Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Hijacked by http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Hijacked by http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 12-24-2007, 09:27 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 8
OS: Win XP SP2


Hijacked by http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
My IE homepage has been hijacked by http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2. Along with that I am getting lots of alert pop-ups saying "windows has detected an internet attack attempt ..." and "Worm.WM32.Netsky" has been detected on my system. Also, I have a red and white "X" icon flashing in my taskbar which every so often pops up a "System alert" message as well. Finally, IE keeps popping up with various "antivirus" program homepages such as trustedantivirus and others.

I followed the 5 steps as best I could. Panda antivirus kept hanging midway through, and I had to alt+ctrl+del to exit, so I have no logs from that. It did indicate 114 spyware files before hanging.
The following is the main.txt from Deckard's system scan:

Deckard's System Scanner v20071014.68
Run by Angela Zang on 2007-12-24 09:04:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2007-12-24 16:04:53 UTC - RP1572 - Deckard's System Scanner Restore Point
34: 2007-12-24 02:11:50 UTC - RP1571 - System Checkpoint
33: 2007-12-21 06:01:27 UTC - RP1570 - Installed AnswerWorks 4.0 Runtime - English
32: 2007-12-21 05:59:06 UTC - RP1569 - Installed TurboTax Deluxe 2007
31: 2007-12-20 21:33:38 UTC - RP1568 - System Checkpoint


-- First Restore Point --
1: 2007-11-30 07:55:48 UTC - RP1538 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 12.78 GiB (less than 15%) free.


-- HijackThis (run as Angela Zang.exe) -----------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-24 09:13:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\SYSTEM32\cisvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\PnkBstrA.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\dllhost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Angela Zang\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\Angela Zang.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.your-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: BDEX System - {56F043F0-CD47-47AE-B459-416A07545CA1} - C:\WINDOWS\ttvbonsgr.dll
O2 - BHO: (no name) - {58F07DD3-924D-4141-BC74-299F523A95F1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm776
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\MNYSIDE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://mytch.thechildrenshospital.org (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://www.bittorrent.com/activex/COPPDetector.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mytch.thechildrenshospital.o...a32/wficat.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/...2/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.readyforcrysis.com/sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {EBC1356E-7D5E-44EC-831D-847882F06FE5} (Gateway Client for MetaFrame) - https://mytch.thechildrenshospital.o...n/CSGProxy.cab
O18 - Protocol: bw+0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {65bfb2fb-c58b-4dc6-bcfe-fa459653cd5a} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {65BFB2FB-C58B-4DC6-BCFE-FA459653CD5A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file)
O21 - SSODL: hjoqor - {0BA978AE-E0C9-4454-9DB3-07192BF0AE4C} - C:\WINDOWS\hjoqor.dll
O21 - SSODL: xcvwer - {A876F82A-23A7-488F-A007-AB0DE9EB245F} - C:\WINDOWS\xcvwer.dll
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\SYSTEM32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\SYSTEM32\PnkBstrA.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\SYSTEM32\RadClock.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 26861 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Angela Zang\Desktop\backups\) --------------------------------------------------------------------------------

