Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - SahDu

Pages: [1] 2 3 4

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

« on: March 02, 2008, 02:04:11 AM »

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Bonjour
Broadcom Gigabit Integrated Controller
CopyTrans Suite Remove Only
Counter-Strike
DeadAIM
Dell Resource CD
Dell Touchpad
Dell Touchpad
Digital Line Detect
HijackThis 2.0.2
I8kfanGUI V3.1
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
iTunes
Kaspersky Online Scanner
Laptop Integrated Webcam Driver (1.04.01.1011)
Malwarebytes' Anti-Malware
mCorev32.ism_new
mCPlug
mDriver
mHelp
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mWMI
Notepad++
NVIDIA Drivers
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SigmaTel Audio
Skypeâ„¢ 3.6
Steam
Turn Off Monitor v1.0
Viewpoint Media Player
WD Diagnostics
WinRAR
WinSCP 4.0.6

Hope that looks ok! Let me know. Thanks so much!

Jeff

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

« on: March 02, 2008, 01:19:02 AM »

Things seem to be better now. Haven't gotten a popup in a while and explorer.exe isn't closing. I'm very grateful for that. That entry is for a program I use to turn off the monitor on my laptop at night, so it should be okay. Here are the two logs that you asked for. Thanks so much for all your help!

Jeff

---------------------------------------------------------

C:\Users\Jeff\Documents\Downloads\Avast Profesional + Serials (2008)\setupengpro.exe moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\bdwlcqtn.dll
C:\Windows\System32\bdwlcqtn.dll NOT unregistered.
C:\Windows\System32\bdwlcqtn.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\fbnmhxnd.dll
C:\Windows\System32\fbnmhxnd.dll NOT unregistered.
C:\Windows\System32\fbnmhxnd.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\gsrvshnr.dll
C:\Windows\System32\gsrvshnr.dll NOT unregistered.
C:\Windows\System32\gsrvshnr.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\jldbvreb.dll
C:\Windows\System32\jldbvreb.dll NOT unregistered.
C:\Windows\System32\jldbvreb.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\kxdyhvgc.dll
C:\Windows\System32\kxdyhvgc.dll NOT unregistered.
C:\Windows\System32\kxdyhvgc.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\mdpjwsgo.dll
C:\Windows\System32\mdpjwsgo.dll NOT unregistered.
C:\Windows\System32\mdpjwsgo.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\nwnjlyfx.dll
C:\Windows\System32\nwnjlyfx.dll NOT unregistered.
C:\Windows\System32\nwnjlyfx.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\sldmkanx.dll
C:\Windows\System32\sldmkanx.dll NOT unregistered.
C:\Windows\System32\sldmkanx.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\srycmiui.dll
C:\Windows\System32\srycmiui.dll NOT unregistered.
C:\Windows\System32\srycmiui.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\xewpidea.dll
C:\Windows\System32\xewpidea.dll NOT unregistered.
C:\Windows\System32\xewpidea.dll moved successfully.
DllUnregisterServer procedure not found in C:\Windows\System32\xswcywxb.dll
C:\Windows\System32\xswcywxb.dll NOT unregistered.
C:\Windows\System32\xswcywxb.dll moved successfully.

OTMoveIt2 v1.0.20 log created on 03022008_002741

-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:22 AM, on 3/2/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wsqmcons.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7470 bytes

-------------------------------------------------------

Thanks again!

Jeff

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

« on: March 01, 2008, 02:58:24 PM »

Here are the two logs. Thanks!

Jeff

------------------------------------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 01, 2008 2:08:55 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/03/2008
Kaspersky Anti-Virus database records: 591405
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   C:\
   D:\
   E:\

Scan Statistics:
   Total number of scanned objects: 133334
   Number of viruses found: 3
   Number of infected objects: 102
   Number of suspicious objects: 0
   Duration of the scan process: 00:49:54

