Tech Support Forum - View Single Post

FireWalker42 · 11-12-2008, 04:48 AM

When I started the PC I received a NirCmd.cfexe-Application Error: The instruction "0x7c910a53" referenced memory at "0x003e531a" The memory could not be "written" click ok to terminate the program.

Ran Combofix and came back with "update for Combofix failed no network connection" ran current version. Log at end. AVG was not disabled during the combofix run.

Kaspersky hung at 3 1/2 hours and waited an additional 1 hour at 44%, mouse barely moved and unable to close, alt-ctrl-del did not work. Manually power cycled.
Chkdsk ran and"
Deleted corrupt attribute listen try with type code128 in file 10823
Deleting corrupt file record segment 182844
Deleting index entry 958.thm in index $I30 of file 171746
Other messages to fast to record.

Kaspersky hung again at 8hours 41mins and had to manually power cycle again
Chkdsk ran again:
Deleting corrupt segment 140860
Deleting corrupt segment 215868
Deleting index entry from index $0 of file 25
Deleting index entry from index $0 of file 25
Correcting error in index $I30 for file 113174
Correcting error in index $I30 for file 113174
Many more statements that scrolled to fast to record.

Windows update downloaded and installed an update with auto shutdown after I posted this.

Hope you have a good day. I again will be unable to leave work during the day.

Logs:

ComboFix 08-11-10.01 - Administrator 2008-11-11 16:37:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt
* Created a new restore point

FILE ::
C:\-457971425
c:\windows\system32\ceg.sdr
c:\windows\system32\def.help
c:\windows\system32\fe.sp
c:\windows\system32\fes.ra
c:\windows\system32\rgv.xl
c:\windows\system32\TDSSmtvd.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-457971425
c:\documents and settings\Administrator\Application Data\NI.GSCNS
c:\documents and settings\Administrator\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Administrator\Application Data\NI.GSCNS\settings.ini
c:\windows\system32\ceg.sdr
c:\windows\system32\def.help
c:\windows\system32\fe.sp
c:\windows\system32\fes.ra
c:\windows\system32\rgv.xl
c:\windows\system32\TDSSmtvd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_8d034592
-------\Service_ccxh
-------\Service_epoj

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))
.