backup-20071223-195637-451 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20071223-195638-409 O2 - BHO: BDEX System - {56F043F0-CD47-47AE-B459-416A07545CA1} - C:\WINDOWS\ttvbonsgr.dll
backup-20071223-195638-845 O21 - SSODL: hjoqor - {D80CA7E0-669A-4FE4-A327-08B27C2E0FBD} - C:\WINDOWS\hjoqor.dll
backup-20071223-195639-528 O21 - SSODL: xcvwer - {50F570C8-525E-4596-A6E0-2D547982880C} - C:\WINDOWS\xcvwer.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 ATITool - c:\program files\atitool\atitool.sys
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 ATNT40K (ActiveTouch NT Appsharing Driver) - c:\windows\system32\drivers\atnt40k.sys
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 TMBUS (Thrustmapper Device Enumerator) - c:\windows\system32\drivers\tmbus.sys <Not Verified; Thrustmaster; >
R3 TMHIDSRV - c:\windows\system32\drivers\tmhidf.sys <Not Verified; Guillemot Corporation; Thrustmapper 4 Software Pack>
R3 TMKEmu (Thrustmapper virtual Keyboard device driver) - c:\windows\system32\drivers\tmkemu.sys <Not Verified; Thrustmaster; >
R3 TMMEmu (Thrustmapper virtual Mouse device driver) - c:\windows\system32\drivers\tmmemu.sys <Not Verified; Thrustmaster; >
R3 WD_FireWire_HID (WD FireWire Pseudo-HID driver) - c:\windows\system32\drivers\wdfwhid.sys <Not Verified; Western Digital Technologies; WD External Storage>

S2 trackcam4 (TrackerCam Video Capture Driver 4.0) - c:\windows\system32\drivers\trackca4.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
S3 ATWPKT2 - c:\program files\america online 8.0\atwpkt2.sys (file missing)
S3 bvrp_pci - c:\windows\system32\drivers\bvrp_pci.sys
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 cportclm - c:\docume~1\peterz~1\locals~1\temp\cportclm.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 Pcatip - c:\windows\system32\drivers\pcatip.sys <Not Verified; VSO Software; Patin-Couffin Autoplay(tm) support driver>
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S3 RadProbe (Radeon Probe Driver) - c:\windows\system32\drivers\radprobe.sys <Not Verified; ; RadProbe>
S3 razerusb - c:\windows\system32\drivers\razerusb.sys <Not Verified; Razer Inc.; Razer USB Mouse Driver>
S3 RioS30 (RioS30S driver) - c:\windows\system32\drivers\rios30.sys <Not Verified; SonicBlue Inc.; RioS30.sys>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AOL ACS (AOL Connectivity Service) - c:\progra~1\common~1\aol\acs\acsd.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>
S4 RadClock - c:\windows\system32\radclock.exe <Not Verified; ; RadClock Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Logitech QuickCam Pro 5000
Device ID: USB\VID_046D&PID_08CE&MI_00\6&25EC9009&1&0000
Manufacturer: Logitech
Name: Logitech QuickCam Pro 5000
PNP Device ID: USB\VID_046D&PID_08CE&MI_00\6&25EC9009&1&0000
Service: LVUVC

Class GUID: {FD02DFAC-6A7C-4391-97DA-F81FEF1FC9D3}
Description: Radeon Probe Driver
Device ID: ROOT\PROBES\0000
Manufacturer: ChrisW
Name: Radeon Probe Driver
PNP Device ID: ROOT\PROBES\0000
Service: RadProbe


-- Scheduled Tasks -------------------------------------------------------------

2007-12-24 06:00:00 394 --a------ C:\WINDOWS\Tasks\{3D987BE0-E35F-420C-95DE-18C99E4AF63F}_HAL_Peter Zang.job
2007-12-24 03:03:21 444 --a------ C:\WINDOWS\Tasks\SyncBack Music backup.job
2007-12-21 20:00:00 424 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HAL-Peter Zang).job
2007-12-18 03:00:08 436 --a------ C:\WINDOWS\Tasks\SyncBack Pictures.job
2007-12-15 01:45:24 274 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-12-05 06:20:45 438 --a------ C:\WINDOWS\Tasks\SyncBack Documents.job
2007-12-01 01:01:25 366 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-11-24 and 2007-12-24 -----------------------------