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD   Object is locked   skipped
C:\Boot\BCD.LOG   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int   Object is locked   skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log   Object is locked   skipped
C:\Program Files\Steam\logs\connection_log.txt   Object is locked   skipped
C:\Program Files\Steam\Steam.log   Object is locked   skipped
C:\Program Files\Steam\steamapps\winui.gcf   Object is locked   skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080229-012026-214.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat   Object is locked   skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.Crwl   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy28.gthr   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfE945.tmp   Object is locked   skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfE946.tmp   Object is locked   skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\a537119c47192bc08952189ae8782f08[1].zip/b152.exe   Infected: Trojan-Dropper.Win32.Agent.eso   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\a537119c47192bc08952189ae8782f08[1].zip   ZIP: infected - 1   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\cmp638[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\ptch[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C60J81L2\ptch[2]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO12TB65\hctp[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO12TB65\tr[1]   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat{45038623-e4dd-11dc-b452-0013e8484005}.TM.blf   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat{45038623-e4dd-11dc-b452-0013e8484005}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows\UsrClass.dat{45038623-e4dd-11dc-b452-0013e8484005}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Microsoft\Windows Sidebar\Settings.ini   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_001_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_002_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_003_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Mozilla\Firefox\Profiles\vpqcdtlv.default\Cache\_CACHE_MAP_   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Temp\aanymcwd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\aipqjmwr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\axwiltyi.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\bpomkovx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\bpxdhkam.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\clvdrfgy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\cwsmjmee.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dadrgdtl.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dauepkff.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dgrrxcjs.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dmwtudrg.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\dxswrbvq.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eegnbkow.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ejpaeinh.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eonhfuxn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eoxjocwp.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\eukulgex.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\fmkxojjd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\frntpmpk.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\fscjhuyl.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\fxboplll.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\FXSAPIDebugLogFile.txt   Object is locked   skipped
C:\Users\Jeff\AppData\Local\Temp\gghwbrgo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\goybmujd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\gqmsjjgb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ieddyaod.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ithfhihn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\javaaeiy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\jnhugogl.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\jpacsodu.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kbtcwyny.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kdrcxoxn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\klkjtpvf.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kprfbmuc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\kxsivcvo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\lbvnpicp.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\lelwaqei.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\leunuwuk.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\llrbexve.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\llwktply.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\lqtneyos.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\meehkugw.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\miwuqiun.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\mkycmayg.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\mnxdlikn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\nepxbwtn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\nfxdslxy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\nnhdguhm.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\obnletnd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ogbfiifj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\oknacpus.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\pehdqphr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\rcqyqcjo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\rpwddcgs.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\sauqidlq.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\sicouepx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\snraaabh.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\stcuejhx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\tgiwmfvj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ubljdtmr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ucmkjuuw.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ulomgtmc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\uminqvyp.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\utxfmsmn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\uxvsbtbc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\vkgjpbvi.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\vtuytmmj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\wsklvkht.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xacracmy.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xaorxjdn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xatdwtby.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xkppdmka.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\xwryxgbu.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ybjgsqlt.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ydolfhar.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yjfxpyrs.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\ylgoiwub.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yscmftmx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yutejsgv.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yxxnbepg.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Local\Temp\yyrotvlb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\index.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\cert8.db   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\history.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\key3.db   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\parent.lock   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\search.sqlite   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\vpqcdtlv.default\urlclassifier2.sqlite   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\call256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\callmember256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chat512.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chatmember256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chatmsg256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\chatmsg512.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\contactgroup256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\dyncontent\bundle.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\index2.dat   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\profile256.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\user1024.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\user16384.dbb   Object is locked   skipped
C:\Users\Jeff\AppData\Roaming\Skype\jdennhardt\user256.dbb   Object is locked   skipped
C:\Users\Jeff\Documents\Downloads\Avast Profesional + Serials (2008)\setupengpro.exe   Infected: Trojan.Win32.Buzus.pf   skipped
C:\Users\Jeff\NTUSER.DAT   Object is locked   skipped
C:\Users\Jeff\ntuser.dat.LOG1   Object is locked   skipped
C:\Users\Jeff\ntuser.dat.LOG2   Object is locked   skipped
C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf   Object is locked   skipped
C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Users\Jeff\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\bthservsdp.dat   Object is locked   skipped
C:\Windows\CSC\v2.0.6\pq   Object is locked   skipped
C:\Windows\Debug\PASSWD.LOG   Object is locked   skipped
C:\Windows\Debug\sam.log   Object is locked   skipped
C:\Windows\Debug\WIA\wiatrace.log   Object is locked   skipped
C:\Windows\Logs\CBS\CBS.log   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{3e2d2087-e4e0-11dc-aab6-00197edc3b20}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{3e2d2087-e4e0-11dc-aab6-00197edc3b20}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat{3e2d2087-e4e0-11dc-aab6-00197edc3b20}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-24-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun.log   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0   Object is locked   skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0   Object is locked   skipped
C:\Windows\System32\bdwlcqtn.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\catroot2\edb.log   Object is locked   skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb   Object is locked   skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS.LOG1   Object is locked   skipped
C:\Windows\System32\config\COMPONENTS.LOG2   Object is locked   skipped
C:\Windows\System32\config\DEFAULT   Object is locked   skipped
C:\Windows\System32\config\DEFAULT.LOG1   Object is locked   skipped
C:\Windows\System32\config\DEFAULT.LOG2   Object is locked   skipped
C:\Windows\System32\config\RegBack\COMPONENTS   Object is locked   skipped
C:\Windows\System32\config\RegBack\DEFAULT   Object is locked   skipped
C:\Windows\System32\config\RegBack\SAM   Object is locked   skipped
C:\Windows\System32\config\RegBack\SECURITY   Object is locked   skipped
C:\Windows\System32\config\RegBack\SOFTWARE   Object is locked   skipped
C:\Windows\System32\config\RegBack\SYSTEM   Object is locked   skipped
C:\Windows\System32\config\SAM   Object is locked   skipped
C:\Windows\System32\config\SAM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SAM.LOG2   Object is locked   skipped
C:\Windows\System32\config\SECURITY   Object is locked   skipped
C:\Windows\System32\config\SECURITY.LOG1   Object is locked   skipped
C:\Windows\System32\config\SECURITY.LOG2   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG1   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG2   Object is locked   skipped
C:\Windows\System32\config\SYSTEM   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG2   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms   Object is locked   skipped
C:\Windows\System32\fbnmhxnd.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\gsrvshnr.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\jldbvreb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\kxdyhvgc.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM   Object is locked   skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\Windows\System32\mdpjwsgo.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002   Object is locked   skipped
C:\Windows\System32\nwnjlyfx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\sldmkanx.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\spool\SpoolerETW.etl   Object is locked   skipped
C:\Windows\System32\srycmiui.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\wbem\Logs\WMITracing.log   Object is locked   skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR   Object is locked   skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP   Object is locked   skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP   Object is locked   skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA   Object is locked   skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003   Object is locked   skipped
C:\Windows\System32\wfp\wfpdiag.etl   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Application.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Security.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\System.evtx   Object is locked   skipped
C:\Windows\System32\xewpidea.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\System32\xswcywxb.dll   Infected: not-a-virus:AdWare.Win32.Virtumonde.gen   skipped
C:\Windows\Tasks\SCHEDLGU.TXT   Object is locked   skipped
C:\Windows\WindowsUpdate.log   Object is locked   skipped