2008-11-11 16:32 . 2008-11-11 16:32 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-10 22:05 . 2008-11-11 06:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-10 22:05 . 2008-11-11 06:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-10 21:30 . 2008-11-10 21:30 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-10 21:30 . 2008-11-10 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-10 21:30 . 2008-11-10 21:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-11-10 21:11 . 2008-11-10 21:11 221,184 --a------ c:\windows\SnoopFreeUI.exe
2008-11-10 21:11 . 2008-11-10 21:11 90,112 --a------ c:\windows\system32\SnoopFreeSvc.exe
2008-11-10 21:11 . 2008-11-10 21:11 45,056 --a------ c:\windows\SnoopFreeDll.dll
2008-11-10 21:11 . 2008-11-10 21:11 9,472 --a------ c:\windows\system32\drivers\SnopFree.sys
2008-11-10 21:07 . 2008-11-10 21:38 <DIR> d-------- c:\program files\SpywareGuard
2008-11-10 21:04 . 2008-11-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-11-10 21:03 . 2008-11-10 21:06 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-10 20:41 . 2008-11-10 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jetico Personal Firewall
2008-11-10 20:36 . 2008-11-10 20:36 <DIR> d-------- c:\program files\Jetico
2008-11-10 12:52 . 2008-11-10 12:52 <DIR> d--hs---- C:\found.001
2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- C:\rsit
2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- c:\program files\trend micro
2008-11-07 16:43 . 2008-11-07 16:43 250 --a------ c:\windows\gmer.ini
2008-11-07 16:35 . 2008-11-10 23:30 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-07 03:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 03:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 02:09 . 2008-11-10 21:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-07 02:00 . 2008-11-07 02:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-11-07 01:55 . 2008-11-07 17:45 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\program files\AVG
2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2008-11-07 01:55 . 2008-11-07 01:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-07 01:55 . 2008-11-07 01:55 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-06 23:10 . 2008-11-06 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-06 22:57 . 2008-11-06 22:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IUpd721
2008-11-06 22:52 . 2008-11-06 22:52 1,997 --a------ c:\windows\search.yahoo.com-error.html
2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\windows\system32\uvb
2008-11-06 22:49 . 2008-11-07 19:57 <DIR> d-------- c:\windows\system32\QI19
2008-11-06 22:49 . 2008-11-07 19:56 <DIR> d-------- c:\windows\system32\NPX
2008-11-06 22:49 . 2008-11-07 03:06 <DIR> d-------- c:\windows\system32\im
2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\temp\NT32
2008-11-06 22:49 . 2008-11-06 22:49 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-06 21:26 . 2007-07-02 14:02 996,648 --a------ c:\windows\system32\ShellManager10E2D762.dll
2008-11-06 21:26 . 2007-07-02 13:19 638,976 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-10-31 13:45 . 2008-11-05 20:32 <DIR> d-------- c:\program files\DOSBox-0.72
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll
2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll
2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll
2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll
2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll
2008-10-28 14:54 . 2008-10-29 01:58 <DIR> d-------- c:\program files\DayDawn
2008-10-23 23:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 04:22 . 2008-10-21 04:22 <DIR> d-------- c:\program files\AviSynth 2.5
2008-10-21 04:22 . 2004-02-22 09:11 719,872 --a------ c:\windows\system32\devil.dll
2008-10-21 04:22 . 2006-10-07 16:43 502,784 --a------ c:\windows\x2.64.exe
2008-10-21 04:22 . 2007-05-17 16:30 318,976 --a------ c:\windows\system32\avisynth.dll
2008-10-21 04:22 . 2005-02-28 12:16 240,128 --a------ c:\windows\system32\x.264.exe
2008-10-21 04:22 . 2006-04-12 08:47 217,073 --a------ c:\windows\meta4.exe
2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\yv12vfw.dll
2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\i420vfw.dll
2008-10-21 04:22 . 2006-04-05 07:09 66,560 --a------ c:\windows\MOTA113.exe
2008-10-21 04:22 . 2005-07-14 11:31 27,648 --a------ c:\windows\system32\AVSredirect.dll
2008-10-21 04:21 . 2008-10-21 04:21 <DIR> d-------- c:\program files\eRightSoft
2008-10-14 18:30 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-14 18:26 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 18:25 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 18:25 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 18:25 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 18:25 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 02:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 02:46 --------- d-----w c:\program files\Maxtor
2008-11-05 03:55 --------- d-----w c:\program files\DivX
2008-11-05 03:51 364 ----a-w C:\drmHeader.bin
2008-10-30 18:27 --------- d-----w c:\program files\SuperchipsUpdate
2008-10-24 10:08 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 09:19 --------- d-----w c:\documents and settings\Administrator\Application Data\Tunebite
2008-10-21 07:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager
2008-10-08 00:11 --------- d-----w c:\program files\iTunes
2008-10-08 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-08 00:10 --------- d-----w c:\program files\iPod
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-26 22:42 --------- d-----w c:\program files\NOS
2008-09-26 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-25 22:00 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-09-17 00:01 --------- d-----w c:\program files\QuickTime
2008-09-17 00:00 --------- d-----w c:\program files\Common Files\Apple
2008-09-16 23:56 --------- d-----w c:\program files\Bonjour
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\temp\NT32 ----