2007-12-24 09:10:04 0 d-------- C:\Program Files\Trend Micro
2007-12-24 08:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-24 08:33:05 0 d-------- C:\ie-spyad_zo
2007-12-24 08:12:56 0 d-------- C:\Program Files\SpywareBlaster
2007-12-24 00:17:47 0 d-------- C:\WINDOWS\privacy_danger
2007-12-23 21:21:28 202 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-12-23 21:21:28 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-12-23 21:07:53 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-23 21:07:49 0 d-------- C:\WINDOWS\LastGood
2007-12-21 23:51:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Earthsim
2007-12-21 18:45:29 0 d-------- C:\WINDOWS\system32\NtmsData
2007-12-21 01:17:14 270336 --a------ C:\WINDOWS\xcvwer.dll <Not Verified; ; xcvwer>
2007-12-21 01:17:14 253952 --a------ C:\WINDOWS\ttvbonsgr.dll <Not Verified; ; ttvbonsgr>
2007-12-21 01:17:14 200704 --a------ C:\WINDOWS\leosrv.dll <Not Verified; ; leosrv Module>
2007-12-21 01:17:14 253952 --a------ C:\WINDOWS\hjoqor.dll
2007-12-21 01:17:14 90112 --a------ C:\WINDOWS\binret.exe
2007-12-21 01:07:37 0 d-------- C:\Program Files\MediaVideoCodec
2007-12-20 22:20:00 0 d-------- C:\Program Files\SystemRequirementsLab
2007-12-17 22:13:29 770048 --a------ C:\WINDOWS\system32\CDDBUISony.dll <Not Verified; Gracenote; CDDBUIControl Module>
2007-12-17 22:13:29 532480 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll <Not Verified; ; CddbPlaylist2 Module>
2007-12-17 22:13:29 589824 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll <Not Verified; Gracenote; CddbMusicID Module>
2007-12-17 22:13:29 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll <Not Verified; Gracenote; CddbLink Module>
2007-12-17 22:13:28 655360 --a------ C:\WINDOWS\system32\CDDBControlSony.dll <Not Verified; Gracenote, Inc.; CDDBControl Core Module>
2007-12-07 17:19:10 0 d-------- C:\WINDOWS\NV34202272.TMP
2007-12-05 00:01:34 0 d-------- C:\Program Files\Sierra Entertainment
2007-12-04 20:54:43 0 d-------- C:\Program Files\Western Digital Technologies
2007-12-04 19:21:42 0 d-------- C:\Program Files\2BrightSparks
2007-12-04 00:23:54 0 d-------- C:\Program Files\Disney


-- Find3M Report ---------------------------------------------------------------

2007-12-24 00:11:21 0 d-------- C:\Program Files\MSN Messenger
2007-12-24 00:10:58 0 d-------- C:\Program Files\MediaMonkey
2007-12-24 00:10:46 0 d-------- C:\Program Files\Picasa2
2007-12-24 00:10:30 0 d-------- C:\Program Files\Common Files\Mobipocket Shared
2007-12-24 00:09:19 0 d-------- C:\Program Files\Google
2007-12-22 15:32:51 0 d-------- C:\Documents and Settings\Angela Zang\Application Data\MSN6
2007-12-20 23:01:30 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-20 23:01:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-20 23:00:59 0 d-------- C:\Program Files\Quicken
2007-12-20 22:58:45 0 d-------- C:\Program Files\TurboTax
2007-12-20 22:07:17 0 d-------- C:\Program Files\Steam
2007-12-17 22:10:51 0 d-------- C:\Program Files\Sony
2007-12-13 17:39:13 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2007-12-04 20:54:41 364544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2007-11-26 09:38:04 0 d-------- C:\Documents and Settings\Angela Zang\Application Data\VersionTracker Pro
2007-11-21 18:28:09 0 d-------- C:\Program Files\McAfee
2007-11-14 08:16:05 0 d-------- C:\Program Files\Common Files\aol
2007-11-14 08:16:05 0 d-------- C:\Program Files\AIM
2007-11-13 00:00:48 0 d-------- C:\Program Files\AIM6
2007-11-13 00:00:45 0 d-------- C:\Program Files\Common Files
2007-11-12 23:33:09 0 d-------- C:\Program Files\Trillian
2007-11-12 23:25:52 0 d-------- C:\Program Files\AskPBar
2007-11-03 18:54:21 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-03 15:40:33 0 d-------- C:\Program Files\Electronic Arts
2007-10-27 16:00:03 0 d-------- C:\Program Files\id Software
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-09-26 20:57:47 183361 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx; WebEx Application Sharing ATASNT40.DLL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56F043F0-CD47-47AE-B459-416A07545CA1}]
12/20/2007 10:47 AM 253952 --a------ C:\WINDOWS\ttvbonsgr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThrustTSR"="C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe" [04/10/2003 10:44 AM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/28/2005 11:08 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [09/01/2007 08:14 AM]
"WD Button Manager"="WDBtnMgr.exe" [12/04/2007 08:54 PM C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [07/25/2007 03:02 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [07/25/2007 03:06 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 09:33 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/18/2006 12:04 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"LDM"="\Program\" []
"Mobipocket Web Companion"="C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe" [01/05/2005 11:13 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 07:05 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/09/2007 03:17 PM]