Scan process completed.

--------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:41 PM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {1e99cab9-d62b-b188-1f44-dc905bdc0a7d} - {d7a0cdb5-09cd-44f1-881b-b26d9bac99e1} - C:\Windows\system32\jldbvreb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7103 bytes

----------------------------------------------------

Thanks again!

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

« on: February 29, 2008, 03:47:11 PM »

I had already completed the steps listed before seeing your last post. Sorry about that. Below are the two logs. Hopefully it didn't interfere too much. Thanks for all the help!

Jeff

-----------------------------------------------------------------

Malwarebytes' Anti-Malware 1.05
Database version: 427

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 172631
Time elapsed: 1 hour(s), 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\xxyxv.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41f544ff-e7e9-4f43-9aa6-e316d06eb787} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{41f544ff-e7e9-4f43-9aa6-e316d06eb787} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb2bbb3d-8470-4c4b-8316-815672908d52} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{eb2bbb3d-8470-4c4b-8316-815672908d52} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{45c2a50f-8f4a-496e-af02-d0207525bf5a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\javacore (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45c2a50f-8f4a-496e-af02-d0207525bf5a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxyxv.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\gumhqksp.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pcijvhxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yxhvjicp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\pmytqcls.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\slcqtymp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tdcnnrea.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aernncdt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xxyxv.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\vxyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vxyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\yhuzoxui.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\wvwtr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\NoDNS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp00009a3b (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000ac45 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000ad3f (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000be6e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000bf96 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp0000c2e1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp000108e5 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp00017406 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp00047dd6 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Jeff\AppData\Local\Temp\tmp003e7031 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\b152.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\b154.exe (Trojan.Matcash) -> Quarantined and deleted successfully.
C:\Windows\System32\rqolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\UnInstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:12 PM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: {1e99cab9-d62b-b188-1f44-dc905bdc0a7d} - {d7a0cdb5-09cd-44f1-881b-b26d9bac99e1} - C:\Windows\system32\jldbvreb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f8212089] rundll32.exe "C:\Windows\system32\srycmiui.dll",b
O4 - HKLM\..\Run: [BMfb121315] Rundll32.exe "C:\Windows\system32\bdwlcqtn.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7094 bytes
------------------------------------------

Thanks again!

Jeff

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

« on: February 29, 2008, 09:04:21 AM »

Hey again. So, apparently I came down with some spyware. My computer is almost impossible to work with, as explorer.exe will randomly close and can only be opened through the Task Manager. Similarly, I will get pop ups all over the place and Firefox will randomly decide to quit. Any and all help is greatly appreciated. As you know, I'm always thankful for help here, so this is no exception. Thanks again!