2008-11-06 22:49 1858 --a------ c:\temp\NT32\zBV.log

---- Directory of c:\windows\system32\im ----

---- Directory of c:\windows\system32\NPX ----

---- Directory of c:\windows\system32\QI19 ----

---- Directory of c:\windows\system32\uvb ----

((((((((((((((((((((((((((((( snapshot@2008-11-10_19.52.45.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-21 15:44:00 163,840 ----a-w c:\windows\BCUnInstall.exe
+ 2008-11-11 02:30:40 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-11-11 02:30:40 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2005-06-23 10:19:30 16,640 ----a-w c:\windows\system32\drivers\bc_filter.sys
+ 2005-02-18 05:50:34 17,536 ----a-w c:\windows\system32\drivers\bc_ip_f.sys
+ 2005-02-18 05:50:36 8,960 ----a-w c:\windows\system32\drivers\bc_ngn.sys
+ 2005-02-18 05:50:35 4,928 ----a-w c:\windows\system32\drivers\bc_pat_f.sys
+ 2005-02-18 05:50:35 4,576 ----a-w c:\windows\system32\drivers\bc_prt_f.sys
+ 2005-02-18 05:50:34 13,344 ----a-w c:\windows\system32\drivers\bc_tdi_f.sys
+ 2005-05-18 07:09:18 45,739 ----a-w c:\windows\system32\drivers\bcftdi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"wmpnscfg"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"updatemgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"roboform"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-05 160592]
"msmsgs"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ldm"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-15 32768]
"h/pc connection agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"creative detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"avg8_tray"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-07 1234712]
"zune launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-01-11 166304]
"volpanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"updreg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"sunjavaupdatesched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"rcsystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"quicktime task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nerofiltercheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"launch lgdcore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"launch lcdmon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"languageshortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"hpqsrmon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"hpdj taskbar utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"hp software update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ehtray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ctdvddet"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"applesyncnotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"alienfxcontroller"="c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe" [2006-09-13 311296]
"JeticoPFStartup"="c:\program files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"logitech hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"kernel and hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"ctxfihlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]
"cthelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE]
"SnoopFreeUI"="SnoopFreeUI.exe" [2008-11-10 c:\windows\SnoopFreeUI.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-15 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=2 (0x2)
"cmdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-07 97928]
R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2004-11-09 21968]
R1 TeksKernel;TeksKernel;c:\windows\system32\Drivers\TeksKernel.sys [2004-07-08 9060]
R2 aksfridge;aksfridge;c:\windows\system32\drivers\aksfridge.sys [2007-03-12 351744]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [ ]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 ProductivITService;ProductivIT Service;c:\program files\AlienAutopsy\TEKS_Service.exe [2004-07-08 77824]
R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\windows\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\DRIVERS\HidCom.sys [2004-08-10 21016]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2005-12-15 34639]
S3 uisp;Motorola USB ICP driver;c:\windows\system32\Drivers\usbicp.sys [ ]
S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\Drivers\xmuni.sys [2006-12-02 49408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 16:43:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\SnoopFreeSvc.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
c:\windows\system32\CTXFISPI.EXE
c:\program files\Creative\ShareDLL\CADI\NotiMan.exe
d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
d:\progra~1\MICROS~2\rapimgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Zune\ZuneNss.exe
c:\program files\Logitech\SetPoint\SetPoint.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-11-11 16:54:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-11 21:54:31
ComboFix2.txt 2008-11-11 00:53:23

Pre-Run: 358,233,722,880 bytes free
Post-Run: 358,264,754,176 bytes free

342 --- E O F --- 2008-10-24 09:00:44

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:34 AM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [avg8_tray] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [zune launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [volpanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [updreg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [rcsystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nvmediacenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nerofiltercheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [logitech hardware abstraction layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [launch lgdcore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [launch lcdmon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [languageshortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [kernel and hardware abstraction layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpqsrmon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ctxfihlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [cthelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ctdvddet] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [applesyncnotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [alienfxcontroller] c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [wmpnscfg] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updatemgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [roboform] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ldm] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [h/pc connection agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [creative detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://d:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187219165890
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187219160937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bw+0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