C:\Documents and Settings\Angela Zang\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [12/22/2004 11:26 PM 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hjoqor"= {0BA978AE-E0C9-4454-9DB3-07192BF0AE4C} - C:\WINDOWS\hjoqor.dll [12/20/2007 10:47 AM 253952]
"xcvwer"= {A876F82A-23A7-488F-A007-AB0DE9EB245F} - C:\WINDOWS\xcvwer.dll [12/20/2007 10:47 AM 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Angela Zang^Start Menu^Programs^StartUp^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Angela Zang\Start Menu\Programs\StartUp\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ]
C:\WINDOWS\System32\Mkwwa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Angela Zang\Application Data\ttuh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
C:\WINDOWS\alchem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
"C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dsi]
C:\WINDOWS\System32\dp-him.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jvmiwqv]
C:\WINDOWS\System32\gzvskcu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtcyCfgApply]

"C:\Documents and Settings\Peter Zang\My Documents\My Downloads\LtcyCfg2-[guru3d]\LtcyCfg.exe" /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDrv]
C:\WINDOWS\System32\NDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razertra]
C:\Program Files\Razer\razertra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s]
c:\documents and settings\angela zang\local settings\temp\s.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB_setup]
C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\tb_setup.exe /dcheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common files\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d14530-7ca4-11db-9156-0007e97c9134}]
AutoRun\command- H:\LaunchU3.exe -a

*Newly Created Service* - NTMSSVC
*Newly Created Service* - PNKBSTRK
*Newly Created Service* - RKPAVPROC



-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost


-- End of Deckard's System Scanner: finished at 2007-12-24 09:15:46 ------------


Please let me know if missed any information you need. And thanks in advance for the help.
Attached Files
File Type: txt extra.txt (45.6 KB, 0 views)
pzanga is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-25-2007, 03:44 PM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Hijacked by http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-25-2007, 04:24 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 8
OS: Win XP SP2


Re: Hijacked by http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
Thanks for the help. Here you go.