Jeff

----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:24 AM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Turn Off Monitor\TurnOffMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {23A4F050-D258-4EF9-9671-7DA8B9ED18DE} - C:\Windows\system32\xxyxv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqolm.dll,#1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyxv.dll,c
O4 - HKCU\..\Run: [f8212089] rundll32.exe "C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll",run
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [Turn Off Monitor] C:\Program Files\Turn Off Monitor\TurnOffMon.exe :silent (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyxv.dll,c (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [f8212089] rundll32.exe "C:\Users\Jeff\AppData\Local\Temp\wfycfhbj.dll",b (User '?')
O4 - HKUS\S-1-5-21-2547518172-327071229-58795032-1000\..\Run: [MS Juan] rundll32 "C:\Users\Jeff\AppData\Local\Temp\dxdpkmni.dll",run (User '?')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8174 bytes

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 14, 2007, 01:56:22 PM »

I hadn't, though, now I will. Thanks for the suggestion!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 13, 2007, 09:47:42 PM »

Completely Remove iTunes and QuickTime (Click for more)
Empty your Temp directory and restart (Click for more)
Clean up iTunes installer files on the computer (Click for more)
Download QuickTime Standalone Installer (Click for more)
Disable other conflicting software (Click to show)
Make sure your folder names don't contain strange characters (Click for more)

Attempted all of the above. No change. I found many people with this problem and no one seems to be able to come up with a fix for it. Too bad. Think there is anything to do or should I just wait until Apple fixes it? Thanks so much!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 13, 2007, 02:03:10 PM »

I think better...I haven't had the issues with shutting down and such, although I think Apple messed up their latest iTunes update. I've seen many people with my same problem (Windows installer opens every time I start iTunes for some reason?) I think I narrowed down the problem with my computer not starting though (i.e. it would freeze just after the BIOS screen with a black screen and a flashing white cursor.) The stalling only occurs with my iPod cord is plugged into the USB. As soon as I remove it, the computer starts up no problem. Any idea why this is happening? It's not a big deal, just somewhat of an annoyance. I'll let you know if anything goes haywire in the next 24 hours. I really do appreciate all the help. Did you get my PM? Thanks!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 13, 2007, 04:01:43 AM »

Seems as though Vundo didn't find anything. Here is the log:

VundoFix V6.7.0

Checking Java version...

Scan started at 3:09:33 PM 12/11/2007

Listing files found while scanning....

C:\Windows\system32\bhteulei.dll
C:\windows\System32\bhteulei.dllbox

Beginning removal...

VundoFix V6.7.0

Checking Java version...

Scan started at 2:27:43 AM 12/13/2007

Listing files found while scanning....

No infected files were found.

--------------------------------------------------------------

Deckard is below. Thanks so much!

Jeff

---------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by Jeff on 2007-12-13 02:59:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jeff.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:58 AM, on 12/13/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Softany\Monitor Control\MonitorControl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jeff\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Softany\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1E0EFA42-EE78-4285-93D3-99DFC4B53717} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 21711 bytes

-- Files created between 2007-11-13 and 2007-12-13 -----------------------------

2007-12-12 13:49:32 0 d-------- C:\Program Files\iPod
2007-12-11 20:23:01 0 d-------- C:\Program Files\Common Files\Logishrd
2007-12-11 19:39:58 0 d-------- C:\Program Files\QuickTime
2007-12-11 19:27:38 0 -rahs---- C:\MSDOS.SYS
2007-12-11 19:27:38 0 -rahs---- C:\IO.SYS
2007-12-11 16:07:27 0 d-------- C:\Users\Jeff\DoctorWeb
2007-12-11 15:39:55 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2007-12-11 15:09:33 0 d-------- C:\VundoFix Backups
2007-12-09 19:55:01 0 d-------- C:\My Web Sites
2007-12-09 16:39:55 0 d-------- C:\Program Files\HighCriteria
2007-12-09 16:03:20 0 d-------- C:\Program Files\Mp3 My Mp3 2.0
2007-12-04 16:00:05 0 dr------- C:\Users\Public\Application Data
2007-12-04 16:00:05 0 dr------- C:\Users\Public\Application Data\SalesMonitor
2007-11-29 02:52:36 0 d-------- C:\Program Files\Alwil Software
2007-11-26 21:15:36 0 d-------- C:\Program Files\Bonjour
2007-11-26 21:08:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-26 19:51:18 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-11-26 17:00:19 3840 --a------ C:\Windows\system32\drivers\BANTExt.sys
2007-11-26 17:00:19 0 d-------- C:\Program Files\Belarc
2007-11-26 03:10:44 0 d-------- C:\Program Files\Trend Micro
2007-11-23 16:02:36 0 d-------- C:\Program Files\BitLocker
2007-11-22 01:45:36 0 d-------- C:\Windows\pss
2007-11-21 20:53:58 393216 --a------ C:\Windows\system32\NI_IRC_1_1.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2007-11-21 20:53:58 393216 --a------ C:\Windows\system32\NI_IRC_1_0_3.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2007-11-21 20:53:58 61440 --a------ C:\Windows\system32\NI_DFD_1_4.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH DFD (Direct From Disc) extension>
2007-11-21 20:50:25 0 d-------- C:\Psfonts
2007-11-21 20:33:22 90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-11-21 20:33:21 0 d-------- C:\Documents and Settings
2007-11-20 03:15:59 0 d-------- C:\Program Files\EA GAMES