--
End of file - 28055 bytes

11-12-2008, 04:48 AM	#8 (permalink)
FireWalker42 Registered User Join Date: Nov 2008 Location: Central Florida Posts: 10 OS: XP SP3	Re: Computer controlled! When I started the PC I received a NirCmd.cfexe-Application Error: The instruction "0x7c910a53" referenced memory at "0x003e531a" The memory could not be "written" click ok to terminate the program. Ran Combofix and came back with "update for Combofix failed no network connection" ran current version. Log at end. AVG was not disabled during the combofix run. Kaspersky hung at 3 1/2 hours and waited an additional 1 hour at 44%, mouse barely moved and unable to close, alt-ctrl-del did not work. Manually power cycled. Chkdsk ran and" Deleted corrupt attribute listen try with type code128 in file 10823 Deleting corrupt file record segment 182844 Deleting index entry 958.thm in index $I30 of file 171746 Other messages to fast to record. Kaspersky hung again at 8hours 41mins and had to manually power cycle again Chkdsk ran again: Deleting corrupt segment 140860 Deleting corrupt segment 215868 Deleting index entry from index $0 of file 25 Deleting index entry from index $0 of file 25 Correcting error in index $I30 for file 113174 Correcting error in index $I30 for file 113174 Many more statements that scrolled to fast to record. Windows update downloaded and installed an update with auto shutdown after I posted this. Hope you have a good day. I again will be unable to leave work during the day. Logs: ComboFix 08-11-10.01 - Administrator 2008-11-11 16:37:27.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1262 [GMT -5:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFscript.txt * Created a new restore point FILE :: C:\-457971425 c:\windows\system32\ceg.sdr c:\windows\system32\def.help c:\windows\system32\fe.sp c:\windows\system32\fes.ra c:\windows\system32\rgv.xl c:\windows\system32\TDSSmtvd.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-457971425 c:\documents and settings\Administrator\Application Data\NI.GSCNS c:\documents and settings\Administrator\Application Data\NI.GSCNS\dl.ini c:\documents and settings\Administrator\Application Data\NI.GSCNS\settings.ini c:\windows\system32\ceg.sdr c:\windows\system32\def.help c:\windows\system32\fe.sp c:\windows\system32\fes.ra c:\windows\system32\rgv.xl c:\windows\system32\TDSSmtvd.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_8d034592 -------\Service_ccxh -------\Service_epoj ((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 ))))))))))))))))))))))))))))))) . 2008-11-11 16:32 . 2008-11-11 16:32 <DIR> d-------- c:\windows\LastGood.Tmp 2008-11-10 22:05 . 2008-11-11 06:13 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2008-11-10 22:05 . 2008-11-11 06:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-10 21:30 . 2008-11-10 21:30 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-11-10 21:30 . 2008-11-10 21:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-11-10 21:30 . 2008-11-10 21:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-11-10 21:11 . 2008-11-10 21:11 221,184 --a------ c:\windows\SnoopFreeUI.exe 2008-11-10 21:11 . 2008-11-10 21:11 90,112 --a------ c:\windows\system32\SnoopFreeSvc.exe 2008-11-10 21:11 . 2008-11-10 21:11 45,056 --a------ c:\windows\SnoopFreeDll.dll 2008-11-10 21:11 . 2008-11-10 21:11 9,472 --a------ c:\windows\system32\drivers\SnopFree.sys 2008-11-10 21:07 . 2008-11-10 21:38 <DIR> d-------- c:\program files\SpywareGuard 2008-11-10 21:04 . 2008-11-10 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP 2008-11-10 21:03 . 2008-11-10 21:06 <DIR> d-------- c:\program files\SpywareBlaster 2008-11-10 20:41 . 2008-11-10 20:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Jetico Personal Firewall 2008-11-10 20:36 . 2008-11-10 20:36 <DIR> d-------- c:\program files\Jetico 2008-11-10 12:52 . 2008-11-10 12:52 <DIR> d--hs---- C:\found.001 2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- C:\rsit 2008-11-07 17:04 . 2008-11-07 17:04 <DIR> d-------- c:\program files\trend micro 2008-11-07 16:43 . 2008-11-07 16:43 250 --a------ c:\windows\gmer.ini 2008-11-07 16:35 . 2008-11-10 23:30 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-07 03:11 . 2008-11-07 03:11 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-07 03:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-07 03:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\program files\Lavasoft 2008-11-07 02:10 . 2008-11-07 02:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-11-07 02:09 . 2008-11-10 21:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-11-07 02:00 . 2008-11-07 02:00 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR 2008-11-07 01:55 . 2008-11-07 17:45 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\program files\AVG 2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-07 01:55 . 