ComboFix 07-12-26.3 - Angela Zang 2007-12-25 16:04:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1990 [GMT -7:00]
Running from: C:\Documents and Settings\Angela Zang\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Angela Zang\Desktop\Error Cleaner.url
C:\Documents and Settings\Angela Zang\Desktop\Privacy Protector.url
C:\Documents and Settings\Angela Zang\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Angela Zang\Favorites\Error Cleaner.url
C:\Documents and Settings\Angela Zang\Favorites\Privacy Protector.url
C:\Documents and Settings\Angela Zang\Favorites\Spyware&Malware Protection.url
C:\Program Files\Common Files\uninstall information
C:\Program Files\MediaVideoCodec
C:\Program Files\MediaVideoCodec\install.ico
C:\Program Files\MediaVideoCodec\MediaVideoCodec.ocx
C:\Program Files\MediaVideoCodec\Uninstall.exe
C:\RECYCLER\desktop.ini
C:\WINDOWS\binret.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\hjoqor.dll
C:\WINDOWS\leosrv.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\vmss
C:\WINDOWS\system32\wtsit.exe
C:\WINDOWS\xcvwer.dll
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-24 09:35 . 2007-12-24 09:35 8 --a------ C:\WINDOWS\SYSTEM32\nvModes.dat
2007-12-24 09:10 . 2007-12-24 09:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 09:04 . 2007-12-24 09:04 <DIR> d-------- C:\Deckard
2007-12-24 08:59 . 2007-12-24 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-24 08:33 . 2007-12-24 08:35 <DIR> d-------- C:\ie-spyad_zo
2007-12-24 08:12 . 2007-12-24 08:21 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-24 01:06 . 2007-12-24 01:06 335,872 --a------ C:\1A0A.tmp
2007-12-23 22:24 . 2007-12-23 22:24 335,872 --a------ C:\FB0.tmp
2007-12-23 21:07 . 2007-12-24 00:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-23 21:07 . 2007-12-24 00:08 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-23 21:07 . 2007-12-24 00:08 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-23 21:07 . 2007-12-24 00:08 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-23 18:37 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-12-21 23:51 . 2007-12-21 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Earthsim
2007-12-21 23:41 . 2007-12-21 23:46 25,320,320 --a------ C:\earthsim_ati.exe
2007-12-21 18:45 . 2007-12-23 20:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\NtmsData
2007-12-20 23:26 . 2007-12-20 23:28 5,406 --a------ C:\WINDOWS\Instlog.lyt
2007-12-20 22:20 . 2007-12-20 22:20 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-12-17 22:14 . 2005-10-31 10:46 36,679 --------- C:\WINDOWS\SYSTEM32\DRIVERS\NETMD052.sys
2007-12-17 22:13 . 2007-01-13 08:24 770,048 --a------ C:\WINDOWS\SYSTEM32\CDDBUISony.dll
2007-12-17 22:13 . 2007-01-13 08:22 655,360 --a------ C:\WINDOWS\SYSTEM32\CDDBControlSony.dll
2007-12-17 22:13 . 2007-01-13 08:22 589,824 --a------ C:\WINDOWS\SYSTEM32\CddbMusicIDSony.dll
2007-12-17 22:13 . 2007-01-13 08:25 532,480 --a------ C:\WINDOWS\SYSTEM32\CddbPlaylist2Sony.dll
2007-12-17 22:13 . 2007-01-13 08:24 73,728 --a------ C:\WINDOWS\SYSTEM32\CddbLinkSony.dll
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankProtocol
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankPacManager
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankMedium
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankHandler
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankFormat
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankDevice
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\FrankContents
2007-12-17 21:56 . 2007-12-17 21:56 <DIR> d-------- C:\temp\Frank
2007-12-13 05:05 . 2007-12-13 05:05 531,248 --a------ C:\WINDOWS\SYSTEM32\es.scr
2007-12-07 17:19 . 2007-12-07 17:38 <DIR> d-------- C:\WINDOWS\NV34202272.TMP
2007-12-05 00:01 . 2007-12-05 00:01 <DIR> d-------- C:\Program Files\Sierra Entertainment
2007-12-04 20:54 . 2007-12-04 20:54 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-12-04 19:21 . 2007-12-04 19:21 <DIR> d-------- C:\Program Files\2BrightSparks