-- Find3M Report ---------------------------------------------------------------

2007-12-13 02:25:07 68212 --a------ C:\Users\Jeff\AppData\Roaming\nvModes.001
2007-12-13 01:57:42 17408 --a------ C:\Windows\system32\rpcnetp.exe
2007-12-13 01:57:40 41584 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-12-13 01:56:13 12 --a------ C:\Windows\bthservsdp.dat
2007-12-12 13:50:03 0 d-------- C:\Program Files\iTunes
2007-12-12 13:45:28 68212 --a------ C:\Users\Jeff\AppData\Roaming\nvModes.dat
2007-12-11 20:24:00 0 d-------- C:\Program Files\Common Files\Logitech
2007-12-11 20:23:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 20:23:01 0 d-------- C:\Program Files\Common Files
2007-12-11 19:30:57 17408 --a------ C:\Windows\system32\rpcnetp.dll
2007-12-09 17:11:41 0 d-------- C:\Users\Jeff\AppData\Roaming\uTorrent
2007-12-09 15:22:48 0 d-------- C:\Users\Jeff\AppData\Roaming\LimeWire
2007-12-06 00:43:23 0 d-------- C:\Users\Jeff\AppData\Roaming\U3
2007-12-04 15:54:25 0 d-------- C:\Users\Jeff\AppData\Roaming\Skype
2007-11-27 00:35:52 0 d-------- C:\Users\Jeff\AppData\Roaming\Creative
2007-11-26 21:16:44 0 d-------- C:\Users\Jeff\AppData\Roaming\Adobe
2007-11-26 21:15:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-26 19:50:59 0 d-------- C:\Program Files\MSECache
2007-11-26 03:09:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-26 02:51:45 0 d-------- C:\Program Files\MagicDisc
2007-11-21 20:58:39 0 d-------- C:\Program Files\Finale 2007
2007-11-21 20:55:04 0 d-------- C:\Program Files\Finale GPO 2.0
2007-11-21 20:49:07 0 d-------- C:\Program Files\SmartMusic 9
2007-11-21 19:55:52 0 d-------- C:\Program Files\Microsoft Works
2007-11-21 19:55:52 0 d-------- C:\Program Files\Common Files\Skype
2007-11-14 03:01:25 0 d-------- C:\Program Files\Windows Mail
2007-10-04 23:46:48 684 --a------ C:\Windows\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 03:48 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/08/2007 11:10 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [05/06/2007 04:10 PM]
"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [11/15/2007 10:12 AM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [05/09/2007 04:01 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/14/2007 03:25 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/14/2007 03:25 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [06/14/2007 03:25 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/14/2007 03:25 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 10:37 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 10:35 AM]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/24/2003 03:11 PM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 07:00 AM]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [09/21/2007 03:10 AM C:\Windows\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2003 09:31 AM]
"Softany Monitor Control"="C:\Program Files\Softany\Monitor Control\MonitorControl.exe" [02/13/2007 10:01 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 06:33 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/11/2007 02:51 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 4:55:50 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/11/2007 2:52:33 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [12/11/2007 8:23:47 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1917751b-397a-11dc-9a8c-00197edc3b20}]
AutoRun\command- G:\.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1917751e-397a-11dc-9a8c-00197edc3b20}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef04554-55c0-11dc-abcf-806e6f6e6963}]
AutoRun\command- F:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-12-13 03:00:28 ------------

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 10, 2007, 08:55:46 PM »

Seems as though a new problem has arisen. I just recently shut down my computer and when I started it back up, the computer appeared to start normally, however neither any of my desktop items nor my start bar ever appeared. I had to force start "Explorer.exe" using the Windows Task Manager>File>New Task (Run...). It seems very odd that explorer.exe wouldn't start. Any idea what might cause this? Hopefully it is a one time event. Thanks again!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 09, 2007, 07:43:03 PM »

Thanks so much for the help. Log is below. Obviously I'm willing to do anything necessary to clean my computer so just let me know if you have any suggestions. Thanks again!