2008-11-07 01:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR 2008-11-07 01:55 . 2008-11-07 01:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-07 01:55 . 2008-11-07 01:55 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-06 23:10 . 2008-11-06 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2008-11-06 22:57 . 2008-11-06 22:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IUpd721 2008-11-06 22:52 . 2008-11-06 22:52 1,997 --a------ c:\windows\search.yahoo.com-error.html 2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\windows\system32\uvb 2008-11-06 22:49 . 2008-11-07 19:57 <DIR> d-------- c:\windows\system32\QI19 2008-11-06 22:49 . 2008-11-07 19:56 <DIR> d-------- c:\windows\system32\NPX 2008-11-06 22:49 . 2008-11-07 03:06 <DIR> d-------- c:\windows\system32\im 2008-11-06 22:49 . 2008-11-06 22:49 <DIR> d-------- c:\temp\NT32 2008-11-06 22:49 . 2008-11-06 22:49 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2008-11-06 21:26 . 2007-07-02 14:02 996,648 --a------ c:\windows\system32\ShellManager10E2D762.dll 2008-11-06 21:26 . 2007-07-02 13:19 638,976 --a------ c:\windows\system32\NEROINSTAEC43759.DB 2008-10-31 13:45 . 2008-11-05 20:32 <DIR> d-------- c:\program files\DOSBox-0.72 2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx0c.dll 2008-10-28 17:36 . 2008-10-28 17:36 823,296 --a------ c:\windows\system32\divx_xx07.dll 2008-10-28 17:35 . 2008-10-28 17:35 815,104 --a------ c:\windows\system32\divx_xx0a.dll 2008-10-28 17:35 . 2008-10-28 17:35 802,816 --a------ c:\windows\system32\divx_xx11.dll 2008-10-28 17:35 . 2008-10-28 17:35 684,032 --a------ c:\windows\system32\DivX.dll 2008-10-28 14:54 . 2008-10-29 01:58 <DIR> d-------- c:\program files\DayDawn 2008-10-23 23:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-21 04:22 . 2008-10-21 04:22 <DIR> d-------- c:\program files\AviSynth 2.5 2008-10-21 04:22 . 2004-02-22 09:11 719,872 --a------ c:\windows\system32\devil.dll 2008-10-21 04:22 . 2006-10-07 16:43 502,784 --a------ c:\windows\x2.64.exe 2008-10-21 04:22 . 2007-05-17 16:30 318,976 --a------ c:\windows\system32\avisynth.dll 2008-10-21 04:22 . 2005-02-28 12:16 240,128 --a------ c:\windows\system32\x.264.exe 2008-10-21 04:22 . 2006-04-12 08:47 217,073 --a------ c:\windows\meta4.exe 2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\yv12vfw.dll 2008-10-21 04:22 . 2004-01-24 23:00 70,656 --a------ c:\windows\system32\i420vfw.dll 2008-10-21 04:22 . 2006-04-05 07:09 66,560 --a------ c:\windows\MOTA113.exe 2008-10-21 04:22 . 2005-07-14 11:31 27,648 --a------ c:\windows\system32\AVSredirect.dll 2008-10-21 04:21 . 2008-10-21 04:21 <DIR> d-------- c:\program files\eRightSoft 2008-10-14 18:30 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-14 18:26 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-14 18:25 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-14 18:25 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-14 18:25 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-14 18:25 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-07 02:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-07 02:46 --------- d-----w c:\program files\Maxtor 2008-11-05 03:55 --------- d-----w c:\program files\DivX 2008-11-05 03:51 364 ----a-w C:\drmHeader.bin 2008-10-30 18:27 --------- d-----w c:\program files\SuperchipsUpdate 2008-10-24 10:08 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-21 09:19 --------- d-----w c:\documents and settings\Administrator\Application Data\Tunebite 2008-10-21 07:24 --------- d-----w c:\documents and settings\Administrator\Application Data\Free Download Manager 2008-10-08 00:11 --------- d-----w c:\program files\iTunes 2008-10-08 00:11 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-10-08 00:10 --------- d-----w c:\program files\iPod 2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys 2008-09-26 22:42 --------- d-----w c:\program files\NOS 2008-09-26 22:42 --------- d-----w c:\documents and settings\All Users\Application Data\NOS 2008-09-25 22:00 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-09-17 00:01 --------- d-----w c:\program files\QuickTime 2008-09-17 00:00 --------- d-----w c:\program files\Common Files\Apple 2008-09-16 23:56 --------- d-----w c:\program files\Bonjour 2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll 2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\temp\NT32 ---- 2008-11-06 22:49 1858 --a------ c:\temp\NT32\zBV.log ---- Directory of c:\windows\system32\im ---- ---- Directory of c:\windows\system32\NPX ---- ---- Directory of c:\windows\system32\QI19 ---- ---- Directory of c:\windows\system32\uvb ---- ((((((((((((((((((((((((((((( snapshot@2008-11-10_19.52.45.76 ))))))))))))))))))))))))))))))))))))))))) . + 2005-02-21 