2007-12-04 00:23 . 2007-12-04 00:23 <DIR> d-------- C:\Program Files\Disney
2007-11-26 23:21 . 2004-08-04 00:08 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbohci.sys
2007-11-26 23:21 . 2004-08-04 00:08 17,024 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbohci.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 22:59 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-25 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 05:45 --------- d-----w C:\Program Files\Steam
2007-12-24 07:11 --------- d-----w C:\Program Files\MSN Messenger
2007-12-24 07:10 --------- d-----w C:\Program Files\Picasa2
2007-12-24 07:10 --------- d-----w C:\Program Files\MediaMonkey
2007-12-24 07:10 --------- d-----w C:\Program Files\Common Files\Mobipocket Shared
2007-12-24 07:09 --------- d-----w C:\Program Files\Google
2007-12-24 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-24 00:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 00:06 103,736 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrB.exe
2007-12-22 22:32 --------- d-----w C:\Documents and Settings\Angela Zang\Application Data\MSN6
2007-12-21 06:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-21 06:01 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-21 06:00 --------- d-----w C:\Program Files\Quicken
2007-12-21 05:58 --------- d-----w C:\Program Files\TurboTax
2007-12-18 05:10 --------- d-----w C:\Program Files\Sony
2007-12-07 06:52 107,888 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2007-12-05 03:54 364,544 ----a-w C:\WINDOWS\SYSTEM32\WDBtnMgr.exe
2007-11-26 16:38 --------- d-----w C:\Documents and Settings\Angela Zang\Application Data\VersionTracker Pro
2007-11-25 01:00 66,872 ----a-w C:\WINDOWS\SYSTEM32\PnkBstrA.exe
2007-11-22 01:28 --------- d-----w C:\Program Files\McAfee
2007-11-14 15:16 --------- d-----w C:\Program Files\Common Files\aol
2007-11-14 15:16 --------- d-----w C:\Program Files\AIM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 07:00 --------- d-----w C:\Program Files\AIM6
2007-11-13 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-13 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-13 06:33 --------- d-----w C:\Program Files\Trillian
2007-11-13 06:25 --------- d-----w C:\Program Files\AskPBar
2007-11-09 20:51 1,721,712 ------w C:\WINDOWS\SYSTEM32\InetClnt.dll
2007-11-04 01:54 --------- d-----w C:\Program Files\Common Files\McAfee
2007-11-03 22:40 --------- d-----w C:\Program Files\Electronic Arts
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-28 00:40 222,720 ------w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-28 00:40 222,720 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-27 23:00 --------- d-----w C:\Program Files\id Software
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-10-05 00:14 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvwddi.dll
2007-10-05 00:14 81,920 ----a-w C:\WINDOWS\SYSTEM32\nvmctray.dll
2007-10-05 00:14 8,491,008 ----a-w C:\WINDOWS\SYSTEM32\nvcpl.dll
2007-10-05 00:14 753,664 ----a-w C:\WINDOWS\SYSTEM32\nvcplui.exe
2007-10-05 00:14 6,854,464 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\nv4_mini.sys
2007-10-05 00:14 6,750,208 ----a-w C:\WINDOWS\SYSTEM32\nvoglnt.dll
2007-10-05 00:14 6,344,704 ----a-w C:\WINDOWS\SYSTEM32\nvdisps.dll
2007-10-05 00:14 5,783,424 ----a-w C:\WINDOWS\SYSTEM32\nv4_disp.dll
2007-10-05 00:14 466,944 ----a-w C:\WINDOWS\SYSTEM32\nvshell.dll
2007-10-05 00:14 45,056 ----a-w C:\WINDOWS\SYSTEM32\nvmccsrs.dll
2007-10-05 00:14 442,368 ----a-w C:\WINDOWS\SYSTEM32\nvappbar.exe
2007-10-05 00:14 425,984 ----a-w C:\WINDOWS\SYSTEM32\keystone.exe
2007-10-05 00:14 364,544 ----a-w C:\WINDOWS\SYSTEM32\nvapi.dll
2007-10-05 00:14 36,864 ----a-w C:\WINDOWS\SYSTEM32\nvcodins.dll
2007-10-05 00:14 36,864 ----a-w C:\WINDOWS\SYSTEM32\nvcod.dll
2007-10-05 00:14 307,200 ----a-w C:\WINDOWS\SYSTEM32\nvexpbar.dll
2007-10-05 00:14 3,551,232 ----a-w C:\WINDOWS\SYSTEM32\nvvitvs.dll
2007-10-05 00:14 3,334,144 ----a-w C:\WINDOWS\SYSTEM32\nvgames.dll
2007-10-05 00:14 286,720 ----a-w C:\WINDOWS\SYSTEM32\nvnt4cpl.dll
