9-91-1f-dw} - c:\windows\system32\dwwnw64r.exe
HKLM-Run-prunnet - c:\windows\system32\prun.exe
HKLM-Run-hphmon03 - c:\windows\system32\hphmon03.exe
HKLM-Run-e4b3e9b0 - c:\windows\system32\tcukvwrd.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 -: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 -: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 -: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
O8 -: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
O8 -: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
O8 -: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
O8 -: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 -: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 -: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
O8 -: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
O8 -: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 -: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 19:41:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\program files\alienware\alienware alienfx\AlienwareAlienFXHK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\windows\system32\CTXFISPI.EXE
c:\windows\system32\rundll32.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
d:\progra~1\MICROS~2\rapimgr.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2008-11-10 19:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 00:53:04

Pre-Run: 358,413,291,520 bytes free
Post-Run: 358,543,278,080 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

349 --- E O F --- 2008-10-24 09:00:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:33 PM, on 11/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [avg8_tray] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [zune launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [volpanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [updreg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [rcsystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nvmediacenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nerofiltercheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [logitech hardware abstraction layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [launch lgdcore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [launch lcdmon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [languageshortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [kernel and hardware abstraction layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqsrmon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ctxfihlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [cthelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ctdvddet] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [applesyncnotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [alienfxcontroller] c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wmpnscfg] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updatemgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [roboform] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ldm] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [h/pc connection agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [creative detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://d:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187219165890
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187219160937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bw+0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 26691 bytes

11-10-2008, 06:07 PM	#5 (permalink)
FireWalker42 Registered User Join Date: Nov 2008 Location: Central Florida Posts: 10 OS: XP SP3	Re: Computer controlled! Thank you for all your help. I was rushed this afternoon and felt I was rude. I was supposed to be at work and of course my boss called me and I had to run. I used a friends laptop and downloaded both files again and this time they worked. Good catch. I still saw the rundll error when combofix restarted the PC. I had to stop BugSolver process as it was eating all the resources. I have had issues with this before. Is this normal? Is this something we can fix? Here are the logs requested: ComboFix 08-11-09.04 - Administrator 2008-11-10 19:36:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1356 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\gadcom c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\Administrator\Start Menu\Programs\Startup\Deewoo.lnk c:\documents and settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\temp\1cb c:\temp\1cb\syscheck.log c:\temp\tn3 c:\windows\Downloaded Program Files\setup.inf c:\windows\IA c:\windows\system32\AutoRun.inf c:\windows\system32\bbmdiyaa.dll c:\windows\system32\drivers\8d034592.sys c:\windows\system32\drivers\ati1yfxx.sys c:\windows\system32\MSINET.oca c:\windows\system32\sn.txt c:\windows\system32\T2 c:\windows\system32\tgdgdk.dll c:\windows\Tasks\nphzhsmw.job c:\windows\Tasks\xzlxwwpn.job H:\AutoRun.inf ----- BITS: Possible infected sites ----- hxxp://77.74.48.101 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ati1yfxx -------\Legacy_tdssserv.sys -------\Service_ati1yfxx -------\Service_restore -------\Service_tdssserv.sys ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-10 12:52 . 2008-11-10 12:52 <DIR> d--hs---- C:\found.001 2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- C:\rsit 2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- c:\program files\trend micro 2008-11-07 16:43 . 2008-11-07 16:43 250 --a------ c:\windows\gmer.ini 2008-11-07 16:35 . 2008-11-08 04:31 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-07 03:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-07 03:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\program files\Lavasoft 2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-07 02:09 . 2008-11-07 02:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-07 02:00 . 2008-11-07 02:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR 2008-11-07 01:55 . 2008-11-07 17:45 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\program files\AVG 2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR 2008-11-07 01:55 . 2008-11-07 01:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-07 01:55 . 2008-11-07 01:55 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-06 23:10 . 2008-11-06 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-11-06 22:57 . 2008-11-06 22:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IUpd721 2008-11-06 22:52 . 2008-11-06 22:52 1,997 --a------ c:\windows\search.yahoo.com-error.html 2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\windows\system32\uvb 2008-11-06 22:49 . 2008-11-07 19:57 <DIR> d-------- c:\windows\system32\QI19 2008-11-06 22:49 . 2008-11-07 19:56 <DIR> d-------- c:\windows\system32\NPX 2008-11-06 22:49 . 2008-11-07 03:06 <DIR> d-------- c:\windows\system32\im 2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\temp\NT32 2008-11-06 22:49 . 2008-11-08 00:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\NI.GSCNS 2008-11-06 22:49 . 2008-11-06 22:49 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-11-06 22:49 . 2008-11-06 22:49 63,488 --a------ c:\windows\system32\rgv.xl 2008-11-06 22:49 . 2008-11-06 22:49 32,768 --a------ c:\windows\system32\fes.ra 2008-11-06 22:49 . 2008-11-06 22:49 32,768 --a------ c:\windows\system32\fe.sp 2008-11-06 22:49 . 2008-11-06 22:49 28,672 --a------ c:\windows\system32\def.help 2008-11-06 22:49 . 2008-11-06 22:49 28,672 --a------ c:\windows\system32\ceg.sdr 2008-11-06 22:49 . 2008-11-07 04:08 527 --a------ c:\windows\system32\TDSSmtvd.dat 2008-11-06 22:49 . 2008-11-06 22:49 2 --a------ C:\-457971425 2008-11-06 21:26 . 2007-07-02 14:02 996,648 --a------ c:\windows\system32\ShellManager10E2D762.dll 2008-11-06 21:26 . 2007-07-02 13:19 638,976 --a------ c:\windows\system32\NEROINSTAEC43759.DB 2008-10-31 13:45 . 2008-11-05 20:32 <DIR> d-------- c:\program files\DOSBox-0.72 2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll 2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll 2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll 2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll 2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll 2008-10-28 14:54 . 2008-10-29 01:58 <DIR> d-------- c:\program files\DayDawn 2008-10-23 23:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 04:22 . 2008-10-21 04:22 <DIR> d-------- c:\program files\AviSynth 2.5 2008-10-21 04:22 . 2004-02-22 09:11 719,872 --a------ c:\windows\system32\devil.dll 2008-10-21 04:22 . 2006-10-07 16:43 502,784 --a------ c:\windows\x2.64.exe 2008-10-21 04:22 . 2007-05-17 16:30 318,976 --a------ c:\windows\system32\avisynth.dll 2008-10-21 04:22 . 2005-02-28 12:16 240,128 --a------ c:\windows\system32\x.264.exe 2008-10-21 04:22 . 2006-04-12 08:47 217,073 --a------ c:\windows\meta4.exe 2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\yv12vfw.dll 2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\i420vfw.dll 2008-10-21 04:22 . 2006-04-05 07:09 66,560 --a------ c:\windows\MOTA113.exe 2008-10-21 04:22 . 2005-07-14 11:31 27,648 --a------ c:\windows\system32\AVSredirect.dll 2008-10-21 04:21 . 2008-10-21 04:21 <DIR> d-------- c:\program files\eRightSoft 2008-10-14 18:30 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-14 18:26 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-14 18:25 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-14 18:25 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-14 18:25 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-14 18:25 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 02:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-07 02:46 --------- d-----w c:\program files\Maxtor 2008-11-05 03:55 --------- d-----w c:\program files\DivX 2008-11-05 03:51 364 ----a-w C:\drmHeader.bin 2008-10-30 18:27 --------- d-----w c:\program files\SuperchipsUpdate 2008-10-24 10:08 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-21 09:19 --------- d-----w c:\documents and settings\Administrator\Application Data\Tunebite 2008-10-21 07:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager 2008-10-08 00:11 --------- d-----w c:\program files\iTunes 2008-10-08 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-08 00:10 --------- d-----w c:\program files\iPod 2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys 2008-09-26 22:42 --------- d-----w c:\program files\NOS 2008-09-26 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-09-25 22:00 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-09-17 00:01 --------- d-----w c:\program files\QuickTime 2008-09-17 00:00 --------- d-----w c:\program files\Common Files\Apple 2008-09-16 23:56 --------- d-----w c:\program files\Bonjour 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll . file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 578560 bytes ) Infected c:\windows\system32\user32.dll hex repaired ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "wmpnscfg"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "updatemgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "roboform"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-05 160592] "msmsgs"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ldm"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-15 32768] "h/pc connection agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "creative detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "avg8_tray"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-07 1234712] "zune launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-01-11 166304] "volpanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "updreg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "sunjavaupdatesched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "rcsystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "quicktime task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nerofiltercheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "launch lgdcore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "launch lcdmon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "languageshortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "hpqsrmon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "hpdj taskbar utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608] "hp software update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "ehtray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ctdvddet"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "applesyncnotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "alienfxcontroller"="c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe" [2006-09-13 311296] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] "logitech hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "kernel and hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "ctxfihlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] "cthelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-15 450560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Network Monitor"=2 (0x2) "cmdService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-07 97928] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2004-11-09 21968] R1 TeksKernel;TeksKernel;c:\windows\system32\Drivers\TeksKernel.sys [2004-07-08 9060] R2 aksfridge;aksfridge;c:\windows\system32\drivers\aksfridge.sys [2007-03-12 351744] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [ ] R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888] R2 ProductivITService;ProductivIT Service;c:\program files\AlienAutopsy\TEKS_Service.exe [2004-07-08 77824] R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2008-01-11 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\windows\system32\ZuneBusEnum.exe [2008-01-11 61856] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S0 ccxh;ccxh;c:\windows\system32\drivers\hbjtfitt.sys [ ] S0 epoj;epoj;c:\windows\system32\drivers\cqcbvf.sys [ ] S1 8d034592;8d034592;c:\windows\system32\drivers\8d034592.sys [ ] S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\DRIVERS\HidCom.sys [2004-08-10 21016] S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2005-12-15 34639] S3 uisp;Motorola USB ICP driver;c:\windows\system32\Drivers\usbicp.sys [ ] S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\Drivers\xmuni.sys [2006-12-02 49408] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-{3e-e9-91-1f-dw} - c:\windows\system32\dwwnw64r.exe HKLM-Run-prunnet - c:\windows\system32\prun.exe HKLM-Run-hphmon03 - c:\windows\system32\hphmon03.exe HKLM-Run-e4b3e9b0 - c:\windows\system32\tcukvwrd.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com R0 -: HKLM-Main,Start Page = hxxp://www.google.com R1 -: HKCU-Internet Settings,ProxyOverride = .local O8 -: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 -: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 -: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 -: Download all with Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm O8 -: Download selected with Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm O8 -: Download video with Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm O8 -: Download with Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm O8 -: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 -: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 -: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM O8 -: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM O8 -: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 -: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-10 19:41:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\explorer.exe -> c:\program files\alienware\alienware alienfx\AlienwareAlienFXHK.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\system32\hasplms.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Zune\ZuneNss.exe c:\windows\system32\CTXFISPI.EXE c:\windows\system32\rundll32.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe c:\program files\Creative\ShareDLL\CADI\NotiMan.exe d:\progra~1\MICROS~2\rapimgr.exe c:\program files\Logitech\SetPoint\SetPoint.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\windows\ehome\ehmsas.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************ . Completion time: 2008-11-10 19:53:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-11 00:53:04 Pre-Run: 358,413,291,520 bytes free Post-Run: 358,543,278,080 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer 349 --- E O F --- 2008-10-24 09:00:44 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:57:33 PM, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\hasplms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AlienAutopsy\TEKS_Service.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe D:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [avg8_tray] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [zune launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [volpanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [updreg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [rcsystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem -Startup O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nvmediacenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nerofiltercheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [logitech hardware abstraction layer] KHALMNPR.EXE O4 - HKLM\..\Run: [launch lgdcore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [launch lcdmon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [languageshortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [kernel and hardware abstraction layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpqsrmon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ctxfihlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [cthelper] CTHELPER.EXE O4 - HKLM\..\Run: [ctdvddet] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [applesyncnotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [alienfxcontroller] c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [wmpnscfg] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updatemgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [roboform] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ldm] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [h/pc connection agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [creative detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://d:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187219165890 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187219160937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: bw+0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 26691 bytes