15:44:00 163,840 ----a-w c:\windows\BCUnInstall.exe + 2008-11-11 02:30:40 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-11-11 02:30:40 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2005-06-23 10:19:30 16,640 ----a-w c:\windows\system32\drivers\bc_filter.sys + 2005-02-18 05:50:34 17,536 ----a-w c:\windows\system32\drivers\bc_ip_f.sys + 2005-02-18 05:50:36 8,960 ----a-w c:\windows\system32\drivers\bc_ngn.sys + 2005-02-18 05:50:35 4,928 ----a-w c:\windows\system32\drivers\bc_pat_f.sys + 2005-02-18 05:50:35 4,576 ----a-w c:\windows\system32\drivers\bc_prt_f.sys + 2005-02-18 05:50:34 13,344 ----a-w c:\windows\system32\drivers\bc_tdi_f.sys + 2005-05-18 07:09:18 45,739 ----a-w c:\windows\system32\drivers\bcftdi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "wmpnscfg"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "updatemgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "roboform"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-10-05 160592] "msmsgs"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ldm"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-15 32768] "h/pc connection agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "creative detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "avg8_tray"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-07 1234712] "zune launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-01-11 166304] "volpanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880] "updreg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "sunjavaupdatesched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "rcsystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152] "quicktime task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "nvmediacenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "nvcpldaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nerofiltercheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] "launch lgdcore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640] "launch lcdmon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096] "languageshortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152] "ituneshelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "hpqsrmon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920] "hpdj taskbar utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608] "hp software update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "ehtray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ctdvddet"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "applesyncnotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "alienfxcontroller"="c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe" [2006-09-13 311296] "JeticoPFStartup"="c:\program files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] "logitech hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "kernel and hardware abstraction layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "ctxfihlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE] "cthelper"="CTHELPER.EXE" [2006-08-17 c:\windows\CTHELPER.EXE] "SnoopFreeUI"="SnoopFreeUI.exe" [2008-11-10 c:\windows\SnoopFreeUI.exe] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-08-15 450560] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= c:\windows\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Network Monitor"=2 (0x2) "cmdService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM R1 avgldx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-07 97928] R1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2004-11-09 21968] R1 TeksKernel;TeksKernel;c:\windows\system32\Drivers\TeksKernel.sys [2004-07-08 9060] R2 aksfridge;aksfridge;c:\windows\system32\drivers\aksfridge.sys [2007-03-12 351744] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-07 231704] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [ ] R2 Maxtor Sync Service;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888] R2 ProductivITService;ProductivIT Service;c:\program files\AlienAutopsy\TEKS_Service.exe [2004-07-08 77824] R2 zumbus;Zune Bus Enumerator Driver;c:\windows\system32\DRIVERS\zumbus.sys [2008-01-11 40832] R2 ZuneBusEnum;Zune Bus Enumerator;c:\windows\system32\ZuneBusEnum.exe [2008-01-11 61856] R3 ha20x2k;Creative 20X HAL Driver;c:\windows\system32\drivers\ha20x2k.sys [2006-08-17 1110528] S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\DRIVERS\HidCom.sys [2004-08-10 21016] S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\Drivers\FTD2XX.sys [2005-12-15 34639] S3 uisp;Motorola USB ICP driver;c:\windows\system32\Drivers\usbicp.sys [ ] S3 XMUNIVERSAL;xmuni.sys driver;c:\windows\system32\Drivers\xmuni.sys [2006-12-02 49408] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}] c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Contents of the 'Scheduled Tasks' folder 2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-11 16:43:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\windows\system32\hasplms.