2007-10-05 00:14 229,376 ----a-w C:\WINDOWS\SYSTEM32\nvmccs.dll
2007-10-05 00:14 2,371,584 ----a-w C:\WINDOWS\SYSTEM32\nvwss.dll
2007-10-05 00:14 188,416 ----a-w C:\WINDOWS\SYSTEM32\nvmccss.dll
2007-10-05 00:14 155,716 ----a-w C:\WINDOWS\SYSTEM32\nvsvc32.exe
2007-10-05 00:14 147,456 ----a-w C:\WINDOWS\SYSTEM32\nvcolor.exe
2007-10-05 00:14 1,703,936 ----a-w C:\WINDOWS\SYSTEM32\nvwdmcpl.dll
2007-10-05 00:14 1,626,112 ----a-w C:\WINDOWS\SYSTEM32\nwiz.exe
2007-10-05 00:14 1,478,656 ----a-w C:\WINDOWS\SYSTEM32\nview.dll
2007-10-05 00:14 1,339,392 ----a-w C:\WINDOWS\SYSTEM32\nvdspsch.exe
2007-10-05 00:14 1,150,976 ----a-w C:\WINDOWS\SYSTEM32\nvmobls.dll
2007-10-05 00:14 1,019,904 ----a-w C:\WINDOWS\SYSTEM32\nvwimg.dll
2007-09-27 03:57 183,361 ----a-w C:\WINDOWS\SYSTEM32\atasnt40.dll
2003-05-20 19:37 812 -c----w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58F07DD3-924D-4141-BC74-299F523A95F1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"LDM"="\Program\" []
"Mobipocket Web Companion"="C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe" [2005-01-05 11:13]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 15:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThrustTSR"="C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe" [2003-04-10 10:44]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 11:08]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-01 08:14]
"WD Button Manager"="WDBtnMgr.exe" [2007-12-04 20:54 C:\WINDOWS\SYSTEM32\WDBtnMgr.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\SYSTEM32\nwiz.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 15:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 21:33]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\SYSTEM32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-18 12:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{35B2861B-2B26-4691-9FF0-09083722C736}"= C:\WINDOWS\system32\RadExe.dll [2004-12-22 23:26 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Angela Zang^Start Menu^Programs^StartUp^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Angela Zang\Start Menu\Programs\StartUp\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ]
C:\WINDOWS\System32\Mkwwa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
2003-12-31 19:12 417792 -----c--- C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Documents and Settings\Angela Zang\Application Data\ttuh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alchem]
C:\WINDOWS\alchem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 00:56 15360 --------- C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dsi]
C:\WINDOWS\System32\dp-him.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-14 16:22 28672 -r------- C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMC]
C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jvmiwqv]
C:\WINDOWS\System32\gzvskcu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtcyCfgApply]
C:\Documents and Settings\Peter Zang\My Documents\My Downloads\LtcyCfg2-
[guru3d]\LtcyCfg.exe /a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDrv]
C:\WINDOWS\System32\NDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2004-03-30 00:56 155648 --------- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razertra]
2003-03-24 09:03 208896 --------- C:\Program Files\Razer\razertra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-15 12:36 319488 --------- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2004-08-19 22:34 868352 --------- C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 18:44 65536 --------- C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s]
c:\documents and settings\angela zang\local settings\temp\s.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2007-02-05 10:11 476728 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB_setup]
C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\tb_setup.exe /dcheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common files\WinTools\WToolsA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinToolsSvc"=2 (0x2)