Jeff

Deckard's System Scanner v20071014.68
Run by Jeff on 2007-12-09 18:35:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
6: 2007-12-09 23:19:43 UTC - RP156 - Windows Update
5: 2007-12-09 23:08:05 UTC - RP155 - Restore Operation
4: 2007-12-09 00:00:58 UTC - RP154 - Scheduled Checkpoint
3: 2007-12-08 00:32:02 UTC - RP153 - Scheduled Checkpoint
2: 2007-12-07 07:57:53 UTC - RP152 - Windows Update

-- First Restore Point --
1: 2007-12-06 07:56:54 UTC - RP151 - Windows Update

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jeff.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:21 PM, on 12/9/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Softany\Monitor Control\MonitorControl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Windows\explorer.exe
C:\Users\Jeff\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {1a8d61ba-f031-c858-e794-4d33f105f9a1} - {1a9f501f-33d4-497e-858c-130fab16d8a1} - C:\Windows\system32\tfkmikrq.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2714F6D0-FA96-49E5-BC3B-77D982C5E6A1} - C:\Windows\system32\rqono.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\Windows\system32\opnkkij.dll
O2 - BHO: (no name) - {9BC21BC9-A304-4185-9F5B-591DA450BAE1} - C:\Windows\system32\rqono.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [880f1fcf] rundll32.exe "C:\Windows\system32\pjglynlh.dll",b
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Softany\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnkkij - C:\Windows\SYSTEM32\opnkkij.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\Windows\system32\auvkvsqd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 22070 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 DomainService - c:\windows\system32\auvkvsqd.exe /service <Not Verified; ; DDC>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ROOT\SCSIADAPTER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\SCSIADAPTER\0000
Service:

-- Scheduled Tasks -------------------------------------------------------------

2007-12-09 18:35:23 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{A16D029F-A612-4F47-B411-C582236F1C7D}.job

-- Files created between 2007-11-09 and 2007-12-09 -----------------------------

2007-12-09 18:39:18 80448 --a------ C:\Windows\system32\tfkmikrq.dll
2007-12-09 18:36:37 74304 --a------ C:\Windows\system32\auvkvsqd.exe <Not Verified; ; DDC>
2007-12-09 16:39:55 0 d-------- C:\Program Files\HighCriteria
2007-12-09 16:03:20 0 d-------- C:\Program Files\Mp3 My Mp3 2.0
2007-12-04 16:02:50 85568 --a------ C:\Windows\system32\pjglynlh.dll
2007-12-04 16:00:05 0 dr------- C:\Users\Public\Application Data
2007-12-04 16:00:05 0 dr------- C:\Users\Public\Application Data\SalesMonitor
2007-12-04 15:59:51 79424 --a------ C:\Windows\system32\jqjsvuyx.dll
2007-12-04 15:57:07 145984 --a------ C:\Windows\system32\htyuhwcw.dll
2007-12-03 18:00:15 321120 -----n--- C:\Windows\system32\wvwvw.dll
2007-11-29 03:01:04 440566 --ahs---- C:\Windows\system32\onoqr.ini2
2007-11-29 03:00:58 333408 --a------ C:\Windows\system32\rqono.dll
2007-11-29 02:56:19 37376 --a------ C:\Windows\system32\rqronno.dll
2007-11-29 02:55:52 37376 --a------ C:\Windows\system32\opnkkij.dll
2007-11-29 02:52:36 0 d-------- C:\Program Files\Alwil Software
2007-11-26 21:15:36 0 d-------- C:\Program Files\Bonjour
2007-11-26 21:08:08 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-26 19:51:18 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-11-26 17:00:19 3840 --a------ C:\Windows\system32\drivers\BANTExt.sys
2007-11-26 17:00:19 0 d-------- C:\Program Files\Belarc
2007-11-26 03:10:44 0 d-------- C:\Program Files\Trend Micro
2007-11-23 16:02:36 0 d-------- C:\Program Files\BitLocker
2007-11-22 01:45:36 0 d-------- C:\Windows\pss
2007-11-21 20:53:58 393216 --a------ C:\Windows\system32\NI_IRC_1_1.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2007-11-21 20:53:58 393216 --a------ C:\Windows\system32\NI_IRC_1_0_3.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH IRC (IR Convolution) extension>
2007-11-21 20:53:58 61440 --a------ C:\Windows\system32\NI_DFD_1_4.dll <Not Verified; Native Instruments Software GmbH; Native Instruments Software GmbH DFD (Direct From Disc) extension>
2007-11-21 20:50:25 0 d-------- C:\Psfonts
2007-11-21 20:33:22 90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2007-11-21 20:33:21 0 d-------- C:\Documents and Settings
2007-11-20 03:15:59 0 d-------- C:\Program Files\EA GAMES

-- Find3M Report ---------------------------------------------------------------

2007-12-09 18:34:59 68212 --a------ C:\Users\Jeff\AppData\Roaming\nvModes.001
2007-12-09 17:13:41 17408 --a------ C:\Windows\system32\rpcnetp.exe
2007-12-09 17:13:33 17408 --a------ C:\Windows\system32\rpcnetp.dll
2007-12-09 17:13:33 41584 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2007-12-09 17:11:41 0 d-------- C:\Users\Jeff\AppData\Roaming\uTorrent
2007-12-09 16:20:55 0 d-------- C:\Program Files\Common Files
2007-12-09 15:22:48 0 d-------- C:\Users\Jeff\AppData\Roaming\LimeWire
2007-12-08 16:40:20 68212 --a------ C:\Users\Jeff\AppData\Roaming\nvModes.dat
2007-12-06 00:43:23 0 d-------- C:\Users\Jeff\AppData\Roaming\U3
2007-12-04 16:12:31 12 --a------ C:\Windows\bthservsdp.dat
2007-12-04 16:00:25 0 d-------- C:\Users\Jeff\AppData\Roaming\BestsellerAntivirus
2007-12-04 15:54:25 0 d-------- C:\Users\Jeff\AppData\Roaming\Skype
2007-11-27 00:35:52 0 d-------- C:\Users\Jeff\AppData\Roaming\Creative
2007-11-26 21:16:44 0 d-------- C:\Users\Jeff\AppData\Roaming\Adobe
2007-11-26 21:15:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-26 19:50:59 0 d-------- C:\Program Files\MSECache
2007-11-26 03:09:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-26 02:51:45 0 d-------- C:\Program Files\MagicDisc
2007-11-21 20:58:39 0 d-------- C:\Program Files\Finale 2007
2007-11-21 20:55:04 0 d-------- C:\Program Files\Finale GPO 2.0
2007-11-21 20:49:07 0 d-------- C:\Program Files\SmartMusic 9
2007-11-21 19:55:52 0 d-------- C:\Program Files\Microsoft Works
2007-11-21 19:55:52 0 d-------- C:\Program Files\Common Files\Skype
2007-11-20 03:16:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-14 03:01:25 0 d-------- C:\Program Files\Windows Mail
2007-11-06 09:40:14 0 d-------- C:\Program Files\iTunes
2007-11-06 09:40:08 0 d-------- C:\Program Files\iPod
2007-11-06 09:38:15 0 d-------- C:\Program Files\QuickTime
2007-10-04 23:46:48 684 --a------ C:\Windows\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a9f501f-33d4-497e-858c-130fab16d8a1}]
12/09/2007 06:39 PM   80448   --a------   C:\Windows\system32\tfkmikrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2714F6D0-FA96-49E5-BC3B-77D982C5E6A1}]
11/29/2007 03:01 AM   333408   --a------   C:\Windows\system32\rqono.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}]
11/29/2007 02:55 AM   37376   --a------   C:\Windows\system32\opnkkij.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BC21BC9-A304-4185-9F5B-591DA450BAE1}]
11/29/2007 03:01 AM   333408   --a------   C:\Windows\system32\rqono.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\Windows\system32\bhteulei.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 03:48 PM]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [11/27/2006 08:14 AM]
"UpdReg"="C:\Windows\UpdReg.EXE" [05/11/2000 12:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/08/2007 11:10 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [05/06/2007 04:10 PM]
"SetPoint"="C:\Program Files\Logitech\SetPoint\SetPoint.EXE" [03/31/2005 04:19 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [05/09/2007 04:01 PM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/14/2007 03:25 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/14/2007 03:25 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [06/14/2007 03:25 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/14/2007 03:25 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/02/2007 06:36 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/03/2006 10:37 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [10/03/2006 10:35 AM]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/24/2003 03:11 PM]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [04/17/2007 09:31 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 05:06 AM]
"880f1fcf"="C:\Windows\system32\pjglynlh.dll" [12/04/2007 04:02 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2003 09:31 AM]
"Softany Monitor Control"="C:\Program Files\Softany\Monitor Control\MonitorControl.exe" [02/13/2007 10:01 PM]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [11/02/2006 06:33 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07/24/2007 09:18 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 4:55:50 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [7/24/2007 9:18:12 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/24/2007 9:17:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8E3FBDE2-7DBD-4040-85D9-29BBC559C129}"= C:\Windows\system32\opnkkij.dll [11/29/2007 02:55 AM 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkij]
opnkkij.dll 11/29/2007 02:55 AM 37376 C:\Windows\System32\opnkkij.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\rqono.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1917751b-397a-11dc-9a8c-00197edc3b20}]
AutoRun\command- G:\.\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1917751e-397a-11dc-9a8c-00197edc3b20}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2007-12-09 18:41:32 ------------

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 08, 2007, 05:34:11 PM »

Hey guest. Hope everything is going alright with you. Seems as though I'm faced with some setbacks. Avast seems to be finding viruses all over the place and as of recently my computer seems to be running slowly, a problem I hadn't encountered before. Similarly, I am getting popups all the time. I'm running an Avast scan right now to try and remedy the problem and I wanted to post an updated Hijack log, however my computer wont let me produce a log from HijackThis. I will run a scan but as soon as I hit "Save Log" the program quits. I apologize for having so many issues and really do appreciate all your help. Thanks!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: December 04, 2007, 11:43:39 PM »

Any suggestions? How did my Hijack look? Thanks!!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 30, 2007, 10:20:40 PM »

Sorry, I was referring to my shutdown/startup problem mentioned in my third or so post:

Yeah, that probably would have been a good idea huh? Well, I've had some longstanding issues with this computer. It is a Dell Inspiron 1720 with 2 HDs and 4 GB RAM, running Vista Ultimate. Every once in a while, I will shutdown/restart the computer and it will fail to restart. I will get to the loading screen with the Dell logo, but then the computer screen will go black and I will see the white cursor (the underscore) and this will just flash indefinitely. The only way to remedy this problem is to restart the computer multiple times (sometimes up to 15 times) until it works. Similarly, sometimes my computer will freeze on shutdown. It will get to the shutdown screen and never turn itself off (I must use the power button to actually get it to turn off.) The last longstanding problem I've had is that sometimes when I will close the screen, I will reopen it, yet the screen will never turn on. I am able to push buttons on the keyboard and hear noises that Vista makes when it is running normally (as in, the ding sound when you press a button when you have a error window open and you must click OK before you can do anything else...sorry I'm not sure if that made sense.)

I'm on my way out, so I can't post a Hijack log now; however I'll do so later tonight. Thanks for the help!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 29, 2007, 03:49:07 AM »

I'm installing Avast as we speak. I'm still nervous about not being able to start/shutdown my comp. Anything I can do for that? I really do appreciate all the help!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 27, 2007, 12:03:13 AM »

Yeah...I didnt realize this was occurring until this last time it happened. May I ask for your suggestions on which of the AV/Firewalls to download? Should I stick with Windows? In addition, is there any reason that the MagicISO installation should have caused an issue? Does my Hijack log seem to look alright otherwise? Sorry for all the questions, I just know that you know what you're talking about

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Thanks so much for all your help!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 26, 2007, 04:13:44 AM »

Alright...This makes me nervous, but you have never lead me, nor anyone else astray before, so I'll go with it. I also need to make sure I get some sort of firewall on here too. Your help is much appreciated! Just so you know, I had the issue with the comp. not starting again earlier today. I was able to restore with no problem. It seems this always happens after I install the following program:

http://www.magiciso.com/tutorials/miso-mag...view.htm?=shext

Whether or not this is related I'm not sure. But I figured I'd mention it.

Here's my log. Thanks so much!

Jeff

-----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:27 AM, on 11/26/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Softany\Monitor Control\MonitorControl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WerCon.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Softany Monitor Control] C:\Program Files\Softany\Monitor Control\MonitorControl.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {51E73B4D-8256-4B11-AE62-D6CBFE739D2E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 20773 bytes

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 23, 2007, 07:52:47 PM »

Correct...came preinstalled on the system.

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 23, 2007, 05:17:02 PM »

Here is the error I get when trying to start Norton:

"Auto-Protect experienced an unexpected error.
0x000003E8

Click here to go to Symantec Technical Support Knowledge Base...

3035,6"

And then my virus protection won't turn on. When I attempt to, it takes me to LiveUpdate. Then, I update and try to turn it on again and it just takes be back to the LiveUpdate screen. I have restarted since updating and still no change. Suggestions? Thanks again!

Jeff

Tech Clinic / Hijack Log-- Having Comp. Issues

« on: November 23, 2007, 03:09:56 AM »

After re-enabling all the applications on startup, everything seemed to be working fine. I was able to restart without a problem. I assume this could be due to the fact that I had done a System Restore the last time? Are there other things I should be checking? And any suggestions about my screen not coming back on, my computer taking 15 or so restarts to work, or my computer not shutting down? Hahaha. Thanks so much for your help guestolo. It is much appreciated.

Jeff

Pages: [1] 2 3 4

TheTechGuide Forum

News:

Show Posts

Messages - SahDu

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

Tech Clinic / Explorere.exe closing, pop ups, etc. Hijack included

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues

Tech Clinic / Hijack Log-- Having Comp. Issues