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\rundll32.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\windows\system32\SnoopFreeSvc.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe c:\windows\system32\CTXFISPI.EXE c:\program files\Creative\ShareDLL\CADI\NotiMan.exe d:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE d:\progra~1\MICROS~2\rapimgr.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Zune\ZuneNss.exe c:\program files\Logitech\SetPoint\SetPoint.exe c:\program files\SpywareGuard\sgbhp.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe c:\windows\system32\dllhost.exe c:\program files\iPod\bin\iPodService.exe c:\windows\ehome\ehmsas.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\program files\Java\jre1.6.0_05\bin\jucheck.exe . ************************************************************************ . Completion time: 2008-11-11 16:54:39 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-11 21:54:31 ComboFix2.txt 2008-11-11 00:53:23 Pre-Run: 358,233,722,880 bytes free Post-Run: 358,264,754,176 bytes free 342 --- E O F --- 2008-10-24 09:00:44 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:37:34 AM, on 11/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\CTXFIHLP.EXE C:\WINDOWS\CTHELPER.EXE C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe C:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\WINDOWS\SnoopFreeUI.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe D:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe D:\PROGRA~1\MICROS~2\rapimgr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\system32\CTsvcCDA.EXE D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\hasplms.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AlienAutopsy\TEKS_Service.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\System32\SnoopFreeSvc.exe C:\WINDOWS\system32\svchost.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\Administrator\Desktop\HijackThis.exe C:\WINDOWS\system32\MsiExec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [avg8_tray] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [zune launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [volpanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r O4 - HKLM\..\Run: [updreg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [rcsystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem -Startup O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nvmediacenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nvcpldaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nerofiltercheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [logitech hardware abstraction layer] KHALMNPR.EXE O4 - HKLM\..\Run: [launch lgdcore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [launch lcdmon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [languageshortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [kernel and hardware abstraction layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpqsrmon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [hpdj taskbar utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ctxfihlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [cthelper] CTHELPER.EXE O4 - HKLM\..\Run: [ctdvddet] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [applesyncnotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [alienfxcontroller] c:\program files\alienware\alienware alienfx\alienwarealienfxcontroller.exe O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [wmpnscfg] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updatemgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [roboform] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ldm] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [h/pc connection agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [creative detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech Harmony Remote V5.lnk = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Download all with Free Download Manager - file://d:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://d:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://d:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://d:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187219165890 O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187219160937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: bw+0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: offline-8876480 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe -- End of file - 28055 bytes Last edited by FireWalker42; 11-12-2008 at 04:57 AM. Reason: added windows update message