R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-08-19 22:34]
R2 ATNT40K;ActiveTouch NT Appsharing Driver;C:\WINDOWS\system32\DRIVERS\ATNT40K.SYS [2006-02-16 13:41]
R3 AtlsAud;Dell Movie Studio Audio Device;C:\WINDOWS\system32\drivers\AtlsAud.sys [2002-12-03 09:48]
R3 EMATCORE;Dell Movie Studio Video Device;C:\WINDOWS\system32\Drivers\AtlsVid.sys [2002-12-04 16:08]
R3 TMBUS;Thrustmapper Device Enumerator;C:\WINDOWS\system32\drivers\TMBUS.sys [2001-12-17 17:56]
R3 TMHIDSRV;TMHIDSRV;C:\WINDOWS\system32\DRIVERS\TMHIDF.sys [2003-03-25 15:28]
R3 TMKEmu;Thrustmapper virtual Keyboard device driver;C:\WINDOWS\system32\drivers\TMKEmu.sys [2001-05-18 13:55]
R3 TMMEmu;Thrustmapper virtual Mouse device driver;C:\WINDOWS\system32\drivers\TMMEmu.sys [2001-05-18 13:52]
R3 WD_FireWire_HID;WD FireWire Pseudo-HID driver;C:\WINDOWS\system32\DRIVERS\wdfwhid.sys [2006-03-22 11:37]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2003-03-25 08:37]
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2003-03-25 08:37]
S2 trackcam4;TrackerCam Video Capture Driver 4.0;C:\WINDOWS\system32\DRIVERS\trackca4.sys [2005-08-29 16:43]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 cportclm;cportclm;C:\DOCUME~1\PETERZ~1\LOCALS~1\Temp\cportclm.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-03 23:08]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 13:02]
S3 LwUsbHid;Logitech WingMan Formula Force USB;C:\WINDOWS\system32\DRIVERS\LwUsbHid.sys [2001-08-17 11:49]
S3 Pcatip;Pcatip;C:\WINDOWS\system32\DRIVERS\Pcatip.sys [2006-03-24 00:46]
S3 RadProbe;Radeon Probe Driver;C:\WINDOWS\system32\DRIVERS\RadProbe.sys [2004-12-07 03:03]
S3 razerusb;razerusb;C:\WINDOWS\system32\DRIVERS\razerusb.sys [2003-03-24 09:12]
S3 RioS30;RioS30S driver;C:\WINDOWS\system32\Drivers\RioS30.sys [2002-07-31 10:12]
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2003-03-25 08:37]
S3 WmUsbHid;Logitech WingMan Force (USB) driver ;C:\WINDOWS\system32\drivers\WmUsbHid.sys [2003-03-25 08:37]
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2003-03-25 08:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19d14530-7ca4-11db-9156-0007e97c9134}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 03:00:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (HAL-Peter Zang).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-12-15 08:45:24 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-12-01 08:01:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2007-12-05 13:20:45 C:\WINDOWS\Tasks\SyncBack Documents.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2007-12-24 10:03:21 C:\WINDOWS\Tasks\SyncBack Music backup.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2007-12-18 10:00:08 C:\WINDOWS\Tasks\SyncBack Pictures.job"
- C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
"2007-12-25 01:00:00 C:\WINDOWS\Tasks\{3D987BE0-E35F-420C-95DE-18C99E4AF63F}_HAL_Peter Zang.job"
- C:\WINDOWS\system32\MOBSYNC.EXEC /Schedule=
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 16:16:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 16:18:27
.
2007-12-12 10:07:31 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:32 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.your-search.info/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm776
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -
O16 - DPF: {1663B0BC-2CCE-4227-99BB-6E8B34FAC9E4} (COPPDetector Control) - https://www.bittorrent.com/activex/COPPDetector.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://mytch.thechildrenshospital.o...a32/wficat.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca...C_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -